Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome ( Log In | Register )
Easy as 1,2,3!

2 Pages V  < 1 2  
 Closed TopicStart new topic
> [Closed] Infected PC, Redirecting, Freezing, Popups
Wash09
post Nov 12 2009, 02:15 PM
Post #16


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Here is the CF report
ComboFix 09-11-13.02 - HP_Owner 11/12/2009 11:50.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.247 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\System Search Dispatcher\1.3.5.960\ssD.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV


((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\ESET
2009-11-10 01:37 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-06 20:04 . 2009-11-06 20:04 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 20:03 . 2009-11-06 20:03 -------- d-----w- c:\program files\SDM20
2009-11-06 19:32 . 2009-11-06 19:49 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2009-11-06 19:26 . 2009-11-06 22:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2009-11-06 19:04 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 19:01 . 2009-11-06 19:03 -------- d-----w- c:\program files\Google
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 20:05 . 2009-11-12 20:05 3651 ----a-w- c:\windows\viassary-hp.reg
2009-11-11 16:34 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 01:41 . 2009-06-20 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GetRightToGo
2009-11-06 20:26 . 2009-06-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 20:04 . 2009-06-11 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 19:44 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-11-06 19:11 . 2009-06-13 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 20:13 . 2009-08-15 20:13 593876 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 599351 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 416928 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_16.09.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-12 20:03 . 2009-11-12 20:03 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2009-11-10 01:37 . 2006-10-27 03:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-11-06 19:05 . 2009-11-06 19:05 20480 c:\windows\Installer\1b1553.msi
+ 2009-11-06 19:02 . 2009-11-06 19:02 24064 c:\windows\Installer\1b154d.msi
+ 2009-11-10 01:37 . 2009-11-11 16:33 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 04:24 . 2006-10-27 04:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2009-11-10 01:36 . 2009-11-10 01:36 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2009-11-10 01:36 . 2009-11-10 01:36 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2009-11-06 20:05 . 2009-11-06 20:04 149280 c:\windows\system32\javaws.exe
+ 2009-11-06 20:05 . 2009-11-06 20:04 145184 c:\windows\system32\javaw.exe
+ 2009-11-06 20:05 . 2009-11-06 20:04 145184 c:\windows\system32\java.exe
- 2004-08-11 18:05 . 2009-10-27 16:52 286904 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 18:05 . 2009-11-11 19:06 286904 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-06 20:04 . 2009-11-06 20:04 537600 c:\windows\Installer\53d9c6.msi
+ 2009-11-10 01:37 . 2009-11-11 16:33 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2006-10-27 04:32 . 2006-10-27 04:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2004-08-18 23:13 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-18 23:13 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2009-10-16 15:03 . 2009-10-16 15:03 5003776 c:\windows\Installer\45e64.msp
+ 2009-08-18 20:58 . 2009-08-18 20:58 8301056 c:\windows\Installer\45e14.msp
+ 2009-08-18 20:57 . 2009-08-18 20:57 9122304 c:\windows\Installer\45dc4.msp
+ 2008-05-21 08:45 . 2008-05-21 08:45 5246976 c:\windows\Installer\45db0.msp
+ 2009-11-10 01:37 . 2009-11-10 01:37 9613312 c:\windows\Installer\1d9dde0.msi
+ 2009-11-10 01:33 . 2009-11-10 01:33 1640960 c:\windows\Installer\1d9dd93.msi
+ 2009-11-06 19:12 . 2009-11-06 19:12 3940352 c:\windows\Installer\1b1559.msi
+ 2009-11-10 01:37 . 2009-11-11 16:33 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-27 23:03 . 2006-10-27 23:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 23:03 . 2006-10-27 23:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2009-11-10 01:36 . 2009-11-10 01:36 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2009-06-28 02:16 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe" [2009-08-04 602112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-12 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-11 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 12:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\WININET.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\ProductInfo.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HEWLET~1\HPORGA~1\bin\nda.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-12 12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 20:11
ComboFix2.txt 2009-11-06 18:19
ComboFix3.txt 2009-11-06 16:15

Pre-Run: 53,171,572,736 bytes free
Post-Run: 53,458,472,960 bytes free

- - End Of File - - A03FFBEE12A9B2BA21C19D19C70DADEC
Go to the top of the page
 
+Quote Post
Blade81
post Nov 12 2009, 04:10 PM
Post #17


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi,

Uninstall GamingHarbor Toolbar & MediaBar

Turn word wrap off in notepad to make logs appear in more readable format. This time don't re-enable it until we've got your case finished.


Open notepad and copy/paste the text in the quotebox below into it:

CODE
DDS::
uStart Page = hxxp://www.theprizeday.com/today.php
File::
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\69E6D3E5\3E688669\stbapp.exe
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe
Folder::
c:\program files\DoubleD\GamingHarbor Toolbar
DirLook::
c:\docume~1\alluse~1\applic~1\175B
c:\docume~1\alluse~1\applic~1\D20D
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileyApp"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix1.exe
Then post the resultant log & fresh dds.txt part of DDS results.
Go to the top of the page
 
+Quote Post
Wash09
post Nov 12 2009, 10:36 PM
Post #18


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Here is the new CF log.

ComboFix 09-11-13.04 - HP_Owner 11/12/2009 19:51.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.201 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\CF1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\ESET
2009-11-10 01:37 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-06 20:04 . 2009-11-06 20:04 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 20:03 . 2009-11-06 20:03 -------- d-----w- c:\program files\SDM20
2009-11-06 19:32 . 2009-11-06 19:49 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2009-11-06 19:26 . 2009-11-06 22:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2009-11-06 19:04 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 19:01 . 2009-11-06 19:03 -------- d-----w- c:\program files\Google
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 04:04 . 2009-11-13 04:04 3651 ----a-w- c:\windows\viassary-hp.reg
2009-11-11 16:34 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 01:41 . 2009-06-20 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GetRightToGo
2009-11-06 20:26 . 2009-06-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 20:04 . 2009-06-11 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 19:44 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-11-06 19:11 . 2009-06-13 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( SnapShot_2009-11-12_20.04.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 04:02 . 2009-11-13 04:02 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2007-11-07 22:15 . 2007-11-07 22:15 185632 c:\windows\Downloaded Program Files\StmOCX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HEWLET~1\HPORGA~1\bin\nda.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-12 20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 04:13
ComboFix2.txt 2009-11-12 20:11
ComboFix3.txt 2009-11-06 18:19
ComboFix4.txt 2009-11-06 16:15

Pre-Run: 53,431,033,856 bytes free
Post-Run: 53,446,942,720 bytes free

- - End Of File - - DFFBC8C8397A04E6527C513F5655D1A5




Here is the new DDS log and the attach file.


DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 20:30:51.18 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.30 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 20:17 <DIR> --ds---- C:\CF1
2009-11-12 20:04 3,884 a------- c:\windows\viassary-hp.reg
2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-03 23:21 260,608 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 20:31:26.21 ===============




Attached File(s)
Attached File  Attachtwo111209.txt ( 16.58K ) Number of downloads: 6
 
Go to the top of the page
 
+Quote Post
Blade81
post Nov 13 2009, 12:44 AM
Post #19


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Hi,

Seems that you ran ComboFix twice. Look for ComboFix2.txt file in c:\CF1 or c:\qoobox folder and post back its contents. Also, you didn't uninstall MediaBar2.0 yet.
Go to the top of the page
 
+Quote Post
Wash09
post Nov 13 2009, 11:56 AM
Post #20


Authentic Member
**

Group: Authentic Member
Posts: 23
Joined: 27-July 09
Member No.: 86,977
Operating System: Window Vista
Hi,

I ran the CF report again & deleted that MediaBar.

ComboFix 09-11-13.04 - HP_Owner 11/13/2009 9:21.9.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.146 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\CF1.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.lnk
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\ESET
2009-11-10 01:37 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-06 20:04 . 2009-11-06 20:04 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 20:03 . 2009-11-06 20:03 -------- d-----w- c:\program files\SDM20
2009-11-06 19:32 . 2009-11-06 19:49 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2009-11-06 19:26 . 2009-11-13 05:10 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2009-11-06 19:04 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 19:01 . 2009-11-06 19:03 -------- d-----w- c:\program files\Google
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 16:34 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 01:41 . 2009-06-20 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GetRightToGo
2009-11-06 20:26 . 2009-06-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 20:04 . 2009-06-11 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 19:44 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-11-06 19:11 . 2009-06-13 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( SnapShot_2009-11-12_20.04.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 17:32 . 2009-11-13 17:32 16384 c:\windows\Temp\Perflib_Perfdata_d4.dat
+ 2007-11-07 22:15 . 2007-11-07 22:15 185632 c:\windows\Downloaded Program Files\StmOCX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 09:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-13 09:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 17:41
ComboFix2.txt 2009-11-13 04:13
ComboFix3.txt 2009-11-12 20:11
ComboFix4.txt 2009-11-06 18:19
ComboFix5.txt 2009-11-13 04:18

Pre-Run: 53,373,157,376 bytes free
Post-Run: 53,376,692,224 bytes free

- - End Of File - - 706E56AAD489365813D4831F283E3FD0


Here is the new DDS report as well.



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 9:49:52.01 on Fri 11/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.92 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-03 23:21 260,608 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 9:50:29.06 ===============




I am attaching the other report as well.




Attached File(s)
Attached File  Attach1113.txt ( 16.61K ) Number of downloads: 2
 
Go to the top of the page
 
+Quote Post
Blade81
post Nov 13 2009, 12:08 PM
Post #21


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
QUOTE
c:\documents and settings\HP_Owner\Desktop\CFScript.lnk
Hi,

That script file has to be named as CFScript.txt. Please name it correctly and then use to ComboFix.
Go to the top of the page
 
+Quote Post
Blade81
post Nov 18 2009, 03:22 PM
Post #22


Advanced Member
Group Icon

Group: MRU Teachers
Posts: 767
Joined: 18-July 06
From: Southeast Finland
Member No.: 58,602
Operating System: Windows XP Pro & Windows Vista (32-bit) & Windows 7 (64-bit)
Due to inactivity this topic will be closed.
If you need help please start a new thread.
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

2 Pages V  < 1 2
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 10:04 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.