Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Infected PC


  • This topic is locked This topic is locked
21 replies to this topic

#1 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 27 October 2009 - 10:31 AM

Please help me clean this computer as I needed it to do my college papers. The system is Microsoft XP Home Edition Version 2002 Service Pack 2. It has been like this for months. I know it is infected with something. This pc is freezing and redirecting and the pages or taking forever to load I haven't done anything but ran the reports that was suggested by Noviciate. Your help would be greatly appreciated.

Edited by Wash09, 27 October 2009 - 10:38 AM.

    Advertisements

Register to Remove


#2 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 27 October 2009 - 10:42 AM

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/27 09:05 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF5346000 Size: 98304 File Visible: No Signed: - Status: - Here is the RootRepeal report that was requested. Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A4B000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal[1].sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys Address: 0xEF59C000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0xe175a580 ==EOF== Here is the DDS report that was requested: DDS (Ver_09-07-30.01) - NTFSx86 Run by HP_Owner at 21:26:57.51 on Tue 08/25/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.123 [GMT -7:00] AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C} FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbsvc.exe C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\7BOYNHWW\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mDefault_Page_URL = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearchAssistant = hxxp://search.live.com/sphome.aspx uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.5.900\HPIEAddOn.dll BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.6.3.4500\NPIEAddOn.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [VTTimer] VTTimer.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [PS2] c:\windows\system32\ps2.exe mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416] R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168] R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208] R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-27 66048] =============== Created Last 30 ================ 2009-08-18 11:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\73B9 2009-08-15 13:13 <DIR> --d----- c:\program files\Media Access Startup 2009-08-15 13:13 <DIR> --d----- c:\program files\Internet Saving Optimizer 2009-08-15 13:13 <DIR> --d----- c:\program files\System Search Dispatcher 2009-08-15 13:12 <DIR> --d----- c:\program files\DoubleD 2009-08-15 13:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E} 2009-08-14 06:49 <DIR> --d----- c:\windows\ServicePackFiles 2009-08-06 20:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D7D 2009-08-02 23:12 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-08-02 18:41 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-08-02 18:41 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-02 18:33 208,744 a------- c:\windows\system32\muweb.dll 2009-08-02 18:33 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-08-02 18:33 268,648 a------- c:\windows\system32\mucltui.dll 2009-08-02 15:39 <DIR> --d----- c:\program files\Windows Media Connect 2 2009-08-02 15:35 <DIR> --d----- c:\windows\system32\LogFiles 2009-08-02 15:11 483,328 a------- c:\windows\system32\actskn45.ocx 2009-08-02 15:11 <DIR> --d----- c:\program files\BearShare Applications ==================== Find3M ==================== 2009-08-25 21:06 3,997 a------- c:\windows\viassary-hp.reg 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-11 09:31 136 a------- C:\x345.bat 2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll 2009-06-27 11:56 5,054 ----h--- c:\windows\jm567890.dat 2009-06-27 08:35 262,144 a------- C:\ntuser.dat 2009-06-26 20:53 112,985 a------- c:\windows\hpoins07.dat 2009-06-19 22:32 47,616 a------- c:\windows\soc_1245475936.exe 2009-06-19 22:32 27,648 a------- c:\windows\soc_1245475929.exe 2009-06-19 22:32 31,744 a------- c:\windows\soc_1245475927.exe 2009-06-19 15:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat 2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll 2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe 2009-06-11 07:09 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-05 00:42 655,872 a------- c:\windows\system32\mstscax.dll 2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll ============= FINISH: 21:27:35.31 =============== Also find Attach 1 & Attach 2 reports.

Attached Files



#3 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 31 October 2009 - 04:58 AM

Bearshare

Above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#4 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 04 November 2009 - 10:28 PM

Hi, Blade81! I am trying to run combofix; however, in the time the report is running my desktop freezes up. I have tried to run the report twice and both times the desktop just locks up. I will try again. Or would you like me to try something else? How am I to know when the combofix report if finished running? Wash09

Edited by Wash09, 04 November 2009 - 11:01 PM.


#5 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 05 November 2009 - 12:59 AM

Hi, Do you have the latest copy of ComboFix there? Please make sure you do and that all security programs are disabled before the run. If it still doesn't work then try to run ComboFix in safe mode.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#6 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 06 November 2009 - 10:34 AM

Hi, Blade81!

I have finally gotten the reports you wanted. Sorry about the long wait my pc was just super slow.
ComboFix 09-11-05.05 - HP_Owner 11/06/2009 7:51.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.122 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Local Settings\Application Data\DoubleD
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm6C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmA72.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmB20.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet

Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe
c:\program files\Internet Saving Optimizer\3.6.3.4500\Data\config.md
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.dat
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.5.900\Data\config.md
c:\program files\Media Access Startup\1.5.5.900\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.5.900\FF\install.rdf
c:\program files\Media Access Startup\1.5.5.900\HPCommon.dll
c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\hppx.exe
c:\program files\Media Access Startup\1.5.5.900\MAHelper.exe
c:\program files\Media Access Startup\1.5.5.900\unins000.dat
c:\program files\Media Access Startup\1.5.5.900\unins000.exe
c:\windows\010112010146118114.dat
c:\windows\010112010146118114.lso
c:\windows\0101120101465049.dat
c:\windows\0101120101465049.lso
c:\windows\0101120101465452.dat
c:\windows\0101120101465452.lso
c:\windows\0101120101465652.dat
c:\windows\0101120101465652.lso
c:\windows\0101120101465749.dat
c:\windows\0101120101465749.lso
c:\windows\bf23567.dat
c:\windows\jmmark2.dat
c:\windows\soc_1245475927.exe
c:\windows\soc_1245475929.exe
c:\windows\soc_1245475936.exe
c:\windows\soc_1246126668.exe
c:\windows\system32\ps2.bat
c:\windows\tgmark2.dat
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver


((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-03 19:33 . 2009-11-03 19:33 348160 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application

Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application

Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application

Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and

settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application

Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 16:11 . 2009-11-06 16:09 654 ----a-w- c:\windows\viassary-hp.reg
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application

Data\Apple Computer
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application

Data\GDIPFONTCACHEV1.DAT
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application

Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application

Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:41 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application

Data\Microsoft Help
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and

settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and

settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and

settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application

Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application

Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application

Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple

Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:27 . 2009-06-27 15:35 -------- d-----w- c:\documents and settings\All Users\Application

Data\Yahoo! Companion
2009-09-09 06:00 . 2009-06-12 07:37 -------- d-----w- c:\documents and settings\mrs.beautiful\Application

Data\Apple Computer
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local

Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 04:33 . 2009-09-09 04:32 -------- d-----w- c:\documents and settings\All Users\Application

Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-09 04:22 . 2009-09-09 04:22 -------- d-----w- c:\program files\Bonjour
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 20:13 . 2009-08-15 20:13 593876 -c--a-w- c:\documents and settings\All Users\Application

Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 599351 -c--a-w- c:\documents and settings\All Users\Application

Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 416928 -c--a-w- c:\documents and settings\All Users\Application

Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
2009-08-12 17:10 294912 ----a-w- c:\program files\System Search Dispatcher\1.3.5.960\ssd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe" [2009-08-04 602112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03

233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"combofix"="c:\combofix1\CF4635.exe" [2009-11-06 388608]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
driver REG_MULTI_SZ driver
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-12 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\

n
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
BHO-{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.5.900\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 08:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\dwwin.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-06 8:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 16:15

Pre-Run: 53,934,350,336 bytes free
Post-Run: 54,748,483,584 bytes free

- - End Of File - - 7EAFD98E390DACFF5CCB3360124648E3



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 8:23:51.35 on Fri 11/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.51 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-27 66048]

=============== Created Last 30 ================

2009-11-06 08:09 654 a------- c:\windows\viassary-hp.reg
2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 8:24:21.39 ===============

Attached Files



#7 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 06 November 2009 - 10:57 AM

Hi, Looks like ComboFix log was opened with word wrap enabled text editor. Please disable word wrap and then re-post the log. Current one's format is a bit hard to read due to those empty gaps between the entries.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#8 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 06 November 2009 - 11:07 AM

ComboFix 09-11-05.05 - HP_Owner 11/06/2009 7:51.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.122 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Local Settings\Application Data\DoubleD
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5D.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5E.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm5F.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tm6C.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmA72.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\_tmB20.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe
c:\program files\Internet Saving Optimizer\3.6.3.4500\Data\config.md
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.6.3.4500\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.dat
c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.5.900\Data\config.md
c:\program files\Media Access Startup\1.5.5.900\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.5.900\FF\install.rdf
c:\program files\Media Access Startup\1.5.5.900\HPCommon.dll
c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\hppx.exe
c:\program files\Media Access Startup\1.5.5.900\MAHelper.exe
c:\program files\Media Access Startup\1.5.5.900\unins000.dat
c:\program files\Media Access Startup\1.5.5.900\unins000.exe
c:\windows\010112010146118114.dat
c:\windows\010112010146118114.lso
c:\windows\0101120101465049.dat
c:\windows\0101120101465049.lso
c:\windows\0101120101465452.dat
c:\windows\0101120101465452.lso
c:\windows\0101120101465652.dat
c:\windows\0101120101465652.lso
c:\windows\0101120101465749.dat
c:\windows\0101120101465749.lso
c:\windows\bf23567.dat
c:\windows\jmmark2.dat
c:\windows\soc_1245475927.exe
c:\windows\soc_1245475929.exe
c:\windows\soc_1245475936.exe
c:\windows\soc_1246126668.exe
c:\windows\system32\ps2.bat
c:\windows\tgmark2.dat
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver


((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-03 19:33 . 2009-11-03 19:33 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 16:11 . 2009-11-06 16:09 654 ----a-w- c:\windows\viassary-hp.reg
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:41 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 03:27 . 2009-06-27 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-09 06:00 . 2009-06-12 07:37 -------- d-----w- c:\documents and settings\mrs.beautiful\Application Data\Apple Computer
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 04:33 . 2009-09-09 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-09 04:22 . 2009-09-09 04:22 -------- d-----w- c:\program files\Bonjour
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 20:13 . 2009-08-15 20:13 593876 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 599351 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 416928 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
2009-08-12 17:10 294912 ----a-w- c:\program files\System Search Dispatcher\1.3.5.960\ssd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe" [2009-08-04 602112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"combofix"="c:\combofix1\CF4635.exe" [2009-11-06 388608]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
driver REG_MULTI_SZ driver
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-12 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Media Access Startup\1.5.5.900\HPIEAddOn.dll
BHO-{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - c:\program files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.5.900\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 08:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\dwwin.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-06 8:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 16:15

Pre-Run: 53,934,350,336 bytes free
Post-Run: 54,748,483,584 bytes free

- - End Of File - - 7EAFD98E390DACFF5CCB3360124648E3

#9 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 06 November 2009 - 11:47 AM

Hi again,


Is your Norton antivirus license still valid?



Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
c:\docume~1\alluse~1\applic~1\175B
c:\docume~1\alluse~1\applic~1\D20D
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"driver"=-
Firefox::
FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official\n


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#10 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 12 November 2009 - 10:35 AM

Hi, Blade81! I am attempting to run this KAS report again. My computer keep freezing in the middle of the scan. I will post it as soon as it completes. Or is there another type of scan I can run to get you the result you are seeking?

    Advertisements

Register to Remove


#11 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 12 November 2009 - 11:22 AM

Hi,

If it looks like the scan won't progress any further then you may try ESET scanner:

* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish
  • Copy and paste that log as a reply to this topic, along with other logs & a description of any remaining problems

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#12 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 12 November 2009 - 01:13 PM

Here is the DDS scan. DDS (Ver_09-06-26.01) - NTFSx86 Run by HP_Owner at 11:07:23.04 on Thu 11/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.67 [GMT -8:00] AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C} FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\HP_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.theprizeday.com/today.php uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [VTTimer] VTTimer.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\ FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416] R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168] R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208] R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712] =============== Created Last 30 ================ 2009-11-12 09:54 <DIR> --d----- c:\program files\ESET 2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll 2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl 2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20 2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager 2009-11-06 10:13 3,884 a------- c:\windows\viassary-hp.reg 2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe 2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe 2009-11-03 23:21 98,816 a------- c:\windows\sed.exe 2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe 2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire 2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire 2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B 2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat 2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes 2009-10-17 09:25 <DIR> --d----- c:\program files\iPod 2009-10-17 09:00 <DIR> --d----- C:\My Downloads 2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D ==================== Find3M ==================== 2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll 2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat ============= FINISH: 11:08:09.23 =============== Here is the attach scan

#13 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 12 November 2009 - 01:15 PM

Hi, Blade81! Here is the log from the ESET scan. C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe a variant of Win32/Adware.DoubleD.AA application C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbdl.exe a variant of Win32/Adware.DoubleD.AB application C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbsvc.exe Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe.vir a variant of Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Program Files\driver\driver.dll.vir Win32/Tinxy.AF trojan C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe.vir Win32/Adware.DoubleD.AC application C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\hppx.exe.vir a variant of Win32/Adware.DoubleD.AC application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe.vir Win32/Adware.DoubleD.AD application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475927.exe.vir Win32/Koobface.NBY worm C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475929.exe.vir a variant of Win32/Koobface.NCK worm C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475936.exe.vir Win32/Tinxy.AF trojan C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP135\A0321905.exe a variant of Win32/Adware.DoubleD.AB application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330022.dll Win32/Tinxy.AF trojan C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330023.exe Win32/Adware.DoubleD.AC application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330025.dll Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330027.dll a variant of Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330030.dll Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330032.dll a variant of Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330033.exe a variant of Win32/Adware.DoubleD.AC application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330034.exe Win32/Adware.DoubleD.AD application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330041.exe Win32/Koobface.NBY worm C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330042.exe a variant of Win32/Koobface.NCK worm C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330043.exe Win32/Tinxy.AF trojan Operating memory a variant of Win32/Adware.DoubleD.AA application Here is the DDS Scan. DDS (Ver_09-06-26.01) - NTFSx86 Run by HP_Owner at 11:07:23.04 on Thu 11/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.67 [GMT -8:00] AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C} FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\HP_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.theprizeday.com/today.php uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [VTTimer] VTTimer.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\ FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416] R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168] R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208] R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712] =============== Created Last 30 ================ 2009-11-12 09:54 <DIR> --d----- c:\program files\ESET 2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll 2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl 2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20 2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager 2009-11-06 10:13 3,884 a------- c:\windows\viassary-hp.reg 2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe 2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe 2009-11-03 23:21 98,816 a------- c:\windows\sed.exe 2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe 2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire 2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire 2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B 2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat 2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes 2009-10-17 09:25 <DIR> --d----- c:\program files\iPod 2009-10-17 09:00 <DIR> --d----- C:\My Downloads 2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D ==================== Find3M ==================== 2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll 2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat ============= FINISH: 11:08:09.23 ===============

Attached Files



#14 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 12 November 2009 - 01:24 PM

Hi, Blade81! Here is the log from the ESET scan. C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe a variant of Win32/Adware.DoubleD.AA application C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbdl.exe a variant of Win32/Adware.DoubleD.AB application C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbsvc.exe Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe.vir a variant of Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application C:\Qoobox\Quarantine\C\Program Files\driver\driver.dll.vir Win32/Tinxy.AF trojan C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\adwpx.exe.vir Win32/Adware.DoubleD.AC application C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\Program Files\Internet Saving Optimizer\3.6.3.4500\FF\components\NPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\HPIEAddOn.dll.vir a variant of Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\hppx.exe.vir a variant of Win32/Adware.DoubleD.AC application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe.vir Win32/Adware.DoubleD.AD application C:\Qoobox\Quarantine\C\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll.vir Win32/Adware.DoubleD.AE application C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475927.exe.vir Win32/Koobface.NBY worm C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475929.exe.vir a variant of Win32/Koobface.NCK worm C:\Qoobox\Quarantine\C\WINDOWS\soc_1245475936.exe.vir Win32/Tinxy.AF trojan C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP135\A0321905.exe a variant of Win32/Adware.DoubleD.AB application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330022.dll Win32/Tinxy.AF trojan C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330023.exe Win32/Adware.DoubleD.AC application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330025.dll Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330027.dll a variant of Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330030.dll Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330032.dll a variant of Win32/Adware.DoubleD.AE application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330033.exe a variant of Win32/Adware.DoubleD.AC application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330034.exe Win32/Adware.DoubleD.AD application C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330041.exe Win32/Koobface.NBY worm C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330042.exe a variant of Win32/Koobface.NCK worm C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0330043.exe Win32/Tinxy.AF trojan Operating memory a variant of Win32/Adware.DoubleD.AA application Here is the DDS Scan. DDS (Ver_09-06-26.01) - NTFSx86 Run by HP_Owner at 11:07:23.04 on Thu 11/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.67 [GMT -8:00] AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C} FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\HP_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.theprizeday.com/today.php uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll TB: GamingHarbor Toolbar: {5617eca9-488d-4ba2-8562-9710b9ab78d2} - c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stb0.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [SmileyApp] c:\program files\doubled\gamingharbor toolbar\4.2.0.21210\stbapp.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [VTTimer] VTTimer.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\ FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416] R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168] R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208] R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712] =============== Created Last 30 ================ 2009-11-12 09:54 <DIR> --d----- c:\program files\ESET 2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll 2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl 2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20 2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager 2009-11-06 10:13 3,884 a------- c:\windows\viassary-hp.reg 2009-11-03 23:21 267,264 a------- c:\windows\PEV.exe 2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe 2009-11-03 23:21 98,816 a------- c:\windows\sed.exe 2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe 2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire 2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire 2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B 2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat 2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes 2009-10-17 09:25 <DIR> --d----- c:\program files\iPod 2009-10-17 09:00 <DIR> --d----- C:\My Downloads 2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D ==================== Find3M ==================== 2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll 2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat ============= FINISH: 11:08:09.23 ===============

Attached Files



#15 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 12 November 2009 - 01:31 PM

Hi, Do you have requested ComboFix resultant log available too? Please post its contents :)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users