Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Infected PC

Started by Wash09 , Oct 27 2009 10:31 AM

  • This topic is locked This topic is locked
21 replies to this topic

#16 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 12 November 2009 - 02:15 PM

Here is the CF report
ComboFix 09-11-13.02 - HP_Owner 11/12/2009 11:50.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.247 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\System Search Dispatcher\1.3.5.960\ssD.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV


((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\ESET
2009-11-10 01:37 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-06 20:04 . 2009-11-06 20:04 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 20:03 . 2009-11-06 20:03 -------- d-----w- c:\program files\SDM20
2009-11-06 19:32 . 2009-11-06 19:49 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2009-11-06 19:26 . 2009-11-06 22:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2009-11-06 19:04 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 19:01 . 2009-11-06 19:03 -------- d-----w- c:\program files\Google
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 20:05 . 2009-11-12 20:05 3651 ----a-w- c:\windows\viassary-hp.reg
2009-11-11 16:34 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 01:41 . 2009-06-20 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GetRightToGo
2009-11-06 20:26 . 2009-06-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 20:04 . 2009-06-11 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 19:44 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-11-06 19:11 . 2009-06-13 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-15 20:13 . 2009-08-15 20:13 593876 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 599351 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-08-15 20:13 . 2009-08-15 20:13 416928 -c--a-w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_16.09.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-12 20:03 . 2009-11-12 20:03 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2009-11-10 01:37 . 2006-10-27 03:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2009-11-06 19:05 . 2009-11-06 19:05 20480 c:\windows\Installer\1b1553.msi
+ 2009-11-06 19:02 . 2009-11-06 19:02 24064 c:\windows\Installer\1b154d.msi
+ 2009-11-10 01:37 . 2009-11-11 16:33 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 04:24 . 2006-10-27 04:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2009-11-10 01:36 . 2009-11-10 01:36 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2009-11-10 01:36 . 2009-11-10 01:36 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-11-10 01:36 . 2006-10-27 03:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2009-11-06 20:05 . 2009-11-06 20:04 149280 c:\windows\system32\javaws.exe
+ 2009-11-06 20:05 . 2009-11-06 20:04 145184 c:\windows\system32\javaw.exe
+ 2009-11-06 20:05 . 2009-11-06 20:04 145184 c:\windows\system32\java.exe
- 2004-08-11 18:05 . 2009-10-27 16:52 286904 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 18:05 . 2009-11-11 19:06 286904 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-06 20:04 . 2009-11-06 20:04 537600 c:\windows\Installer\53d9c6.msi
+ 2009-11-10 01:37 . 2009-11-11 16:33 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-10 01:37 . 2009-11-11 16:33 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2006-10-27 04:32 . 2006-10-27 04:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2004-08-18 23:13 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-18 23:13 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2009-10-16 15:03 . 2009-10-16 15:03 5003776 c:\windows\Installer\45e64.msp
+ 2009-08-18 20:58 . 2009-08-18 20:58 8301056 c:\windows\Installer\45e14.msp
+ 2009-08-18 20:57 . 2009-08-18 20:57 9122304 c:\windows\Installer\45dc4.msp
+ 2008-05-21 08:45 . 2008-05-21 08:45 5246976 c:\windows\Installer\45db0.msp
+ 2009-11-10 01:37 . 2009-11-10 01:37 9613312 c:\windows\Installer\1d9dde0.msi
+ 2009-11-10 01:33 . 2009-11-10 01:33 1640960 c:\windows\Installer\1d9dd93.msi
+ 2009-11-06 19:12 . 2009-11-06 19:12 3940352 c:\windows\Installer\1b1559.msi
+ 2009-11-10 01:37 . 2009-11-11 16:33 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-12 20:38 . 2009-11-11 16:34 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-12 20:38 . 2009-10-27 15:33 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-27 23:03 . 2006-10-27 23:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 04:24 . 2006-10-27 04:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 23:03 . 2006-10-27 23:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2009-11-10 01:36 . 2009-11-10 01:36 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2009-06-28 02:16 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe" [2009-08-04 602112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-12 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-11 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 12:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\WININET.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\ProductInfo.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HEWLET~1\HPORGA~1\bin\nda.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-12 12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 20:11
ComboFix2.txt 2009-11-06 18:19
ComboFix3.txt 2009-11-06 16:15

Pre-Run: 53,171,572,736 bytes free
Post-Run: 53,458,472,960 bytes free

- - End Of File - - A03FFBEE12A9B2BA21C19D19C70DADEC

    Advertisements

Register to Remove

#17 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 12 November 2009 - 04:10 PM

Hi,

Uninstall GamingHarbor Toolbar & MediaBar

Turn word wrap off in notepad to make logs appear in more readable format. This time don't re-enable it until we've got your case finished.


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uStart Page = hxxp://www.theprizeday.com/today.php
File::
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\69E6D3E5\3E688669\stbapp.exe
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe
Folder::
c:\program files\DoubleD\GamingHarbor Toolbar
DirLook::
c:\docume~1\alluse~1\applic~1\175B
c:\docume~1\alluse~1\applic~1\D20D
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileyApp"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix1.exe
Then post the resultant log & fresh dds.txt part of DDS results.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#18 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 12 November 2009 - 10:36 PM

Here is the new CF log.

ComboFix 09-11-13.04 - HP_Owner 11/12/2009 19:51.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.201 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\CF1.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\ESET
2009-11-10 01:37 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-06 20:04 . 2009-11-06 20:04 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 20:03 . 2009-11-06 20:03 -------- d-----w- c:\program files\SDM20
2009-11-06 19:32 . 2009-11-06 19:49 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2009-11-06 19:26 . 2009-11-06 22:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2009-11-06 19:04 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 19:01 . 2009-11-06 19:03 -------- d-----w- c:\program files\Google
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 04:04 . 2009-11-13 04:04 3651 ----a-w- c:\windows\viassary-hp.reg
2009-11-11 16:34 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 01:41 . 2009-06-20 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GetRightToGo
2009-11-06 20:26 . 2009-06-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 20:04 . 2009-06-11 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 19:44 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-11-06 19:11 . 2009-06-13 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-04 07:15 . 2009-08-02 22:11 -------- d-----w- c:\program files\BearShare Applications
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( SnapShot_2009-11-12_20.04.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 04:02 . 2009-11-13 04:02 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2007-11-07 22:15 . 2007-11-07 22:15 185632 c:\windows\Downloaded Program Files\StmOCX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-8-11 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HEWLET~1\HPORGA~1\bin\nda.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-12 20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 04:13
ComboFix2.txt 2009-11-12 20:11
ComboFix3.txt 2009-11-06 18:19
ComboFix4.txt 2009-11-06 16:15

Pre-Run: 53,431,033,856 bytes free
Post-Run: 53,446,942,720 bytes free

- - End Of File - - DFFBC8C8397A04E6527C513F5655D1A5




Here is the new DDS log and the attach file.


DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 20:30:51.18 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.30 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 20:17 <DIR> --ds---- C:\CF1
2009-11-12 20:04 3,884 a------- c:\windows\viassary-hp.reg
2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-03 23:21 260,608 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 20:31:26.21 ===============

Attached Files


#19 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 13 November 2009 - 12:44 AM

Hi, Seems that you ran ComboFix twice. Look for ComboFix2.txt file in c:\CF1 or c:\qoobox folder and post back its contents. Also, you didn't uninstall MediaBar2.0 yet.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#20 Wash09

Wash09

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 13 November 2009 - 11:56 AM

Hi,

I ran the CF report again & deleted that MediaBar.

ComboFix 09-11-13.04 - HP_Owner 11/13/2009 9:21.9.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.146 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\CF1.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.lnk
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 17:54 . 2009-11-12 17:54 -------- d-----w- c:\program files\ESET
2009-11-10 01:37 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-06 20:04 . 2009-11-06 20:04 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-06 20:03 . 2009-11-06 20:03 -------- d-----w- c:\program files\SDM20
2009-11-06 19:32 . 2009-11-06 19:49 -------- d-----w- c:\documents and settings\HP_Owner\.SunDownloadManager
2009-11-06 19:26 . 2009-11-13 05:10 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google
2009-11-06 19:04 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 19:01 . 2009-11-06 19:03 -------- d-----w- c:\program files\Google
2009-11-04 18:00 . 2009-11-04 18:00 78888 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-03 19:32 . 2009-11-03 19:32 18944 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-03 19:32 . 2009-11-03 19:32 17408 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-11-03 19:32 . 2009-11-03 19:32 20480 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-03 19:32 . 2009-11-03 19:32 8192 ----a-w- c:\documents and settings\HP_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-03 19:31 . 2009-11-04 07:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-11-03 19:28 . 2009-11-04 07:15 -------- d-----w- c:\program files\LimeWire
2009-11-03 19:14 . 2009-11-03 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\175B
2009-10-28 01:08 . 2009-11-06 05:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-27 15:53 . 2009-10-27 15:53 -------- d-----w- c:\program files\ERUNT
2009-10-25 23:15 . 2009-10-26 14:47 63 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences2.dat
2009-10-22 08:18 . 2009-10-22 08:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iTunes
2009-10-17 17:25 . 2009-10-17 17:26 -------- d-----w- c:\program files\iPod
2009-10-17 17:00 . 2009-10-17 17:00 -------- d-----w- C:\My Downloads
2009-10-17 16:57 . 2009-10-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\D20D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 16:34 . 2009-07-12 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 01:41 . 2009-06-20 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GetRightToGo
2009-11-06 20:26 . 2009-06-28 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-06 20:04 . 2009-06-11 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 19:44 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-11-06 19:11 . 2009-06-13 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:03 . 2009-07-03 01:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-11-03 19:21 . 2009-06-08 18:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-10-28 01:53 . 2009-06-20 05:04 78888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 15:28 . 2004-08-12 04:02 -------- d-----w- c:\program files\Microsoft Works
2009-10-26 14:53 . 2009-07-03 01:48 38 ----a-w- c:\documents and settings\Guest\jagex_runescape_preferences.dat
2009-10-23 00:33 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-10-17 20:59 . 2009-09-15 22:46 45 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences2.dat
2009-10-17 20:59 . 2009-06-17 04:23 38 ----a-w- c:\documents and settings\mrs.beautiful\jagex_runescape_preferences.dat
2009-10-17 17:25 . 2009-09-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-17 17:25 . 2009-09-09 04:19 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 00:30 . 2009-06-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-19 22:37 . 2009-09-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 22:32 . 2009-09-19 22:31 -------- d-----w- c:\program files\QuickTime
2009-09-19 22:25 . 2009-09-19 22:25 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:33 . 2004-08-18 23:10 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:57 . 2009-07-11 18:16 78888 ----a-w- c:\documents and settings\mrs.beautiful\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 20:45 . 2004-08-18 23:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-18 23:13 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-09-09 04:21 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-09 04:21 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-18 23:11 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( SnapShot_2009-11-12_20.04.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 17:32 . 2009-11-13 17:32 16384 c:\windows\Temp\Perflib_Perfdata_d4.dat
+ 2007-11-07 22:15 . 2007-11-07 22:15 185632 c:\windows\Downloaded Program Files\StmOCX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-6-8 36954]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-11 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-06-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{35D4F142-0FB1-459A-8853-6A369624B037}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{97DDCCD8-F326-4F44-B654-781F4E7EFC02}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\h7s74cbt.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 09:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\SAVScan.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-13 09:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 17:41
ComboFix2.txt 2009-11-13 04:13
ComboFix3.txt 2009-11-12 20:11
ComboFix4.txt 2009-11-06 18:19
ComboFix5.txt 2009-11-13 04:18

Pre-Run: 53,373,157,376 bytes free
Post-Run: 53,376,692,224 bytes free

- - End Of File - - 706E56AAD489365813D4831F283E3FD0


Here is the new DDS report as well.



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Owner at 9:49:52.01 on Fri 11/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.92 [GMT -8:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\h7s74cbt.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-12-8 235168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
R2 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]

=============== Created Last 30 ================

2009-11-12 09:54 <DIR> --d----- c:\program files\ESET
2009-11-09 17:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-11-06 12:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-06 12:03 <DIR> --d----- c:\program files\SDM20
2009-11-06 11:32 <DIR> --d----- c:\documents and settings\hp_owner\.SunDownloadManager
2009-11-03 23:21 260,608 a------- c:\windows\PEV.exe
2009-11-03 23:21 161,792 a------- c:\windows\SWREG.exe
2009-11-03 23:21 98,816 a------- c:\windows\sed.exe
2009-11-03 23:21 77,312 a------- c:\windows\MBR.exe
2009-11-03 11:31 <DIR> --d----- c:\docume~1\hp_owner\applic~1\LimeWire
2009-11-03 11:28 <DIR> --d----- c:\program files\LimeWire
2009-11-03 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\175B
2009-10-27 17:08 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-17 09:25 <DIR> --d----- c:\program files\iTunes
2009-10-17 09:25 <DIR> --d----- c:\program files\iPod
2009-10-17 09:00 <DIR> --d----- C:\My Downloads
2009-10-17 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\D20D

==================== Find3M ====================

2009-11-06 12:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 12:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 00:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 00:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-06-19 14:01 34 a------- c:\documents and settings\hp_owner\jagex_runescape_preferences.dat

============= FINISH: 9:50:29.06 ===============




I am attaching the other report as well.

Attached Files


#21 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 13 November 2009 - 12:08 PM

c:\documents and settings\HP_Owner\Desktop\CFScript.lnk

Hi,

That script file has to be named as CFScript.txt. Please name it correctly and then use to ComboFix.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#22 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 18 November 2009 - 03:22 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·