ComboFix 11-11-18.02 - Compaq_Administrator 11/18/2011 19:53:51.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1655 [GMT -5:00] Running from: C:\Documents and Settings\Compaq_Administrator\My Documents\My Videos\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Administrator\WINDOWS C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\1.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\a.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\b.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\c.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\d.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\e.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\f.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\g.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\h.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\i.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\J.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\k.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\l.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\m.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\mru.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\n.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\o.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\p.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\q.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\r.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\s.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\t.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\u.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\v.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\w.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\x.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\y.xml C:\Documents and Settings\Compaq_Administrator\Application Data\PriceGong\Data\z.xml C:\Documents and Settings\Compaq_Administrator\WINDOWS C:\Documents and Settings\Default User\WINDOWS C:\Program Files\FileServe Toolbar\fiLEservetb.dll C:\Program Files\Search Toolbar C:\Program Files\Search Toolbar\icon.ico C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe C:\WINDOWS\kb913800.exe C:\WINDOWS\system32\config\systemprofile\WINDOWS D:\Autorun.inf ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 ))))))))))))))))))))))))))))))) 2011-11-12 21:29:38 . 2011-11-12 21:29:38 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2011-11-12 20:06:05 . 2011-11-12 20:08:40 -------- d-----w- C:\WINDOWS\system32\drivers\NIS\1302000.00A 2011-10-29 03:17:48 . 2011-10-29 03:17:48 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-10-29 03:17:48 . 2011-10-29 03:17:47 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-10-29 03:17:48 . 2011-10-29 03:17:47 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-10-29 03:17:48 . 2011-10-29 03:17:47 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-10-29 03:17:48 . 2011-10-29 03:17:47 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-10-29 03:17:48 . 2011-10-29 03:17:47 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-10-29 03:17:48 . 2011-10-29 03:17:47 159744 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-10-29 03:17:11 . 2011-10-29 03:17:47 -------- d-----w- C:\Program Files\QuickTime 2011-10-29 03:15:00 . 2009-05-18 17:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2011-10-29 03:15:00 . 2008-04-17 16:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll 2011-10-29 03:13:54 . 2011-10-29 03:13:55 -------- d-----w- C:\Program Files\iPod 2011-10-29 03:13:51 . 2011-10-29 03:14:57 -------- d-----w- C:\Program Files\iTunes 2011-10-29 03:13:51 . 2011-10-29 03:14:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-10-29 03:13:22 . 2011-10-29 03:13:22 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Apple Computer 2011-10-29 03:12:49 . 2011-10-29 03:12:50 -------- d-----w- C:\Program Files\Bonjour 2011-10-24 18:29:02 . 2011-10-24 18:29:02 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx 2011-10-24 18:29:02 . 2011-10-24 18:29:02 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-11-12 19:58:38 . 2011-10-12 17:23:03 60872 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL 2011-11-12 19:58:38 . 2011-10-12 17:23:03 127096 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2011-10-17 18:18:01 . 2003-03-19 04:14:52 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll 2011-10-17 18:18:01 . 2003-02-21 12:42:22 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll 2011-10-10 14:22:41 . 2010-11-13 16:41:10 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll 2011-10-03 09:06:03 . 2010-12-04 16:05:53 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2011-10-03 06:37:52 . 2011-03-25 05:46:32 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2011-09-28 07:06:50 . 2010-11-13 16:40:16 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll 2011-09-26 15:41:20 . 2010-11-13 16:41:55 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll 2011-09-26 15:41:20 . 2008-07-30 00:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll 2011-09-26 15:41:14 . 2010-11-13 16:41:55 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll 2011-09-06 13:20:51 . 2010-11-13 16:43:29 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys 2011-08-31 21:00:50 . 2010-11-18 13:30:03 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2011-08-31 03:05:04 . 2011-08-31 03:05:04 83816 ----a-w- C:\WINDOWS\system32\dns-sd.exe 2011-08-31 03:05:04 . 2011-08-31 03:05:04 73064 ----a-w- C:\WINDOWS\system32\dnssd.dll 2011-08-31 03:05:04 . 2011-08-31 03:05:04 50536 ----a-w- C:\WINDOWS\system32\jdns_sd.dll 2011-08-31 03:05:04 . 2011-08-31 03:05:04 178536 ----a-w- C:\WINDOWS\system32\dnssdX.dll 2011-08-22 23:48:55 . 2010-11-13 16:43:30 916480 ----a-w- C:\WINDOWS\system32\wininet.dll 2011-08-22 23:48:54 . 2010-11-13 16:41:14 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll 2011-08-22 23:48:54 . 2010-11-13 16:41:10 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl 2011-08-22 11:56:39 . 2010-11-13 16:41:06 385024 ----a-w- C:\WINDOWS\system32\html.iec ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 02:51:08 214840] [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}] 2010-11-18 14:44:36 647168 ----a-w- C:\Program Files\Shop to Win 9\ShoppingBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 05:18:08 6276408] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01:14 67584] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19:16 77312] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-10 03:50:00 7311360] "nwiz"="nwiz.exe" [2006-05-10 03:50:00 1519616] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 02:12:40 1077248] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11:54 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14:00 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34:58 249856] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-10 03:50:00 86016] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 14:32:14 18085888] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 16:55:28 937920] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696] "TkBellExe"="C:\Program Files\real\realplayer\update\realsched.exe" [2011-10-17 18:18:03 273528] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 11:22:28 59240] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-10-24 18:28:52 421888] C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ MyWeather Desktop.lnk - C:\Program Files\MyWeather Desktop\MyWeather Desktop.exe [N/A] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 03:41:34 304128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12:28 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R0 SymDS;Symantec Data Store;C:\WINDOWS\system32\drivers\NIS\1302000.00A\symds.sys [11/12/2011 3:06:27 PM 340088] R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1302000.00A\symefa.sys [11/12/2011 3:06:28 PM 897656] R1 BHDrvx86;BHDrvx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [11/14/2011 6:24:36 PM 819320] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccsetx86.sys [11/12/2011 3:06:27 PM 132744] R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\system32\drivers\NIS\1302000.00A\ironx86.sys [11/12/2011 3:06:27 PM 149624] R2 AntUpdaterService;Ant Toolbar updater service;C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe [6/29/2011 12:26:06 PM 520216] R2 NIS;Norton Internet Security;C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [11/12/2011 3:06:17 PM 138760] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files\Secunia\PSI\psia.exe [4/19/2011 1:44:40 AM 993848] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files\Secunia\PSI\sua.exe [4/19/2011 1:44:40 AM 399416] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 8:34:47 PM 106104] R3 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111117.030\IDSXpx86.sys [11/17/2011 6:57:57 PM 356280] R3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [9/1/2010 3:30:58 AM 15544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16:28 PM 130384] S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [1/14/2011 6:49:09 PM 136176] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\drivers\A3AB.sys [5/23/2007 4:15:00 AM 547744] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [1/14/2011 6:49:09 PM 136176] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\drivers\wdcsam.sys [11/24/2010 9:13:49 AM 11520] S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe -k WINRM [11/13/2010 11:42:27 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16:28 PM 753504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32:48 128512 ----a-w- C:\WINDOWS\system32\advpack.dll Contents of the 'Scheduled Tasks' folder 2011-10-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57:16 . 2011-06-01 21:57:16] 2011-11-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-14 23:49:09 . 2011-01-14 23:49:05] 2011-11-19 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-14 23:49:09 . 2011-01-14 23:49:05] 2011-11-19 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4256486490-1714306237-1489007402-1008.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40:28 . 2011-09-27 17:40:28] 2011-11-19 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4256486490-1714306237-1489007402-1008.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40:28 . 2011-09-27 17:40:28] ------- Supplementary Scan ------- uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\download.dll TCP: DhcpNameServer = 192.168.10.1 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKLM-Run-PCDrProfiler - (no file) AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe