ComboFix 09-07-05.04 - HP_Administrator 07/06/2009 10:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.660 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Application Data\FunWebProducts
c:\documents and settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\avatar.dat
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\_tmBD.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\stb06759.tmp
C:\install.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\01AC568A
c:\program files\MyWebSearch\bar\Cache\01AC5BBA
c:\program files\MyWebSearch\bar\Cache\01AC632C
c:\program files\MyWebSearch\bar\Cache\01AC65DC.bin
c:\program files\MyWebSearch\bar\Cache\01AC6782.bin
c:\program files\MyWebSearch\bar\Cache\01AC68BA.bin
c:\program files\MyWebSearch\bar\Cache\01AC6A31.bin
c:\program files\MyWebSearch\bar\Cache\01AC6BA8.bin
c:\program files\MyWebSearch\bar\Cache\0218DD12.bin
c:\program files\MyWebSearch\bar\Cache\0218DFF1.bin
c:\program files\MyWebSearch\bar\Cache\0218E1F4.bin
c:\program files\MyWebSearch\bar\Cache\0218E57E.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\content\options.js
c:\program files\SelectRebates\FFToolbar\chrome\content\options.xul
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.xul
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\contents.rdf
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd.skin
c:\program files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.properties
c:\program files\SelectRebates\FFToolbar\chrome\skin\3rdParty.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-folderplus.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\add-plussign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\alert-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\bluebar.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\dollarsign.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\FindWords.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\gripper.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\icon-magnifying.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\invite2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-blue.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-gray.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-green.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\my-red.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Options.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\S.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-LogoHotSpots.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-logotext.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v1.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\sahtoolbar.css
c:\program files\SelectRebates\FFToolbar\chrome\skin\Scissors.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Search.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\shoppingcart.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\singleperson.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\star.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\thumb2.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Thumbs.db
c:\program files\SelectRebates\FFToolbar\chrome\skin\toolbar-images-ALL.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Toolbar_HelpAndFeedback.png
c:\program files\SelectRebates\FFToolbar\chrome\skin\Wrench.png
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\Add.bmp
c:\program files\SelectRebates\Toolbar\AdvancedOptions.html
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\button-CloseWindow.gif
c:\program files\SelectRebates\Toolbar\i_clipboard.bmp
c:\program files\SelectRebates\Toolbar\i_help.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\Invite.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\MyNew.bmp
c:\program files\SelectRebates\Toolbar\MyNone.bmp
c:\program files\SelectRebates\Toolbar\MyPage.bmp
c:\program files\SelectRebates\Toolbar\Rate.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sah_logo_bars.gif
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\Tools.bmp
c:\program files\SelectRebates\Toolbar\Tools2.bmp
c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETrblkotqf.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\SKYNETcdpjques.dat
c:\windows\system32\SKYNETfwvygwpu.dll
c:\windows\system32\SKYNETlkloafha.dll
c:\windows\system32\SKYNETtdoydrnu.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETpjmknepq
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-06-30 02:09 . 2006-06-04 04:29 48640 ----a-w- c:\windows\system32\hpzll4pi.dll
2009-06-30 02:07 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-30 02:07 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-30 02:06 . 2009-06-30 02:27 124500 ----a-w- c:\windows\HPHins12.dat
2009-06-30 02:06 . 2006-07-07 03:49 14916 ------w- c:\windows\hphmdl12.dat
2009-06-30 02:03 . 2006-05-16 20:25 77824 ----a-w- c:\windows\system32\hpzids01.dll
2009-06-30 01:58 . 2006-06-22 03:03 56 ----a-w- C:\ut9x.bat
2009-06-30 01:58 . 2006-06-19 21:08 54 ----a-w- C:\ut.bat
2009-06-30 01:50 . 2009-06-30 01:50 -------- d-----w- c:\temp\FixEngine
2009-06-30 01:46 . 2009-06-30 01:46 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2009-06-30 01:46 . 2009-06-30 01:46 -------- d-----w- c:\windows\Downloaded Installations
2009-06-30 01:42 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-30 01:42 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-29 22:12 . 2004-08-10 04:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-29 22:06 . 2009-06-29 22:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-29 22:04 . 2009-06-29 22:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-29 22:04 . 2009-06-29 22:04 -------- d-----w- c:\windows\system32\LogFiles
2009-06-15 01:52 . 2009-06-15 01:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-06-13 22:50 . 2009-06-13 22:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-13 22:17 . 2009-06-13 22:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-12 01:29 . 2009-06-20 22:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-06-12 01:27 . 2009-03-19 23:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-12 01:27 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-12 00:53 . 2009-06-12 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-12 00:47 . 2009-06-12 01:29 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple Computer
2009-06-10 21:00 . 2009-06-10 21:00 -------- d-----w- c:\program files\System Search Dispatcher
2009-06-10 21:00 . 2009-06-10 21:00 -------- d-----w- c:\program files\DoubleD
2009-06-10 20:59 . 2009-06-10 20:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\DoubleD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 23:52 . 2009-05-28 17:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-04 08:38 . 2009-05-28 17:35 -------- d-----w- c:\program files\LimeWire
2009-06-30 02:28 . 2006-01-01 13:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HP
2009-06-30 02:13 . 2006-06-16 04:32 -------- d-----w- c:\program files\HP
2009-06-27 02:05 . 2006-06-16 04:48 -------- d-----w- c:\program files\HP Games
2009-06-12 01:26 . 2009-06-12 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-12 01:26 . 2009-06-12 01:25 -------- d-----w- c:\program files\iTunes
2009-06-12 01:25 . 2009-06-12 01:25 -------- d-----w- c:\program files\iPod
2009-06-12 01:25 . 2009-06-12 00:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 01:25 . 2009-06-12 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-12 01:21 . 2009-06-12 01:21 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-12 01:02 . 2009-06-12 01:02 -------- d-----w- c:\program files\Bonjour
2009-06-12 00:59 . 2009-06-12 00:54 -------- d-----w- c:\program files\QuickTime
2009-06-12 00:54 . 2009-06-12 00:53 -------- d-----w- c:\program files\Apple Software Update
2009-06-06 20:23 . 2009-06-05 04:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Download Manager
2009-06-05 18:42 . 2009-06-12 00:53 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-06-12 00:53 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 00:06 . 2006-06-16 04:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-04 00:04 . 2009-06-04 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-03 23:52 . 2009-06-03 23:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch
2009-06-02 10:10 . 2006-06-16 04:45 51976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 10:03 . 2009-06-02 10:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-31 23:49 . 2009-05-31 23:49 594 ----a-w- c:\windows\eReg.dat
2009-05-31 23:41 . 2009-05-31 23:41 -------- d-----w- c:\program files\Maxis
2009-05-28 17:29 . 2009-05-28 17:29 -------- d-----w- c:\program files\Microsoft
2009-05-28 17:27 . 2009-05-28 17:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 17:27 . 2006-06-16 04:13 -------- d-----w- c:\program files\Java
2009-05-28 17:26 . 2009-05-28 17:26 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 04:48 . 2009-05-28 04:48 -------- d-----w- c:\program files\MSXML 4.0
2009-05-28 00:11 . 2009-05-28 00:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Viewpoint
2009-05-07 15:44 . 2004-08-10 04:00 344064 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-10 04:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-10 04:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 04:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-03-11 23:30 . 2006-01-01 11:39 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-29 497008]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-16 180269]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-29 497008]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-15 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-15 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/1/2006 5:09 AM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/1/2006 5:09 AM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/29/2008 9:06 AM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/1/2006 5:09 AM 677128]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/23/2006 11:51 AM 24652]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [7/29/2008 9:06 AM 335376]
.
Contents of the 'Scheduled Tasks' folder
2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aimzones.aol.com/homepage
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - http://edits.mywebse...?p=ZYxdm034YYUS
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 10:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\SEP20.tmp 0 bytes
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2860)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-07-06 10:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 17:31
Pre-Run: 160,129,855,488 bytes free
Post-Run: 160,953,974,784 bytes free
416 --- E O F --- 2009-07-06 04:35