Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

combofix

Started by lcpeake , Jan 27 2010 04:28 PM

  • Please log in to reply

#1
lcpeake
Posted 27 January 2010 - 04:28 PM

lcpeake

    New Member

  • Member
  • Pip
  • 3 posts
ComboFix 10-01-27.03 - HP_Administrator 01/27/2010 16:40:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.196 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Start Menu\Programs\QUAD Utilities
c:\documents and settings\HP_Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk
c:\program files\Blubster Toolbar
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\search_de.bmp
c:\program files\Fast Browser Search\search_es.bmp
c:\program files\Fast Browser Search\search_fr.bmp
c:\program files\Fast Browser Search\search_it.bmp
c:\program files\Fast Browser Search\search_pt.bmp
c:\program files\Fast Browser Search\search_ru.bmp
c:\program files\Fast Browser Search\SearchAssistant.dll
c:\program files\Fast Browser Search\SearchGuardPlus.ico
c:\program files\Fast Browser Search\SGPU.ico
c:\program files\Fast Browser Search\sgpUpdater.xml
c:\program files\Fast Browser Search\tbhelper.dll
c:\program files\Fast Browser Search\tbs_include_script_003175.js
c:\program files\Fast Browser Search\tbs_include_script_005064.js
c:\program files\Fast Browser Search\tbs_include_script_012817.js
c:\program files\Fast Browser Search\Toolbar Help.htm
c:\program files\Fast Browser Search\version.txt
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\ScreenSaver\Images\0BFC31A4.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0003A50B
c:\program files\MyWebSearch\bar\Cache\001D3E15
c:\program files\MyWebSearch\bar\Cache\00306B24
c:\program files\MyWebSearch\bar\Cache\0041831E
c:\program files\MyWebSearch\bar\Cache\0452467B.bin
c:\program files\MyWebSearch\bar\Cache\045247E2
c:\program files\MyWebSearch\bar\Cache\04ECFBB4
c:\program files\MyWebSearch\bar\Cache\05841F7A.bin
c:\program files\MyWebSearch\bar\Cache\05842110.bin
c:\program files\MyWebSearch\bar\Cache\058422A7.bin
c:\program files\MyWebSearch\bar\Cache\05C116E6
c:\program files\MyWebSearch\bar\Cache\06388349
c:\program files\MyWebSearch\bar\Cache\0893ECBD.bin
c:\program files\MyWebSearch\bar\Cache\08D39CD0
c:\program files\MyWebSearch\bar\Cache\0BFB9767
c:\program files\MyWebSearch\bar\Cache\0BFB997B.bin
c:\program files\MyWebSearch\bar\Cache\0BFBA6C9.bin
c:\program files\MyWebSearch\bar\Cache\0BFBA850.bin
c:\program files\MyWebSearch\bar\Cache\0BFBA978.bin
c:\program files\MyWebSearch\bar\Cache\0BFBAA72.bin
c:\program files\MyWebSearch\bar\Cache\0C7A08F9.bin
c:\program files\MyWebSearch\bar\Cache\0C7A0B0C.bin
c:\program files\MyWebSearch\bar\Cache\0C7A0D1F.bin
c:\program files\MyWebSearch\bar\Cache\0C7A0E0A.bin
c:\program files\MyWebSearch\bar\Cache\0C7A0F81.bin
c:\program files\MyWebSearch\bar\Cache\0C7A106B
c:\program files\MyWebSearch\bar\Cache\1B213294
c:\program files\MyWebSearch\bar\Cache\392C52CD.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard PlusU
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\recycler\S-1-5-21-4073751071-846810263-2765970350-1008
c:\windows\COUPON~1.DLL
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\kb913800.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-22 22:07 . 2010-01-22 22:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2010-01-07 20:44 . 2010-01-07 20:44 -------- d-----w- c:\program files\WinPcap
2010-01-07 20:41 . 2010-01-07 20:48 -------- d-----w- c:\program files\L0phtCrack 6
2010-01-07 20:30 . 2010-01-07 20:30 -------- d-----w- c:\program files\aoxppr
2010-01-07 01:33 . 2010-01-07 01:33 -------- d-----w- c:\program files\Belarc
2010-01-07 01:33 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-01-03 20:21 . 2010-01-07 21:03 -------- d-----w- c:\windows\Cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 21:56 . 2006-06-16 05:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-27 21:56 . 2009-12-22 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-27 21:54 . 2009-12-23 05:54 256 ----a-w- c:\windows\system32\pool.bin
2010-01-27 21:53 . 2009-12-11 19:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-01-19 20:28 . 2009-12-22 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-07 20:35 . 2009-12-09 02:56 -------- d-----w- c:\program files\Keyfinder Advanced 2010 (Trial Version)
2010-01-03 20:21 . 2008-08-23 14:40 -------- d-----w- c:\program files\Coupons
2009-12-28 03:32 . 2009-12-28 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-27 21:42 . 2009-12-27 21:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HP
2009-12-23 05:53 . 2009-12-23 05:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Research In Motion
2009-12-23 05:36 . 2006-06-16 04:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-12-23 05:35 . 2008-08-01 04:21 -------- d-----w- c:\program files\Roxio
2009-12-23 05:20 . 2009-12-23 05:20 6502 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-23 05:20 . 2009-12-23 05:20 6502 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 26694 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-23 05:20 . 2009-12-23 05:20 69632 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\DesktopMgr.exe
2009-12-23 05:20 . 2009-12-23 05:20 6502 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D793A12F-E362-48BB-B332-1DA5E936B52D}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-22 02:14 . 2009-12-22 02:13 -------- d-----w- c:\program files\STOPzilla!
2009-12-22 02:12 . 2009-12-22 02:12 -------- d-----w- c:\program files\Common Files\iS3
2009-12-21 16:52 . 2009-12-21 16:52 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-12-21 16:52 . 2009-12-21 16:52 438928 ----a-r- c:\windows\system32\SZBase5.dll
2009-12-21 16:44 . 2009-12-21 16:44 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-12-20 23:19 . 2007-01-26 20:44 -------- d-----w- c:\program files\QuickTime
2009-12-20 23:16 . 2009-12-20 23:16 -------- d-----w- c:\program files\Common Files\Apple
2009-12-20 05:33 . 2009-12-20 05:33 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-16 21:05 . 2009-12-22 02:42 340992 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4lnjmn3c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 21:05 . 2009-12-22 02:42 347136 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4lnjmn3c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 21:05 . 2009-12-22 02:42 471040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4lnjmn3c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-16 21:05 . 2009-12-22 02:42 43008 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4lnjmn3c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 21:05 . 2009-12-22 02:42 1452032 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4lnjmn3c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-15 02:10 . 2009-11-22 03:25 12846 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_D3DD076B988600E59BFD1E.exe
2009-12-15 02:10 . 2009-11-22 03:25 12846 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_CA1D36A8BD7C6E8B327132.exe
2009-12-15 02:10 . 2009-11-22 03:25 12846 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_A17D378A7C093FF2005726.exe
2009-12-15 02:10 . 2009-11-22 03:25 12846 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_6FEFF9B68218417F98F549.exe
2009-12-15 02:10 . 2009-11-22 03:25 12846 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_67DB1B8F6A28368D658316.exe
2009-12-15 02:10 . 2009-11-22 03:25 12846 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_64E749EF31745C29AAF314.exe
2009-12-14 15:24 . 2009-12-14 15:24 163600 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2009-12-11 19:55 . 2007-01-28 20:16 -------- d-----w- c:\program files\LimeWire
2009-12-10 21:11 . 2009-12-10 21:11 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 21:11 . 2009-12-10 21:11 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 21:09 . 2009-12-10 21:09 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 21:09 . 2009-12-10 21:09 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 21:08 . 2009-12-10 21:08 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 21:06 . 2009-12-10 21:06 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 21:06 . 2009-12-10 21:06 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 21:05 . 2009-12-10 21:05 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 21:02 . 2009-12-10 21:02 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-09 02:56 . 2009-12-09 02:56 118696 ----a-w- c:\windows\Keyfinder Advanced 2010 (Trial Version) Uninstaller.exe
2009-12-09 02:41 . 2009-12-09 02:41 -------- d-----w- c:\program files\Recover Keys
2009-12-07 21:59 . 2009-12-07 21:59 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 21:59 . 2009-12-07 21:59 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2009-11-22 05:50 . 2009-11-22 05:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 05:48 . 2009-11-22 05:48 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-22 05:35 . 2006-06-16 04:45 88320 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 08:21 . 2006-06-16 04:36 109184 ----a-w- c:\windows\hpoins08.dat
2009-11-19 05:19 . 2009-09-14 19:50 164 ----a-w- c:\windows\install.dat
2009-11-06 20:19 . 2009-11-09 16:25 1563008 ----a-w- c:\windows\WRSetup.dll
2006-08-04 21:59 . 2006-08-04 18:59 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMC"="c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-16 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-16 180269]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-8-17 1447184]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2009-11-20 98304]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-16 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12/14/2009 10:24 AM 163600]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S3 LcAgent;LC Remote Agent;c:\windows\Temp\lcagent.exe --> c:\windows\Temp\lcagent.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 16:59]

2010-01-27 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-31 05:42]

2010-01-26 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2010-01-25 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]

2010-01-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]

2010-01-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-06-16 04:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-TPSvc - TPSvc.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 16:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2248)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\DISC\DiscStreamHub.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\STOPzilla!\STOPzilla.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\windows\system32\dwwin.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\dwwin.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-01-27 17:02:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 22:02

Pre-Run: 148,658,860,032 bytes free
Post-Run: 148,834,746,368 bytes free

- - End Of File - - 150BA91BF66C650F484671E15B595CA7
  • 0

Advertisements

#2
lcpeake
Posted 28 January 2010 - 02:54 PM

lcpeake

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have read the steps several times and still dont understand what to do. That is why I am asking you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP