ComboFix 10-05-01.04 - Nick 05/02/2010 11:16:20.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.88 [GMT -4:00]
Running from: c:\documents and settings\Nick\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nick\Application Data\02000000f04aec2e879C.manifest
c:\documents and settings\Nick\Application Data\02000000f04aec2e879O.manifest
c:\documents and settings\Nick\Application Data\02000000f04aec2e879P.manifest
c:\documents and settings\Nick\Application Data\02000000f04aec2e879S.manifest
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\chrome.manifest
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\chrome\xulcache.jar
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\defaults\preferences\xulcache.js
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\install.rdf
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\program files\WindowsUpdate
c:\windows\system32\4161385
c:\windows\system32\unrar.exe
c:\windows\Uninstall.ini
.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.
2010-05-01 23:36 . 2010-02-03 23:01 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVENG.SYS
2010-05-01 23:36 . 2010-02-03 23:01 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVEX15.SYS
2010-05-01 23:36 . 2010-02-01 21:05 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVENG32.DLL
2010-05-01 23:36 . 2010-02-01 21:05 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVEX32A.DLL
2010-05-01 23:36 . 2010-02-01 21:05 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\EECTRL.SYS
2010-05-01 23:36 . 2010-02-01 21:05 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\CCERASER.DLL
2010-05-01 23:36 . 2010-02-01 21:05 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\ECMSVR32.DLL
2010-05-01 23:36 . 2010-02-01 21:05 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\ERASER.SYS
2010-04-27 01:12 . 2009-10-28 21:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-27 01:12 . 2009-10-28 21:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-27 01:12 . 2009-10-28 21:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-27 01:12 . 2009-10-28 21:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-27 01:12 . 2009-10-28 21:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-27 00:50 . 2010-04-27 00:52 23109 ----a-w- c:\windows\hpqins15.dat
2010-04-27 00:46 . 2010-04-27 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-04-27 00:44 . 2010-04-27 00:47 77348 ----a-w- c:\windows\hpqins05.dat
2010-04-26 23:18 . 2007-01-17 16:37 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-04-26 23:18 . 2007-01-17 16:37 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-04-26 23:17 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-04-26 23:16 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-04-26 23:16 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-04-26 23:16 . 2007-10-31 10:35 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2010-04-26 23:16 . 2007-10-31 10:35 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2010-04-26 23:16 . 2007-01-17 16:32 294912 ----a-r- c:\windows\system32\hpovst11.dll
2010-04-26 22:52 . 2010-04-26 22:52 -------- d-----w- c:\program files\Common Files\HP
2010-04-26 22:52 . 2010-04-26 22:52 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-26 22:36 . 2010-04-26 23:37 178364 ----a-w- c:\windows\hpwins20.dat
2010-04-26 22:36 . 2008-01-08 12:42 2428 ----a-r- c:\windows\hpwmdl20.dat
2010-04-25 00:59 . 2010-04-25 00:59 52224 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 00:59 . 2010-04-25 00:59 117760 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 00:57 . 2010-04-25 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-25 00:56 . 2010-04-25 00:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-25 00:56 . 2010-04-25 00:56 -------- d-----w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com
2010-04-25 00:56 . 2010-04-25 00:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-24 20:00 . 2010-04-24 20:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-24 19:54 . 2010-04-25 01:22 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-24 19:53 . 2010-04-24 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-24 19:53 . 2010-04-24 19:53 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-21 02:38 . 2010-04-21 02:38 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2010-04-21 02:38 . 2010-04-21 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 02:38 . 2010-04-21 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 21:53 . 2009-10-28 21:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-16 21:53 . 2009-10-28 21:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-16 21:53 . 2009-10-28 21:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-16 21:53 . 2009-10-28 21:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-16 21:53 . 2009-10-28 21:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 19:51 . 2009-12-20 02:25 37464 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-27 19:43 . 2009-12-19 00:31 40144 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 17:19 . 2010-03-27 17:19 -------- d-----w- c:\documents and settings\Nick\Application Data\Revolver Preferences
2010-03-25 23:29 . 2010-02-01 20:46 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-10 06:15 . 1980-01-01 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:03 . 2010-03-09 01:03 -------- d-----w- c:\program files\DivX
2010-03-07 20:09 . 2010-03-07 20:09 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-03-04 20:06 . 2010-03-04 20:06 -------- d-----w- c:\program files\CCleaner
2010-02-25 06:24 . 1980-01-01 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 1980-01-01 04:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 1980-01-01 04:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 02:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 1980-01-01 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 1980-01-01 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 23:51 . 2010-02-01 23:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-01 20:45 . 2010-02-01 20:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-01 20:45 . 2010-02-01 20:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2008-06-30 17:44 . 2009-12-18 19:32 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-03-07 1607272]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-02-22 180224]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-02-22 2889216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2005-03-14 466944]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 16:38 3951976 ----a-w- c:\program files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 23:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\setup\\HPZNUI01.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [3/31/2010 7:05 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [3/31/2010 7:05 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [3/31/2010 7:05 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [3/31/2010 7:05 PM 116784]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [12/16/2009 5:38 PM 375296]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [3/31/2010 6:52 PM 126392]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/2/2010 3:31 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [4/26/2010 9:12 PM 329592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PGFILTER
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-04-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Nick.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-03-31 23:51]
2010-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: {38456A0E-8136-4D07-A64D-05342814BBD4} = 204.186.0.201,207.44.0.1
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.csnphilly.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=_ZYDCV9KMvUsvlyDb3CujA&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce82db&searchfor=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.
enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi
n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-hpqSRMon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-02 11:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(1000)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Completion time: 2010-05-02 11:24:05
ComboFix-quarantined-files.txt 2010-05-02 15:24
Pre-Run: 49,340,088,320 bytes free
Post-Run: 49,318,395,904 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4EDF2F790520DE75535A9F5035B186C1