I hope we are almost done ...Thanx again for all your help! You wonderful people are a God send!
I updated Adobe...uninstalled messenger and downloaded/ran combofix. Here is the log:
ComboFix 11-01-15.01 - jocey 01/16/2011 9:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.348 [GMT -6:00]
Running from: c:\documents and settings\jocey\Desktop\ComboFix.exe
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Netbook Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jocey\Start Menu\Programs\System Tool
c:\documents and settings\jocey\Start Menu\Programs\System Tool\System Tool 2011.lnk
.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.
2011-01-16 15:03 . 2011-01-16 15:03 -------- d-----w- c:\windows\LastGood
2011-01-15 22:45 . 2011-01-15 22:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-15 20:56 . 2011-01-15 22:17 -------- d-----w- c:\windows\ie8updates
2011-01-15 20:50 . 2011-01-15 20:50 -------- d-----w- c:\program files\Trend Micro
2011-01-14 12:05 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-14 12:05 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-01-14 12:04 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-01-14 12:04 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 12:04 . 2010-09-18 06:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2011-01-14 12:04 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-14 12:04 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-01-14 12:04 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2011-01-14 12:04 . 2010-06-21 15:27 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-14 12:04 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2011-01-14 12:04 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2011-01-14 12:04 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-01-14 11:59 . 2009-06-21 21:44 153088 ----a-w- c:\program files\Common Files\Microsoft Shared\Triedit\triedit.dll
2011-01-14 11:59 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-01-14 11:54 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-14 11:52 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-14 11:52 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:22 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-01-13 02:29 . 2010-11-06 00:26 5959168 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2011-01-13 02:29 . 2010-11-06 00:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-13 02:29 . 2010-11-06 00:26 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-01-13 02:29 . 2010-11-02 15:17 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-01-13 02:29 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-13 02:27 . 2010-04-27 13:59 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 02:27 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 02:27 . 2010-04-27 13:05 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-13 02:27 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 02:27 . 2010-04-27 13:05 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 02:25 . 2008-05-08 14:02 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-01-13 02:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-01-13 02:25 . 2008-05-01 14:33 331776 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-01-13 02:25 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-01-13 02:22 . 2011-01-16 15:03 -------- d-----w- c:\windows\system32\drivers\NIS\1107000.00C
2011-01-13 02:21 . 2010-03-10 06:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-13 02:21 . 2010-03-10 06:15 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2011-01-13 02:19 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-01-13 02:18 . 2010-10-11 14:59 45568 ----a-w- c:\program files\Outlook Express\wab.exe
2011-01-13 02:18 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-13 02:18 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2011-01-13 02:18 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-13 02:18 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-01-12 01:32 . 2011-01-12 01:32 -------- d-----w- C:\found.000
2011-01-12 01:03 . 2011-01-16 15:04 -------- d--h--w- c:\windows\$hf_mig$
2011-01-11 23:16 . 2010-06-18 13:36 3558912 ----a-w- c:\program files\Movie Maker\moviemk.exe
2011-01-11 23:16 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-01-11 21:40 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 21:40 . 2011-01-11 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-11 21:39 . 2011-01-11 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 21:39 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 20:20 . 2011-01-11 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-11 20:19 . 2011-01-11 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-11 19:54 . 2011-01-11 19:54 -------- d-----w- c:\program files\CCleaner
2011-01-11 19:47 . 2011-01-11 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-11 19:47 . 2010-11-03 21:57 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-01-11 19:47 . 2010-11-03 21:55 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-01-11 19:47 . 2010-11-03 21:55 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-01-11 19:47 . 2010-11-03 21:52 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-01-11 19:47 . 2011-01-16 15:10 -------- d-----w- c:\program files\Online Armor
2010-12-26 22:57 . 2010-12-26 23:06 -------- d-----w- c:\documents and settings\Administrator
2010-12-26 22:03 . 2010-12-26 22:32 -------- d-----w- c:\program files\PC Tools Security
2010-12-26 22:03 . 2010-12-26 22:32 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-26 21:54 . 2010-12-26 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-12-26 21:44 . 2010-12-26 22:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-26 20:32 . 2010-12-26 20:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-26 20:32 . 2010-12-26 21:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-26 20:32 . 2010-12-26 20:32 -------- d-----w- c:\program files\Symantec
2010-12-26 20:32 . 2010-12-26 20:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 23:01 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-25 23:01 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-25 23:01 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-25 23:01 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-25 23:00 . 2011-01-11 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\fPhCc06305
2010-12-25 23:00 . 2010-12-25 23:00 -------- d-----w- c:\windows\Sun
2010-12-25 22:14 . 2010-02-04 20:32 259584 ----a-w- c:\windows\system32\bcdedit.exe
2010-12-25 22:14 . 2010-12-25 22:14 -------- d-----w- C:\Boot
2010-12-25 22:13 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- C:\WildTangent
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- C:\Users
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyhook Wireless
2010-12-25 22:13 . 2010-12-25 22:13 -------- d-----w- c:\program files\DIFX
2010-12-25 22:13 . 2010-02-17 07:11 13568 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2010-12-25 22:12 . 2010-12-25 22:12 -------- d-----w- c:\program files\Skyhook Wireless
2010-12-25 22:11 . 2010-12-25 22:11 -------- d-----w- c:\program files\HP Webcam
2010-12-25 22:11 . 2010-03-10 03:17 217088 ----a-w- c:\windows\system32\ACamPropertyPage.dll
2010-12-25 22:11 . 2010-03-03 20:39 363904 ----a-w- c:\windows\system32\drivers\cam3820a.sys
2010-12-25 22:11 . 2010-03-02 21:51 212992 ----a-w- c:\windows\system32\cocam3820.dll
2010-12-25 22:11 . 2010-03-02 21:51 110592 ----a-w- c:\windows\system32\cam3820n.ax
2010-12-25 22:11 . 2010-03-01 15:54 1323296 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-12-25 22:11 . 2010-03-01 15:50 238880 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-25 22:11 . 2010-12-25 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-12-25 22:10 . 2011-01-13 03:22 -------- d-----w- c:\documents and settings\jocey
2010-12-25 22:08 . 2010-08-27 02:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 22:08 . 2010-08-27 04:54 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-12-25 22:08 . 2010-08-27 03:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-12-25 22:08 . 2010-08-27 02:34 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-12-25 22:08 . 2010-08-27 01:37 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2010-12-25 18:35 . 2008-04-14 06:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-25 18:19 . 2010-12-25 18:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-25 17:59 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-25 17:59 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-25 17:57 . 2010-12-25 17:57 -------- d-----w- c:\program files\iPod
2010-12-25 17:56 . 2010-12-25 17:59 -------- d-----w- c:\program files\iTunes
2010-12-25 17:56 . 2010-12-25 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-25 17:55 . 2010-12-25 17:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-25 17:52 . 2010-12-25 17:55 -------- d-----w- c:\program files\QuickTime
2010-12-25 17:51 . 2010-12-25 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-25 17:51 . 2010-12-25 17:51 -------- d-----w- c:\program files\Apple Software Update
2010-12-25 17:50 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-25 17:50 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-25 17:49 . 2010-12-25 17:49 -------- d-----w- c:\program files\Bonjour
2010-12-25 17:48 . 2010-12-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-25 17:48 . 2010-12-25 17:57 -------- d-----w- c:\program files\Common Files\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-11-18 18:12 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2010-11-09 14:52 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-10-28 13:13 . 2010-10-28 13:13 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2010-10-26 13:25 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-25 1733]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skyhook Wireless XPS Service"="c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe" [2010-04-02 632136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 141336]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 173592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-11-03 2345000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-11-03 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP CloudDrive\\zumodrive.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Java(TM) Platform SE binary
"8182:TCP"= 8182:TCP:Java(TM) Platform SE binary
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/26/2010 10:26 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/26/2010 10:26 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys [8/26/2010 8:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys [8/26/2010 8:49 PM 169008]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [12/28/2009 12:17 AM 106096]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [8/26/2010 8:49 PM 501888]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [11/11/2009 2:09 PM 18136]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/11/2011 1:47 PM 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/11/2011 1:47 PM 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/11/2011 1:47 PM 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/11/2011 1:47 PM 29272]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/26/2010 10:26 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [1/12/2011 8:22 PM 116784]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2/4/2010 3:00 PM 211440]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [4/12/2010 8:37 PM 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [4/5/2010 12:12 PM 103992]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [8/26/2010 8:49 PM 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/11/2011 1:47 PM 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/11/2011 1:47 PM 3652696]
R2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [4/1/2010 8:04 PM 699720]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/26/2010 9:06 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [12/25/2010 4:11 PM 363904]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/26/2010 9:10 PM 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/12/2011 8:24 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110114.002\IDSXpx86.sys [1/15/2011 2:57 PM 341944]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [8/26/2010 9:08 PM 230944]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/25/2010 4:11 PM 1323296]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\drivers\XPSVCOM.sys [2/4/2010 12:07 AM 12416]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2010-03-26 23:27 200769 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\QuickLaunch.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
2011-01-15 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2010-02-04 21:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-AESTFltr - c:\windows\system32\AESTFltr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-16 09:53
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-01-16 10:04:28
ComboFix-quarantined-files.txt 2011-01-16 16:04
Pre-Run: 137,427,267,584 bytes free
Post-Run: 137,535,344,640 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9AA66AC165750B17516075E855893A12