Log file from the results of a second CF scan as follows.
ComboFix 11-07-24.01 - HP_Administrator 07/24/2011 11:42:34.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1677 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-20 18:37 . 2011-07-20 18:59 -------- d-----w- c:\program files\Uninstall Gold
2011-07-19 23:44 . 2011-07-19 23:44 -------- d-----w- C:\_OTL
2011-07-18 22:38 . 2011-07-18 22:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-07-18 22:37 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 22:37 . 2011-07-18 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-18 22:37 . 2011-07-18 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-18 22:37 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-18 21:15 . 2011-07-18 21:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-07-18 21:15 . 2011-07-18 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-18 21:15 . 2011-07-18 21:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-18 20:42 . 2011-07-18 20:42 -------- d-----w- c:\program files\CCleaner
2011-07-18 17:40 . 2011-07-18 17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-15 21:00 . 2011-07-15 21:00 -------- d-----w- c:\program files\Microsoft Games
2011-07-15 20:55 . 2011-07-15 20:55 -------- d-----w- C:\Softpaq
2011-07-01 20:36 . 2011-07-01 20:36 258536 ----a-w- c:\windows\system32\AdventureTime_SS_win.scr
2011-07-01 20:36 . 2011-07-15 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2011-07-01 20:36 . 2011-07-01 20:36 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Screentime
2011-06-30 02:11 . 2011-06-30 02:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Tific
2011-06-30 02:11 . 2011-06-30 02:11 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Symantec
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-06-30 01:46 . 2011-06-30 02:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-06-29 05:14 . 2011-07-13 17:58 -------- d--h--w- c:\windows\$hf_mig$
2011-06-25 15:06 . 2011-06-25 15:06 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 23:04 . 2003-03-19 11:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-29 23:04 . 2003-02-21 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-02 15:31 . 2004-08-10 12:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-10 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv(2).dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-20_02.38.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-02 16:09 . 2008-04-14 00:12 24064 c:\windows\system32\evntcmd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-12-14 16:06 3424488 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-12-14 16:06 3424488 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-12-14 16:06 3424488 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RECGUARD"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-23 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Online Services\\MSN90\\LaunchMsn.exe"=
"c:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58702:TCP"= 58702:TCP:Pando Media Booster
"58702:UDP"= 58702:UDP:Pando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 6:15 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 6:15 PM 173104]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [7/5/2011 3:14 PM 810616]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 6:15 PM 501888]
S1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [3/20/2010 1:20 PM 54776]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/12/2011 5:55 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 6:15 PM 116784]
S2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 9:02 AM 45896]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 6:15 PM 126392]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;"c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe" --> c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/15/2011 6:32 PM 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110716.031\IDSXpx86.sys [7/20/2011 12:10 PM 355256]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [12/23/2005 6:25 PM 468768]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\User_Feed_Synchronization-{8608F082-A3FB-40A2-906A-F2ABDC7FCE9F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#290095
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.77.134 68.87.72.134
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-07-24 11:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(692)
c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
c:\program files\SecureBackupShare\LIBEAY32.dll
.
Completion time: 2011-07-24 12:12:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-24 16:11
ComboFix2.txt 2011-07-20 02:51
.
Pre-Run: 171,799,588,864 bytes free
Post-Run: 171,807,383,552 bytes free
.
- - End Of File - - 13DD8DFBE44BCCA8E185C505D17B42D1