(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 20:57 . 2005-10-12 02:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 03:03 . 2005-10-12 01:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:59 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-07-14 04:49 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 04:49 . 2009-07-14 04:49 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-07-14 04:49 . 2009-07-14 04:49 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-07-14 04:49 . 2009-07-14 04:49 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-07-14 04:49 . 2009-07-14 04:49 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-07-14 04:49 . 2009-07-14 04:49 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-07-14 04:49 . 2009-07-14 04:49 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-07-14 01:34 . 2007-11-18 19:57 -------- d-----w- c:\program files\Zune
2009-07-13 22:43 . 2009-02-16 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:50 . 2009-07-13 21:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-07-13 21:47 . 2009-07-13 21:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-13 21:08 . 2005-10-12 02:18 -------- d-----w- c:\program files\Norton Internet Security
2009-07-13 20:50 . 2005-10-12 02:16 -------- d-----w- c:\program files\Symantec
2009-07-13 20:38 . 2009-07-13 16:20 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Symantec
2009-07-13 16:23 . 2009-07-13 16:20 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
2009-07-13 16:22 . 2009-07-13 16:22 1961 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED842AA-ABA M7250N_YC_0Pavi_QMXK541_E54NAemMPC2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.08_T050912_WXP2_L409_M1023_J250_7Intel_8Pentium D_92.8_#051218_N808627DC_Z11C1048C_G10025B60.MRK
2009-07-13 16:22 . 2005-10-12 02:09 -------- d-----w- c:\program files\Easy Internet signup
2009-07-13 02:16 . 2007-05-23 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-13 02:07 . 2007-05-23 17:53 -------- d-----w- c:\program files\McAfee
2009-07-12 15:33 . 2007-09-19 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-05 22:18 . 2008-12-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-05 22:17 . 2005-12-26 14:02 115160 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 18:29 . 2009-04-05 19:49 -------- d-----w- c:\program files\Starcraft
2009-07-03 18:28 . 2008-02-24 19:20 -------- d--h--w- c:\documents and settings\HP_Administrator\Application Data\ijjigame
2009-07-03 18:27 . 2009-04-05 18:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 20:32 . 2009-03-29 16:41 -------- d-----w- c:\program files\Vuze
2009-06-28 18:48 . 2008-09-19 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2009-06-16 20:17 . 2009-03-29 16:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-16 14:36 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 21:14 . 2007-07-20 18:44 -------- d-----w- c:\program files\DivX
2009-06-09 21:13 . 2009-06-09 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 19:09 . 2004-08-10 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 20:36 . 2009-05-21 02:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-05-21 20:20 . 2009-05-08 00:42 -------- d-----w- c:\program files\NCH Software
2009-05-21 20:18 . 2009-05-21 02:10 -------- d-----w- c:\program files\LimeWire
2009-05-21 16:30 . 2009-05-21 16:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-05-21 02:11 . 2009-05-21 02:11 20480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 02:11 . 2009-05-21 02:11 18944 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 02:11 . 2009-05-21 02:11 17408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 02:11 . 2009-05-21 02:11 8192 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 02:11 . 2009-05-21 02:11 20480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 15:14 . 2009-02-11 01:27 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 49768]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-12 180269]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-07-13 100056]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-10 61440]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-11 36903]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46]
2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 06:33]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]
2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]
2009-07-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-07-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 05:15]
2009-07-17 c:\windows\Tasks\wrSpySweeper_LDF53BDAFCFB443A89FAF85DAD1AC0362.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-12-31 17:19]
2009-07-17 c:\windows\Tasks\wrSpySweeper_LDF53BDAFCFB443A89FAF85DAD1AC0362.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-12-31 17:19]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=secondusermSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruSearchURL,(Default) =
hxxp://www.google.com/keyword/%sIE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-18 14:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Java\jre1.5.0\bin\jusched.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-07-18 14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 21:23
Pre-Run: 105,761,423,360 bytes free
Post-Run: 107,082,805,248 bytes free
395 --- E O F --- 2009-07-17 09:18