Note: I did upgrade .net Framwork to 3.5 this a.m. and Win Xp to SP3 prior to running Combo Fix
Thankyou.
ComboFix 11-06-06.01 - HP_Administrator 06/06/2011 10:51:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}\Setup.ico
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\HP_Administrator.KIMMIESDESKTOP\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\Internet download 2\dotnetfx.exe
c:\documents and settings\Internet download 2\dotnetfx35setup.exe
c:\documents and settings\Internet download 2\NDP1.1sp1-KB867460-X86.exe
c:\documents and settings\Internet download 2\NetFx20SP2_x86.exe
c:\documents and settings\Internet download 2\WindowsXP-KB936929-SP3-x86-ENU.exe
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\program files\INSTALL.LOG
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 15:42 . 2011-06-06 15:42 -------- d-----w- C:\Combo-Fix
2011-06-06 15:15 . 2011-06-06 15:15 -------- d-----w- c:\windows\LastGood
2011-06-06 14:50 . 2006-12-29 05:31 19569 ----a-w- c:\windows\006586_.tmp
2011-06-06 14:29 . 2011-06-06 14:29 -------- d-----w- C:\d9a9e00988820de0d226
2011-06-06 13:00 . 2011-06-06 13:39 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-06 12:23 . 2011-06-06 16:03 -------- d-----w- c:\documents and settings\Internet download 2
2011-06-01 14:59 . 2011-06-01 14:59 1955704 ----a-w- c:\documents and settings\lotrostandard.exe
2011-06-01 14:25 . 2011-06-01 15:03 1955696 ----a-w- c:\documents and settings\lotrohigh.exe
2011-05-11 23:55 . 2011-05-11 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-11 23:55 . 2011-05-11 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-11 22:16 . 2011-05-11 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-11 22:16 . 2011-05-11 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-11 22:15 . 2011-05-11 22:15 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-05-11 17:07 . 2011-06-06 16:03 -------- d-----w- c:\documents and settings\HP_Administrator.KIMMIESDESKTOP
2011-05-11 15:47 . 2011-05-11 20:53 -------- d-----w- c:\program files\Quicken
2011-05-11 15:45 . 2011-05-11 20:53 -------- d-----w- c:\program files\Netscape
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\Norton Internet Security
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\music_now
2011-05-11 15:44 . 2011-05-11 20:53 -------- d-----w- c:\program files\MSN Encarta Standard
2011-05-11 15:43 . 2011-05-11 20:53 -------- d-----w- c:\program files\Microsoft Money 2006
2011-05-11 15:43 . 2011-05-11 20:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-11 15:43 . 2011-05-11 20:53 -------- d---a-w- c:\program files\IntelliMoverDemo
2011-05-11 15:42 . 2011-05-11 20:53 -------- d-----w- c:\program files\HP Rhapsody
2011-05-11 15:40 . 2011-05-11 20:53 -------- d-----w- c:\program files\EnglishOtto
2011-05-11 15:40 . 2011-05-11 20:53 -------- d-----w- c:\program files\DISC
2011-05-11 15:39 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2011-05-11 15:39 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\muvee Technologies
2011-05-11 15:38 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\L&H
2011-05-11 15:38 . 2011-05-11 20:53 -------- d-----w- c:\program files\Common Files\Intuit
2011-05-11 15:38 . 2011-05-11 17:07 -------- d-sh--w- c:\documents and settings\All Users\DRM
2011-05-11 15:36 . 2011-05-11 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2011-05-11 15:34 . 2011-06-06 14:55 -------- d-----w- c:\windows\WinSxS
2011-05-11 15:28 . 2011-06-06 15:59 -------- d-----w- c:\windows\system32
2011-05-09 22:24 . 2011-05-09 22:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-09 22:01 . 2011-05-10 02:13 -------- d-----w- c:\program files\PeaZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 14:57 . 2011-06-06 14:57 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-06-06 14:57 . 2011-06-06 14:57 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2011-06-06 14:57 . 2011-06-06 14:57 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-06-06 14:57 . 2011-06-06 14:57 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2011-06-06 14:57 . 2011-06-06 14:57 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2011-06-06 14:57 . 2011-06-06 14:57 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2011-06-06 14:57 . 2011-06-06 14:57 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2011-06-06 14:57 . 2011-06-06 14:57 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2011-06-06 14:57 . 2011-06-06 14:57 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-11-01 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-10 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-10 36903]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58689:TCP"= 58689:TCP:Pando Media Booster
"58689:UDP"= 58689:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\ALSysIO.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:27]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 02:27]
.
2011-06-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
- c:\program files\Norton Security Suite\Engine\4.3.0.5\navw32.exe [2011-01-02 19:24]
.
2011-06-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-6705849-725214820-36267587-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-6705849-725214820-36267587-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2006-02-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-02-11 05:21]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{D09DF036-10F8-45D4-B7A8-E6BA73B8C240}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-06-06 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.KIM\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\devldr32.exe
c:\windows\ARPWRMSG.EXE
c:\program files\DISC\DiscGui.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2011-06-06 11:23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 16:23
.
Pre-Run: 23,057,649,664 bytes free
Post-Run: 24,151,175,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 59C01E8795B1340CD07433F4968A71F9