Thread: Malware removal
View Single Post
Old 06-25-2009, 10:29 AM   #3 (permalink)
DOCDAIZY
Registered User
 
Join Date: Jun 2009
Posts: 10
OS: xp


Re: Malware removal
Thank you for your help!! So far so good I can get on itunes again!!! Thank you Thank you!!



ComboFix 09-06-24.05 - HP_Administrator 06/25/2009 8:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.257 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\windows\system32\sysloc
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002553A
c:\program files\MyWebSearch\bar\Cache\00050F69.bin
c:\program files\MyWebSearch\bar\Cache\0006FF42
c:\program files\MyWebSearch\bar\Cache\00D100D2.bin
c:\program files\MyWebSearch\bar\Cache\00D18DEF.bin
c:\program files\MyWebSearch\bar\Cache\00D22A7D.bin
c:\program files\MyWebSearch\bar\Cache\00D2929D.bin
c:\program files\MyWebSearch\bar\Cache\066526A8
c:\program files\MyWebSearch\bar\Cache\0E3F8590.bin
c:\program files\MyWebSearch\bar\Cache\0E3FE2B4.bin
c:\program files\MyWebSearch\bar\Cache\0E400B89.bin
c:\program files\MyWebSearch\bar\Cache\0E402143.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\9g2234wesdf3dfgjf23
c:\windows\f23567.dat
c:\windows\kb913800.exe
c:\windows\ld08.exe
c:\windows\msmark2.dat
c:\windows\patch.exe
c:\windows\sonce122714.dat
c:\windows\sonce122739.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\sysloc\sysloc.dll
D:\Autorun.inf
D:\Desktop.ini
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-06-25 00:38 . 2009-06-25 15:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MioNet
2009-06-25 00:37 . 2009-06-25 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WD
2009-06-25 00:28 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-25 00:28 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-25 00:27 . 2009-06-25 00:27 -------- d-----w- c:\program files\Picasa2
2009-06-25 00:20 . 2009-06-25 00:20 2238 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\NewShortcut4_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\STOP_MIONET_SM_SHO_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_DESKT_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_SM_SH_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\ARPPRODUCTICON.exe
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\MioNet
2009-06-25 00:18 . 2009-06-25 00:42 -------- d-----w- c:\program files\MioNet
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\Common Files\eSellerate
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\WD
2009-06-25 00:01 . 2009-06-25 00:01 -------- d-----w- c:\program files\Western Digital
2009-06-18 15:41 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-06-18 15:41 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-06-18 15:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-18 05:11 . 2009-06-18 05:11 -------- d-----w- c:\program files\iPod
2009-06-18 05:11 . 2009-06-18 05:12 -------- d-----w- c:\program files\iTunes
2009-06-18 05:04 . 2009-06-18 05:05 -------- d-----w- c:\program files\QuickTime
2009-06-11 00:42 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-08 18:03 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 18:03 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-08 18:02 . 2009-06-08 18:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\magicJack
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 17:24 . 2009-05-28 17:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\tjnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 15:31 . 2005-11-11 01:02 -------- d-----w- c:\program files\Symantec
2009-06-25 00:38 . 2005-11-11 00:30 87448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 00:24 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2009-06-23 17:24 . 2008-04-16 16:03 -------- d-----w- c:\program files\Flock
2009-06-18 15:42 . 2009-05-18 18:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-06-18 05:11 . 2007-07-14 20:10 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 04:54 . 2007-07-14 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 18:42 . 2009-03-26 05:21 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-03-26 05:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-01 00:32 . 2007-09-21 20:58 -------- d-----w- c:\program files\Bodog Poker
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 22:44 . 2007-07-14 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-04-29 17:36 . 2009-04-29 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 04:56 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 20:26 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2009-04-26 20:23 . 2009-04-26 20:23 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 04:20 . 2009-04-25 04:20 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
2009-06-25 00:25 . 2009-06-25 00:25 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2008-06-29 01:30 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-06-29 01:30 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-06-29 01:30 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-06-29 01:30 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-06-29 01:30 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]
"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-09-18 32768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 1838592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-26 4865600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824]
R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 2:52 PM 139264]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [3/5/2004 12:53 PM 190480]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [2/17/2004 3:57 PM 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2004 12:53 PM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2/17/2004 3:58 PM 204873]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2006-03-21 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2009-06-25 c:\windows\Tasks\WebReg psc 2350 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 15:21]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-PCDrProfiler - (no file)
Notify-WgaLogon - (no file)
SafeBoot-svcWRSSSDK


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(6840)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\ehmsas.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
c:\hp\KBD\kbd.exe
c:\windows\ALCXMNTR.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-06-25 9:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 16:01

Pre-Run: 155,952,533,504 bytes free
Post-Run: 159,414,235,136 bytes free

370 --- E O F --- 2009-06-11 10:15
DOCDAIZY is offline