So, do I, use HiJackthis to remove those three or something else?
ComboFix 11-02-16.01 - Cole 02/19/2011 14:00:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.620 [GMT -5:00]
Running from: c:\documents and settings\Cole\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Cole\My Documents\Downloads\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Cole\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\jGdHbLe03100
c:\documents and settings\All Users\Application Data\jGdHbLe03100\jGdHbLe03100
c:\documents and settings\All Users\Application Data\pGfHhJm15400
c:\documents and settings\All Users\Application Data\pGfHhJm15400\pGfHhJm15400
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome.manifest
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\bing-zugo.xml
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\index.html
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\options.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\options.xul
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\toolbar.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\content\toolbar.xul
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\bing.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\celebrity.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_images.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_maps.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_news.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_video.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_videos.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\drop_web.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\facebook.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\favicon.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\games.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\hotmail.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\lifestyle.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\messenger.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\msn.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\news.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\separator.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\toolbar.css
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\translate.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\twitter.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\video.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\chrome\skin\weather.png
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\components\bingsuggest.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\defaults\preferences\prefs.js
c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\extensions\searchtoolbar@zugo.com\install.rdf
c:\documents and settings\Cole\Local Settings\Temp\IadHide5.dll
.
((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.
2011-02-18 19:18 . 2011-02-18 19:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-02-17 19:30 . 2011-02-17 19:30 -------- d-----w- c:\program files\ESET
2011-02-17 19:14 . 2011-02-17 19:14 -------- d-----w- c:\program files\Common Files\Java
2011-02-17 19:14 . 2011-02-17 19:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-17 19:14 . 2011-02-17 19:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-17 19:14 . 2011-02-17 19:13 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-17 18:57 . 2011-02-17 18:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-17 18:54 . 2011-02-17 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-17 18:46 . 2011-02-17 18:48 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-07 09:03 . 2011-02-07 09:03 388096 ----a-r- c:\documents and settings\Cole\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 09:03 . 2011-02-07 09:03 -------- d-----w- c:\program files\Trend Micro
2011-02-07 04:58 . 2011-02-07 04:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-04 23:09 . 2011-02-04 23:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\.clamwin
2011-02-04 01:30 . 2011-02-04 01:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-04 00:08 . 2011-02-04 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-03 23:49 . 2011-02-03 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC
2011-02-03 23:42 . 2011-02-03 23:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-03 03:09 . 2011-02-03 03:09 0 ----a-w- c:\windows\Dzilaniler.bin
2011-02-03 03:08 . 2011-02-03 03:08 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-03 03:08 . 2011-02-03 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-09 21:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-09 21:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-09 21:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-09 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2010-04-04 21:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2004-08-09 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-09 21:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 23:08 . 2010-04-04 21:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-09 21:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-09 21:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-10 04:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-09 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2007-01-13 08:11 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2007-01-13 08:11 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-01-14 17:30 . 2007-01-14 17:30 1410680 ----a-w- c:\program files\install_flash_player.exe
2007-01-12 16:35 . 2007-01-12 16:34 6820512 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TypingSatellite"="c:\program files\Cosmi\Perfect Typing Pro English\KBOOST.EXE" [2002-01-08 740352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-12-06 86016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-07 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-6 27136]
c:\documents and settings\Cole\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-6 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-9-6 36903]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-1-11 217088]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-6 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-6 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals\\game.dat"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopmStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuInternet Connection Wizard,ShellNext =
hxxp://www2.windstream.net/newuser/benefits/uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\ri2r6ytx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Yontoo Layers:
plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-02-19 14:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-596501174-992397369-2604716157-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,69,cd,a3,64,52,be,42,58,65,51,7c,f8,6a,ab,5f,b5,35,a2,d7,99,8e,c5,
e6,49,47,f8,13,21,70,14,94,19,dc,98,73,05,ae,08,b1,0c,0a,4e,5a,67,fe,3e,40,\
"??"=hex:79,07,a1,33,c9,d7,32,c3,97,30,16,83,4f,61,b3,55
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\progra~1\ALLTEL~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\program files\Cosmi\Perfect Typing Pro English\KBSatellite.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2011-02-19 14:49:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-19 19:49
ComboFix2.txt 2011-02-16 22:21
ComboFix3.txt 2011-02-16 20:06
Pre-Run: 81,984,303,104 bytes free
Post-Run: 82,837,192,704 bytes free
- - End Of File - - 0A1AE36DEBB48836AB9A375B223D0C68