ComboFix 07-12-07.3 - Kari McGrath 2007-12-07 21:05:14.1 - NTFSx86
Running from: C:\Documents and Settings\Kari McGrath\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\family\Application Data\DOBE~1
C:\Documents and Settings\family\My Documents\WNSXS~1
C:\Documents and Settings\Kari McGrath\Application Data\ASEMBL~1
C:\Program Files\asks~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\
00799F21.urr
C:\Program Files\FunWebProducts\Shared\
005D80D4.dat
C:\Program Files\FunWebProducts\Shared\
016EF9CD.dat
C:\Program Files\FunWebProducts\Shared\Cache\CheckersAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\ChessAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\EnableDisableAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\NoSettingAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\ReversiAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL_tobedeleted
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\
0003A77C
C:\Program Files\MyWebSearch\bar\Cache\
0004CCC2
C:\Program Files\MyWebSearch\bar\Cache\
000650A3.bin
C:\Program Files\MyWebSearch\bar\Cache\
00065BEE.bin
C:\Program Files\MyWebSearch\bar\Cache\
0007A3B0.bin
C:\Program Files\MyWebSearch\bar\Cache\
001AE725.bin
C:\Program Files\MyWebSearch\bar\Cache\
001AF389.bin
C:\Program Files\MyWebSearch\bar\Cache\
001AF473.bin
C:\Program Files\MyWebSearch\bar\Cache\
001AF54E.bin
C:\Program Files\MyWebSearch\bar\Cache\
0024322C.bin
C:\Program Files\MyWebSearch\bar\Cache\
0024343F.bin
C:\Program Files\MyWebSearch\bar\Cache\
00243568.bin
C:\Program Files\MyWebSearch\bar\Cache\
0024422A
C:\Program Files\MyWebSearch\bar\Cache\
0039817F.bin
C:\Program Files\MyWebSearch\bar\Cache\
00398353.bin
C:\Program Files\MyWebSearch\bar\Cache\
00398641.bin
C:\Program Files\MyWebSearch\bar\Cache\
00398A1A.bin
C:\Program Files\MyWebSearch\bar\Cache\
0039BE97.bin
C:\Program Files\MyWebSearch\bar\Cache\
0039BFD0.bin
C:\Program Files\MyWebSearch\bar\Cache\
0039C0BA.bin
C:\Program Files\MyWebSearch\bar\Cache\
003AA6F4.bin
C:\Program Files\MyWebSearch\bar\Cache\
016E4ED7
C:\Program Files\MyWebSearch\bar\Cache\
016E5B2B.bin
C:\Program Files\MyWebSearch\bar\Cache\
016E5C73.bin
C:\Program Files\MyWebSearch\bar\Cache\
016E5DDB.bin
C:\Program Files\MyWebSearch\bar\Cache\
016E5F52.bin
C:\Program Files\MyWebSearch\bar\Cache\
017B8FC9
C:\Program Files\MyWebSearch\bar\Cache\
02DB28B2.bin
C:\Program Files\MyWebSearch\bar\Cache\
02DB2A39.bin
C:\Program Files\MyWebSearch\bar\Cache\
02DB2B33.bin
C:\Program Files\MyWebSearch\bar\Cache\156EB941
C:\Program Files\MyWebSearch\bar\Cache\1D8FBC55
C:\Program Files\MyWebSearch\bar\Cache\2D19067D
C:\Program Files\MyWebSearch\bar\Cache\45B4B84A
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\racle~1
C:\Program Files\stem~1
C:\Program Files\wnsxs~1
C:\Program Files\ystem~1
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\dobe~1
C:\WINDOWS\mbols~1
C:\WINDOWS\racle~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ymbols~1
C:\Program Files\MyWebSearch
.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.
2007-12-06 19:00 . 2007-12-06 19:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-05 22:31 . 2007-12-05 22:31 <DIR> d-------- C:\WINDOWS\system32\backuped
2007-12-05 22:31 . 2007-12-05 22:34 <DIR> d-------- C:\Program Files\True Sword 4
2007-12-05 22:31 . 2007-12-05 22:31 <DIR> d-------- C:\Documents and Settings\Kari McGrath\Application Data\True Sword
2007-12-04 19:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-04 18:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-04 18:55 . 2007-12-04 18:55 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-04 07:00 . 2007-08-20 04:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-04 07:00 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-04 07:00 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-04 07:00 . 2007-08-20 04:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-04 07:00 . 2007-08-20 04:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-04 07:00 . 2007-08-20 04:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-04 07:00 . 2007-08-20 04:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-04 07:00 . 2007-08-20 04:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-04 07:00 . 2007-08-17 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-04 06:52 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 20:25 . 2007-11-25 20:25 <DIR> d-------- C:\Program Files\MalwareAlarm
2007-11-25 20:25 . 2007-11-25 20:25 1,149,472 --a------ C:\Install
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 02:46 --------- d-----w C:\Program Files\Plaxo
2007-12-08 02:46 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-07 02:01 --------- d-----w C:\Program Files\LimeWire
2007-12-06 03:34 --------- d-----w C:\Program Files\Symantec
2007-12-06 03:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-06 03:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-06 03:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-06 00:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 00:57 --------- d-----w C:\Program Files\Java
2007-12-05 00:40 --------- d-----w C:\Program Files\Yahoo! Games
2007-12-04 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-18 17:55 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-31 01:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-31 01:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-31 01:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-31 01:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-31 01:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-31 01:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-31 01:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-31 01:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-31 01:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2006-07-28 16:57 280,064 ----a-w C:\Documents and Settings\family\Application Data\tizhook.bin
2005-10-26 01:01 179,246 --sha-w C:\WINDOWS\Cursors\cagmi.ini2
2005-10-24 00:45 375,820 --sha-w C:\WINDOWS\Cursors\cagmi.bak2
2005-08-31 02:41 178,679 --sha-w C:\WINDOWS\Cursors\cagmi.bak1
2005-08-31 02:41 178,679 --sha-w C:\WINDOWS\Cursors\cagmi.bak1
2005-10-24 00:45 375,820 --sha-w C:\WINDOWS\Cursors\cagmi.bak2
2005-10-26 01:01 179,246 --sha-w C:\WINDOWS\Cursors\cagmi.ini2
2005-06-19 19:30 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe" [2007-10-10 15:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Registry Defender"="C:\Program Files\Registry Defender Trial\RegClean.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 18:08]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35]
"MalwareAlarm"="C:\Program Files\MalwareAlarm\MalwareAlarm.exe" [2007-11-25 20:25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 15:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 09:46]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 09:32]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"HostManager"="C:\Program Files\Common Files\AOL\1137125262\ee\AOLHostManager.exe" [2006-04-20 11:10]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22]
"pi"="C:\WINDOWS\system32\pi.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"pi"="C:\WINDOWS\system32\pi.exe" []
"bbdlaa"="C:\WINDOWS\system32\bbdlaa.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
C:\Documents and Settings\Kari McGrath\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-08-09 13:22:03]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-01-19 15:33:05]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digimax Viewer 2.0.lnk - C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2005-09-11 18:00:09]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 02:47:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq]
awvtq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\imgac]
C:\WINDOWS\Cursors\imgac.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windos]
C:\WINDOWS\msagent\intl\windos.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 19:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-05-17 03:01:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2007-12-08 03:00:17 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Kari McGrath.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-07 21:14:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-07 21:17:15 - machine was rebooted
.
--- E O F ---