ComboFix 11-05-17.03 - HP_Administrator 05/18/2011 19:39:59.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1398 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\HP_Administrator\2gweorjqjutp92vjy9gake
C:\Documents and Settings\HP_Administrator\Application Data\Oghac\roon.exe
---- Previous Run -------
C:\Documents and Settings\HP_Administrator\Application Data\Oghac
C:\Documents and Settings\HP_Administrator\Application Data\Oghac\roon.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\biu.exe
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
2011-05-15 19:36:52 . 2011-05-15 21:55:45 -------- d-----w- C:\Documents and Settings\HP_Administrator\Application Data\Voxe
2011-05-14 18:45:03 . 2011-05-14 18:45:03 388096 ----a-r- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-14 18:45:03 . 2011-05-14 18:45:03 -------- d-----w- C:\Program Files\Trend Micro
2011-05-05 06:44:08 . 2011-05-05 06:44:08 -------- d-----w- C:\_OTM
2011-05-04 21:33:36 . 2011-04-14 16:26:02 142296 ---ha-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
2011-05-04 21:33:35 . 2011-04-14 16:25:48 781272 ---ha-w- C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2011-05-04 21:33:35 . 2011-04-14 16:25:47 1874904 ---ha-w- C:\Program Files\Mozilla Firefox\mozjs.dll
2011-05-04 21:33:35 . 2011-04-14 16:25:45 15832 ---ha-w- C:\Program Files\Mozilla Firefox\mozalloc.dll
2011-05-04 21:33:35 . 2011-04-14 16:25:44 465880 ---ha-w- C:\Program Files\Mozilla Firefox\libGLESv2.dll
2011-05-04 21:33:35 . 2011-04-14 16:25:43 89048 ---ha-w- C:\Program Files\Mozilla Firefox\libEGL.dll
2011-05-04 21:33:35 . 2010-01-01 08:00:00 1974616 ---ha-w- C:\Program Files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-04 21:33:35 . 2010-01-01 08:00:00 1892184 ---ha-w- C:\Program Files\Mozilla Firefox\d3dx9_42.dll
2011-04-29 00:24:06 . 2011-04-29 00:24:06 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-29 00:24:03 . 2011-04-29 00:24:03 -------- d--h--w- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-05-04 18:57:06 . 2010-10-22 01:40:52 16968 ---ha-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-03-17 05:31:16 . 2010-10-17 16:01:38 137656 ---ha-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-03-07 05:33:50 . 2004-08-10 04:00:00 692736 ---h--w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:45:07 . 2004-08-10 04:00:00 434176 ---h--w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2004-08-10 04:00:00 1857920 ---ha-w- C:\WINDOWS\system32\win32k.sys
2011-04-14 16:26:02 . 2011-05-04 21:33:36 142296 ---ha-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((
SnapShot@2011-05-15_22.04.03 )))))))))))))))))))))))))))))))))))))))))
+ 2011-05-15 22:18:05 . 2011-05-15 22:18:05 16384 C:\WINDOWS\temp\Perflib_Perfdata_494.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19:44 94208 ---ha-w- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19:44 94208 ---ha-w- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19:44 94208 ---ha-w- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-01-11 02:46:07 395640]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 01:20:22 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]
"vKLuVrOIsaEYCN"="C:\Documents and Settings\All Users\Application Data\vKLuVrOIsaEYCN.exe" [BU]
"{0C53291D-D069-B392-C3DD-6C64F6FFE8D8}"="C:\Documents and Settings\HP_Administrator\Application Data\Oghac\roon.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56:34 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 07:19:16 77312]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35:56 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-11-12 04:11:04 1064960]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-11-12 04:10:00 61440]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 17:01:00 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 06:14:00 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 00:29:16 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 10:23:44 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 14:12:54 49152]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 22:06:40 642856]
"Linksys Wireless Manager"="C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 09:44:55 1358384]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 16:41:00 63048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 15:44:34 31072]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30:30 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47:52 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 20:28:22 577536]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 19:24:45 281768]
"HitmanPro35"="C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" [2011-03-06 22:23:03 6449984]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 19:17:46 1226608]
"DivX Download Manager"="C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 21:15:44 63360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 17:49:36 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 17:49:34 932288]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 21:38:18 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-03-07 19:33:40 421160]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34:30 87352 ---ha-w- C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [10/17/2010 12:01:41 PM 136360]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41:00 PM 12856]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;C:\WINDOWS\system32\drivers\WUSB54GCv3.sys [9/2/2009 7:57:03 AM 627072]
S1 SASDIFSV;SASDIFSV;\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SuperAntiSpyware\SASDIFSV.SYS --> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SuperAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SuperAntiSpyware\SASKUTIL.SYS --> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SuperAntiSpyware\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [1/18/2010 7:54:47 PM 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\system32\drivers\ASPI32.SYS [12/3/2010 5:04:13 PM 16512]
S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [2/18/2010 9:29:55 PM 23456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [1/18/2010 7:54:47 PM 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\WINDOWS\system32\drivers\hitmanpro35.sys [10/21/2010 9:40:52 PM 16968]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [9/8/2010 5:22:56 PM 691696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WUAUSERV
Contents of the 'Scheduled Tasks' folder
2011-05-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50:20 . 2009-10-22 15:50:20]
2011-05-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54:47 . 2010-01-18 23:54:41]
2011-05-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54:47 . 2010-01-18 23:54:41]
2011-05-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30:42 . 2009-10-03 19:30:38]
2011-05-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30:42 . 2009-10-03 19:30:38]
2011-05-18 C:\WINDOWS\Tasks\Norton Security Scan for HP_Administrator.job
- C:\PROGRA~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-19 20:59:52 . 2011-04-01 07:23:58]
------- Supplementary Scan -------
uStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktopuSearch Page =
hxxp://www.google.comuDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktopuSearch Bar =
hxxp://www.google.com/iemStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktopuInternet Connection Wizard,ShellNext =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktopuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: trymedia.com
TCP: {4DC2EB99-A323-4564-AD7D-5D29046CCD1C} = 213.109.64.5,213.109.72.21
FF - ProfilePath - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false