ComboFix 10-08-05.02 - HP_Administrator 08/05/2010 17:21:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\combo-fix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome.manifest
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome\content\_cfg.js
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome\content\overlay.xul
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\install.rdf
c:\documents and settings\HP_Administrator\Recent\Thumbs.db
c:\hp\bin\cloaker.exe
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\18467.exe
c:\windows\system32\6334.exe
D:\Autorun.inf
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.
2010-08-06 00:26 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-08-06 00:26 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-08-06 00:16 . 2010-08-06 00:17 -------- d-----w- C:\32788R22FWJFW
2010-08-05 08:58 . 2010-08-05 23:58 -------- d-----w- C:\combo-fix
2010-08-04 05:32 . 2010-08-04 05:32 -------- d-----w- C:\_OTS
2010-08-03 03:08 . 2010-08-03 03:08 -------- d-----w- c:\program files\AML Products
2010-08-02 07:01 . 2010-08-02 07:01 503808 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\msvcp71.dll
2010-08-02 07:01 . 2010-08-02 07:01 499712 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\jmc.dll
2010-08-02 07:01 . 2010-08-02 07:01 348160 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\msvcr71.dll
2010-08-02 07:01 . 2010-08-02 07:01 12800 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68bf097c-n\decora-d3d.dll
2010-08-02 07:01 . 2010-08-02 07:01 61440 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68bf097c-n\decora-sse.dll
2010-08-02 01:53 . 2010-08-02 01:53 -------- d-----w- c:\documents and settings\Guest.ERIC\Application Data\pandasecuritytb
2010-07-31 05:23 . 2010-07-31 05:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2010-07-30 17:47 . 2010-07-30 17:47 -------- d-----w- C:\found.000
2010-07-29 13:39 . 2010-07-29 13:39 323824 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-07-27 09:20 . 2010-08-04 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SurfSecret Privacy Suite
2010-07-27 09:19 . 2010-08-04 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\pandasecuritytb
2010-07-27 09:19 . 2010-07-27 09:19 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-07-27 09:18 . 2010-07-27 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-07-27 05:56 . 2010-06-03 18:41 387904 ----a-w- c:\documents and settings\HP_Administrator\StubInstaller.exe
2010-07-21 09:44 . 2010-07-21 09:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-16 11:17 . 2010-07-16 11:17 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-09 08:56 . 2010-07-21 09:43 -------- d-----w- c:\program files\TuneUpMedia
2010-07-09 08:56 . 2010-08-04 08:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TuneUpMedia
2010-07-09 08:55 . 2010-07-09 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-07-08 09:10 . 2010-07-08 09:10 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-08 09:10 . 2010-07-08 09:10 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 20:00 . 2008-08-27 05:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 18:17 . 2006-06-18 04:13 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 18:10 . 2006-06-18 04:13 -------- d-----w- c:\program files\Java
2010-07-30 22:44 . 2010-06-12 18:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NeopleLauncherDFO
2010-07-30 22:41 . 2010-06-12 18:26 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-07-28 07:23 . 2008-07-27 23:44 -------- d-----w- c:\program files\Steam
2010-07-28 01:44 . 2006-06-18 04:44 97432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:20 . 2009-12-06 22:55 -------- d-----w- c:\program files\Panda Security
2010-07-21 09:51 . 2007-08-13 01:11 -------- d-----w- c:\program files\iTunes
2010-07-21 09:50 . 2007-08-13 01:11 -------- d-----w- c:\program files\iPod
2010-07-21 09:50 . 2007-08-13 01:10 -------- d-----w- c:\program files\Common Files\Apple
2010-07-17 12:00 . 2010-04-24 09:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 04:42 . 2009-10-04 05:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2010-07-12 04:42 . 2009-10-04 05:25 -------- d-----w- c:\program files\Vuze
2010-07-09 08:30 . 2009-12-06 23:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2010-07-04 21:55 . 2006-06-18 04:44 -------- d-----w- c:\program files\music_now
2010-07-04 21:55 . 2007-10-20 20:03 -------- d-----w- c:\program files\mIRC
2010-07-04 13:32 . 2007-12-09 01:33 -------- d-----w- c:\program files\Cheat Engine
2010-07-04 03:25 . 2010-07-04 03:25 -------- d-----w- c:\program files\Bonjour
2010-06-29 22:20 . 2010-06-22 21:23 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-29 21:52 . 2010-06-23 04:43 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-28 07:57 . 2010-06-28 07:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-23 23:11 . 2010-06-23 20:20 -------- d-----w- c:\program files\7-Zip
2010-06-23 05:07 . 2010-06-23 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-23 04:43 . 2010-06-23 04:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-23 00:58 . 2008-06-18 03:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 20:47 . 2010-07-10 07:02 267920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-22 18:27 . 2010-06-21 11:32 -------- d-----w- c:\program files\UnHackMe
2010-06-22 10:00 . 2010-06-22 10:00 -------- d-----w- c:\program files\Loaris
2010-06-22 08:44 . 2010-02-11 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 11:32 . 2010-06-21 11:32 2 --shatr- c:\windows\winstart.bat
2010-06-13 20:23 . 2010-06-12 18:26 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-06-13 20:23 . 2010-06-12 18:26 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-06-13 20:23 . 2010-06-12 18:26 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-06-13 20:23 . 2010-06-12 18:26 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-06-13 20:23 . 2009-10-09 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-13 20:16 . 2010-06-12 18:26 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-06-12 19:33 . 2007-06-22 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-12 18:26 . 2010-06-12 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-05-28 01:39 . 2010-05-28 01:39 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-05-25 05:50 . 2010-05-25 05:50 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\msvcp71.dll
2010-05-25 05:50 . 2010-05-25 05:50 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\jmc.dll
2010-05-25 05:50 . 2010-05-25 05:50 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\msvcr71.dll
2010-05-25 05:49 . 2010-05-25 05:49 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6668f10a-n\decora-sse.dll
2010-05-25 05:49 . 2010-05-25 05:49 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6668f10a-n\decora-d3d.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 17:58 . 2010-05-12 17:58 110920 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2008-01-29 07:31 . 2008-01-29 07:31 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-18 180269]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XobniService"=2 (0x2)
"LiveUpdate"=3 (0x3)
"avg9wd"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\crucifix676\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Darkeden\\darkeden.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58170:TCP"= 58170:TCP:Pando Media Booster
"58170:UDP"= 58170:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6902:TCP"= 6902:TCP:League of Legends Launcher
"6902:UDP"= 6902:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"58193:TCP"= 58193:TCP:Pando Media Booster
"58193:UDP"= 58193:UDP:Pando Media Booster
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"6988:TCP"= 6988:TCP:League of Legends Launcher
"6988:UDP"= 6988:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6954:TCP"= 6954:TCP:League of Legends Launcher
"6954:UDP"= 6954:UDP:League of Legends Launcher
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/3/2009 10:25 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [10/3/2009 10:25 PM 234888]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
S3 Normandy;Normandy SR2; [x]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 12:05 AM 717296]
S4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 6:21 PM 46824]
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-07 02:05]
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-07 02:05]
2010-07-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-16 23:48]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktopmStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride =
;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SetDefaultPrinter - c:\hp\bin\cloaker.exe
HKLM-Run-RBreset - c:\hp\bin\cloaker.exe
HKLM-Run-PMLreset - c:\hp\bin\cloaker.exe
HKLM-Run-HPSUreset - c:\hp\bin\cloaker.exe
HKLM-Run-Mqoganapiqifep - c:\windows\iwufazeqeq.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 17:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-08-05 17:28:58
ComboFix-quarantined-files.txt 2010-08-06 00:28
Pre-Run: 43,506,180,096 bytes free
Post-Run: 45,069,549,568 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - FB9F6B1F640FEB4C46E7E4E47B7ECE63