ComboFix 11-08-08.02 - HP_Administrator 08/08/2011 20:05:30.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.465 [GMT -7:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 ))))))))))))))))))))))))))))))) . . 2011-08-09 00:31 . 2009-11-13 22:57 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-08-09 00:31 . 2009-11-13 22:57 62592 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2011-08-08 23:13 . 2011-08-08 23:13 -------- d-----w- c:\windows\system32\wbem\Repository 2011-08-05 19:24 . 2001-08-17 19:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys 2011-08-05 19:24 . 2001-08-17 21:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll 2011-08-05 19:24 . 2001-08-17 21:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys 2011-08-05 19:24 . 2001-08-17 21:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys 2011-08-05 19:24 . 2001-08-17 21:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys 2011-08-05 19:24 . 2001-08-17 21:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys 2011-08-05 19:24 . 2001-08-18 05:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll 2011-08-05 19:24 . 2001-08-17 20:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys 2011-08-05 19:24 . 2001-08-17 21:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys 2011-08-05 19:22 . 2001-08-17 20:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys 2011-08-05 19:21 . 2001-08-17 19:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys 2011-08-05 19:20 . 2001-08-17 21:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll 2011-08-05 19:19 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys 2011-08-05 19:18 . 2001-08-18 05:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll 2011-08-05 19:17 . 2001-08-18 05:36 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll 2011-08-05 19:16 . 2001-08-17 19:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys 2011-08-05 19:16 . 2001-08-17 19:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys 2011-08-05 19:16 . 2001-08-17 19:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys 2011-08-05 19:16 . 2004-08-04 05:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys 2011-08-05 19:16 . 2001-08-17 19:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys 2011-08-05 19:16 . 2001-08-17 19:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys 2011-08-05 19:16 . 2001-08-18 05:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll 2011-08-05 19:16 . 2001-08-17 20:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys 2011-08-05 19:16 . 2001-08-17 21:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll 2011-08-05 19:16 . 2001-08-17 19:50 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys 2011-08-05 19:16 . 2001-08-17 19:50 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys 2011-08-05 19:16 . 2001-08-18 05:36 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll 2011-08-05 19:14 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys 2011-08-05 19:13 . 2001-08-17 20:51 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys 2011-08-05 19:12 . 2004-08-09 21:00 59904 ----a-w- c:\windows\system32\dllcache\imkrinst.exe 2011-08-05 19:11 . 2001-08-17 20:28 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys 2011-08-05 19:10 . 2001-08-17 20:51 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys 2011-08-05 19:09 . 2001-08-17 19:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys 2011-08-05 19:08 . 2008-04-13 18:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys 2011-08-05 19:07 . 2001-08-18 05:36 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll 2011-08-05 19:06 . 2008-04-13 18:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys 2011-08-05 19:05 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-08-01 05:23 . 2011-08-08 03:13 44560 --sha-w- c:\windows\system32\c_47915.nl_ 2011-07-31 23:15 . 2011-08-08 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-31 17:30 . 2011-08-09 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-07-31 17:30 . 2011-07-31 17:30 -------- d-----w- c:\program files\AVAST Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-08 03:13 . 2004-08-03 14:59 115200 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-08-06 17:58 . 2008-11-13 22:19 912640 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-08-05 19:37 . 2004-08-09 21:00 325632 ----a-w- c:\windows\system32\drivers\netbt.sys 2011-06-02 14:02 . 2004-08-09 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-27 04:34 . 2008-09-18 02:43 2291824 ----a-w- c:\program files\setupav.exe 2011-04-19 17:09 . 2009-04-11 17:53 2231248 ----a-w- c:\program files\autovip.exe 2011-01-07 17:10 . 2009-08-06 22:10 207912 ----a-w- c:\program files\wupdate.exe 2009-05-05 00:03 . 2009-04-11 17:53 154272 ----a-w- c:\program files\validate.exe 2009-04-30 03:08 . 2009-04-13 20:50 159440 ----a-w- c:\program files\wucheck.exe 2009-04-13 02:12 . 2009-04-11 17:53 158040 ----a-w- c:\program files\AddShortcuts.exe 2008-01-28 01:05 . 2008-01-24 17:05 154672 ----a-w- c:\program files\wcheck.exe 2007-10-13 03:50 . 2007-10-13 03:50 148936 ----a-w- c:\program files\Uninst_AutoVIP.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-09_00.41.41 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-09 03:12 . 2011-08-09 03:12 16384 c:\windows\Temp\Perflib_Perfdata_b6c.dat + 2011-08-09 03:11 . 2011-08-09 03:11 16384 c:\windows\Temp\Perflib_Perfdata_708.dat + 2011-08-09 01:01 . 2011-08-09 01:01 22016 c:\windows\Installer\132042.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856] "AutoVIP"="c:\program files\autovip.exe" [2011-04-19 2231248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Ashampoo FireWall"="c:\program files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-3-7 36903] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-6 27136] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Juno\\bin\\juno.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\JunoInternet\\exec.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= . S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 9:02 PM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 9:02 PM 135664] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/6/2006 11:27 PM 468768] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [12/27/2010 3:20 PM 229376] . Contents of the 'Scheduled Tasks' folder . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:02] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:02] . 2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916121995-2667568415-902956153-1008Core.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 05:20] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916121995-2667568415-902956153-1008UA.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 05:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.juno.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Display All Images with Full Quality - "c:\program files\JunoInternet\qsacc\appres.dll/228" IE: Display Image with Full Quality - "c:\program files\JunoInternet\qsacc\appres.dll/227" IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: microsoft.com\www.update Trusted Zone: windowsupdate.com Trusted Zone: windowsupdate.com\download Trusted Zone: trymedia.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-08 20:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\ASFWHide" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(496) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2728) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\arservice.exe c:\windows\system32\Ati2evxx.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\ARPWRMSG.EXE c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2011-08-08 20:15:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-09 03:15 ComboFix2.txt 2011-08-09 00:45 . Pre-Run: 208,132,911,104 bytes free Post-Run: 208,120,033,280 bytes free . - - End Of File - - D27A452BA7F3E8B891C7AB2BF185CDB0