Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possibly Infected With Malware.

Started by rkinsey1313 , Jan 24 2011 04:11 PM

This topic is locked

#1
rkinsey1313

Posted 24 January 2011 - 04:11 PM

Member

Member
90 posts

My computer seems to be on a downward spiral. It's getting slower and slower. I have Malwarebytes, Super Anti Spyware, CC cleaner and Combofix. I have run all of them except for combofix. Malwarebytes finds nothing. Super Anti Spyware usually find a few things and gets rid of it. But it never seems to fix the problem. I ran OTL and am going to post a log. Thanks.

OTL logfile created on: 1/24/2011 2:02:39 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 475.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.80 Gb Total Space | 142.83 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 14:02:35 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/01/07 19:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2005/08/27 01:14:44 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
PRC - [2005/08/27 01:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/24 14:02:35 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
MOD - [2004/08/10 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/21 12:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 19:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2005/08/29 14:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/03 23:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 00:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 14:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 14:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2005/11/10 16:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/12/23 00:04:33 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/01/24 11:26:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/10 16:46:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 13:32:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/01/24 13:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo
[2011/01/24 13:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/24 13:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Local
[2011/01/24 13:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/24 11:30:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER(3)
[2011/01/24 11:29:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/24 11:19:36 | 000,000,000 | -HSD | C] -- C:\cmdcons(3)
[2011/01/23 00:01:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/14 10:15:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/12 15:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities
[2011/01/10 00:14:55 | 004,208,208 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/01/10 00:14:36 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/01/10 00:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/01/05 21:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
[2011/01/05 21:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/01/05 05:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2010/12/30 16:20:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/24 13:36:28 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/01/24 13:34:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/24 13:34:23 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/24 13:16:02 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
[2011/01/24 11:26:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/24 11:12:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/23 23:16:06 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
[2011/01/21 23:07:12 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2011/01/18 17:12:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/13 20:17:01 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/13 20:17:00 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/01/12 16:52:37 | 000,010,058 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\tweety.jpg
[2011/01/09 23:59:16 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/01/05 21:51:50 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/05 21:51:49 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/12/31 10:56:58 | 000,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2010/12/30 16:20:44 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/12/30 16:14:29 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/26 20:59:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/12 16:52:45 | 000,010,058 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\tweety.jpg
[2011/01/10 00:14:35 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/01/09 23:59:16 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/01/05 21:51:49 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/01/05 21:51:38 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/22 23:06:13 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/10/04 16:37:38 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 07:02:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/04/19 04:15:28 | 000,866,304 | ---- | C] () -- C:\WINDOWS\D2NT.dll
[2009/07/26 14:12:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/14 17:04:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/04/14 17:04:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/04/14 16:56:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/24 17:08:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/12/26 17:21:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/11/10 17:15:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 16:54:49 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 16:49:39 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 16:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 16:46:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/10 16:43:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 16:38:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 16:38:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 16:38:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 16:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 16:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 16:32:35 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 16:31:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 16:20:01 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/10 16:18:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 16:02:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 15:55:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 15:55:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 15:55:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 12:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 04:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

#2
rkinsey1313

Posted 25 January 2011 - 06:49 PM

Member

Topic Starter
Member
90 posts

Guess Ill bump this. Been about 24 hours.

#3
SweetTech

Posted 25 January 2011 - 07:21 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello rkinsey1313 and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/01/24 13:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/24 13:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/24 13:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg

:Files
dir /s /a "C:\Documents and Settings\HP_Administrator\Application Data\Local" /c
type "C:\ComboFix.txt" /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Please be sure to include an update on how things are currently running.

#4
rkinsey1313

Posted 25 January 2011 - 11:36 PM

Member

Topic Starter
Member
90 posts

Hey Sweettech, Thanks for helping. I had a friend come over and recommend using CC cleaner to try to clean off temp files and junk off my computer. I noticed in the RKU report that some of the stuff wasn't found and I believe that its some of the junk that was cleaned up. That is all I ran on it since my post besides what you asked me to run. Here are the OTL and RKU Reports:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Folder C:\WINDOWS\System32\3076\ not found.
Folder C:\WINDOWS\System32\2052\ not found.
Folder C:\WINDOWS\System32\1054\ not found.
Folder C:\WINDOWS\System32\1042\ not found.
Folder C:\WINDOWS\System32\1041\ not found.
Folder C:\WINDOWS\System32\1037\ not found.
Folder C:\WINDOWS\System32\1031\ not found.
Folder C:\WINDOWS\System32\1028\ not found.
Folder C:\WINDOWS\System32\1025\ not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Documents and Settings\HP_Administrator\Application Data\Local" /c >
Volume in drive C is HP_PAVILION
Volume Serial Number is 0871-F5E4
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\cmd.txt deleted successfully.
< type "C:\ComboFix.txt" /c >
ComboFix 11-01-23.07 - HP_Administrator 01/24/2011 22:18:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.607 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ps2.bat
.
((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.
2011-01-25 02:46 . 2011-01-25 05:33 -------- d-sh--r- c:\windows\system32\dllcache
2011-01-24 21:29 . 2011-01-25 06:05 -------- d-----w- c:\program files\ESET
2011-01-24 19:30 . 2011-01-24 21:29 -------- d-----w- C:\RECYCLER(3)
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-06 05:51 . 2011-01-24 19:09 -------- d-----w- c:\program files\Ventrilo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6277000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3645440 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBFA80000 C:\WINDOWS\System32\ati3duag.dll 2412544 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1839104 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF683E000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1368064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF669D000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7316000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF65F1000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBFCCD000 C:\WINDOWS\System32\ativvaxx.dll 602112 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF71CE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF1FD5000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF20B9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEF7DF000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xF72BB000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xEF859000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF9D3000 C:\WINDOWS\System32\ati2dvag.dll 258048 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFA12000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF679B000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBFA4B000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF61B4000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF61E8000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7441000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEF8C2000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71A1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF2044000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEEE31000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF2091000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF73EB000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF1EC9000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF67E4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6807000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF206F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6255000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF1FB4000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7284000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7411000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7186000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72FE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF1EB1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF72A3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF725B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF622A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEF9DC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6241000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF682A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2111000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF67D1000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 77824 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xBF9C1000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7272000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7430000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6219000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEF2D7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF698C000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7720000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7610000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7580000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF699C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEFCF1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76B0000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF69CC000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF7590000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF69AC000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75D0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7620000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7640000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF69BC000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75A0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7630000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7670000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7660000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75E0000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xF75C0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7700000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7730000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7570000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7650000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76E0000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF767000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7710000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7940000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7858000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7840000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7938000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7870000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7928000 C:\WINDOWS\system32\DRIVERS\aracpi.sys 24576 bytes (Microsoft Corporation, Microsoft AR ACPI Driver (Beta 2 Release 2))
0xF7960000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7968000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7848000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7868000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xF7850000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77F8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7950000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7800000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7958000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7948000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7930000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7908000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A44000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEFC95000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A48000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xF7980000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF1F94000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A40000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEF84D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF61B0000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A4C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A18000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AC2000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xF7AC4000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xF7ABC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A78000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B2A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7ABA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A76000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A70000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7ABE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AC0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AAE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AB8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A74000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A72000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B78000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BFC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BC2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B38000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

My Computer already seems to be running faster. However, there has been instances in the past when I've run a malware program and it runs fast for a few days and then goes back to acting up. I will post again if it starts running slow again. Thank you.

#5
SweetTech

Posted 26 January 2011 - 10:50 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello rkinsey1313,

How are you doing today? I hope this day finds you well!

Thanks for informing me that you cleaned up your temp files using CCleaner.

Please delete the current copy of ComboFix on your desktop, and download a new copy from the link below:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#6
rkinsey1313

Posted 27 January 2011 - 01:39 PM

Member

Topic Starter
Member
90 posts

Hey sweet. I ran combofix and I don't think it found anything. Here is the Log. My computer is running faster but at times it still seems to go slow. Like in spurts.

ComboFix 11-01-25.05 - HP_Administrator 01/26/2011 21:25:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.682 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-26 03:55 . 2011-01-26 03:55 -------- d-----w- C:\_OTL
2011-01-26 01:17 . 2011-01-26 01:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-26 01:15 . 2011-01-26 01:15 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-26 01:15 . 2011-01-26 01:15 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-26 01:14 . 2011-01-26 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-01-25 08:07 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-01-25 08:07 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-01-25 08:07 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-01-25 08:07 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-01-25 08:07 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-01-25 05:31 . 2011-01-25 05:35 -------- d-----w- c:\documents and settings\HP_Administrator
2011-01-25 05:30 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2011-01-25 05:26 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-25 05:26 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-01-25 05:26 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-25 02:46 . 2011-01-25 05:33 -------- d-sh--r- c:\windows\system32\dllcache
2011-01-24 21:29 . 2011-01-25 06:05 -------- d-----w- c:\program files\ESET
2011-01-24 19:30 . 2011-01-24 21:29 -------- d-----w- C:\RECYCLER(3)
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-06 05:51 . 2011-01-24 19:09 -------- d-----w- c:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2011-01-25_06.21.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 06:54 . 2006-12-02 06:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 06:54 . 2006-12-02 06:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 06:54 . 2006-12-02 06:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2011-01-25 08:07 . 2011-01-25 08:07 216576 c:\windows\Installer\8f276b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-17 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-08-10 53248]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"59138:TCP"= 59138:TCP:Pando Media Booster
"59138:UDP"= 59138:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/7/2005 11:23 PM 21120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-25 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 21:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-26 21:32:02
ComboFix-quarantined-files.txt 2011-01-27 05:31
ComboFix2.txt 2011-01-25 06:23
ComboFix3.txt 2011-01-24 23:12
ComboFix4.txt 2011-01-24 19:29
ComboFix5.txt 2011-01-27 05:24

Pre-Run: 167,928,913,920 bytes free
Post-Run: 167,922,012,160 bytes free

- - End Of File - - 19250E4A823CDB95D4ABFB66945F37D8

#7
SweetTech

Posted 27 January 2011 - 06:32 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello rkinsey1313,

Locating ComboFix Log

Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
Click on Explore
Click on Local Disk (C:) in the left-hand window pane
Click on Qoobox in the left-hand window pane
Look for ComboFix2.txt in the right-hand window pane and right click on it
Put your cursor (arrow) on Open With
Move your cursor to the new menu that opens and click on Choose Program...
Click on Notepad

When file opens, Copy/Paste text here.

Please repeat the above process for locating ComboFix3.txt, ComboFix4.txt as well ComboFix5.txt

Post them each as a seperate reply.

#8
rkinsey1313

Posted 28 January 2011 - 06:38 AM

Member

Topic Starter
Member
90 posts

ComboFix 11-01-25.05 - HP_Administrator 01/26/2011 21:25:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.682 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-26 03:55 . 2011-01-26 03:55 -------- d-----w- C:\_OTL
2011-01-26 01:17 . 2011-01-26 01:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-01-26 01:15 . 2011-01-26 01:15 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-26 01:15 . 2011-01-26 01:15 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-26 01:14 . 2011-01-26 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-01-25 08:07 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-01-25 08:07 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-01-25 08:07 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-01-25 08:07 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-01-25 08:07 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-01-25 05:31 . 2011-01-25 05:35 -------- d-----w- c:\documents and settings\HP_Administrator
2011-01-25 05:30 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2011-01-25 05:26 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-25 05:26 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-01-25 05:26 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-25 02:46 . 2011-01-25 05:33 -------- d-sh--r- c:\windows\system32\dllcache
2011-01-24 21:29 . 2011-01-25 06:05 -------- d-----w- c:\program files\ESET
2011-01-24 19:30 . 2011-01-24 21:29 -------- d-----w- C:\RECYCLER(3)
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-06 05:51 . 2011-01-24 19:09 -------- d-----w- c:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2011-01-25_06.21.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 06:54 . 2006-12-02 06:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 06:54 . 2006-12-02 06:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 06:54 . 2006-12-02 06:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2011-01-25 08:07 . 2011-01-25 08:07 216576 c:\windows\Installer\8f276b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-17 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-08-10 53248]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"59138:TCP"= 59138:TCP:Pando Media Booster
"59138:UDP"= 59138:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/7/2005 11:23 PM 21120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-25 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 21:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-26 21:32:02
ComboFix-quarantined-files.txt 2011-01-27 05:31
ComboFix2.txt 2011-01-25 06:23
ComboFix3.txt 2011-01-24 23:12
ComboFix4.txt 2011-01-24 19:29
ComboFix5.txt 2011-01-27 05:24

Pre-Run: 167,928,913,920 bytes free
Post-Run: 167,922,012,160 bytes free

- - End Of File - - 19250E4A823CDB95D4ABFB66945F37D8

#9
rkinsey1313

Posted 28 January 2011 - 06:38 AM

Member

Topic Starter
Member
90 posts

ComboFix 11-01-23.07 - HP_Administrator 01/24/2011 22:18:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.607 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-25 02:46 . 2011-01-25 05:33 -------- d-sh--r- c:\windows\system32\dllcache
2011-01-24 21:29 . 2011-01-25 06:05 -------- d-----w- c:\program files\ESET
2011-01-24 19:30 . 2011-01-24 21:29 -------- d-----w- C:\RECYCLER(3)
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-06 05:51 . 2011-01-24 19:09 -------- d-----w- c:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-08-10 53248]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

--- Other Services/Drivers In Memory ---

*NewlyCreated* - APPMGMT
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346832426-1868189324-2465816145-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-25 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 22:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-24 22:23:13
ComboFix-quarantined-files.txt 2011-01-25 06:23
ComboFix2.txt 2011-01-24 23:12
ComboFix3.txt 2011-01-24 19:29
ComboFix4.txt 2011-01-23 08:00
ComboFix5.txt 2011-01-25 06:11

Pre-Run: 169,179,975,680 bytes free
Post-Run: 169,179,353,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - FC60890236D0D313177F4E61E59CC720

#10
rkinsey1313

Posted 28 January 2011 - 06:39 AM

Member

Topic Starter
Member
90 posts

ComboFix 11-01-23.07 - HP_Administrator 01/24/2011 15:05:54.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.639 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Local

.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 21:33 . 2011-01-24 21:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\3076
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\2052
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1054
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1042
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1041
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1037
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1031
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1028
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\program files\ESET
2011-01-24 21:29 . 2011-01-24 21:29 -------- d-----w- c:\windows\system32\1025
2011-01-24 19:30 . 2011-01-24 21:29 -------- d-----w- C:\RECYCLER(3)
2011-01-14 18:15 . 2011-01-14 18:15 -------- d-----w- c:\windows\system32\LogFiles
2011-01-12 23:50 . 2011-01-12 23:50 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-06 05:52 . 2011-01-24 21:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2011-01-06 05:51 . 2011-01-24 19:09 -------- d-----w- c:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.27.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-01-10 07:59 . 2011-01-10 07:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-10 07:59 . 2011-01-10 07:59 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-01-24 19:05 . 2011-01-12 03:16 210656 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
- 2010-12-23 06:01 . 2005-11-11 00:54 210656 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2011-01-06 05:51 . 2011-01-06 05:51 683520 c:\windows\Installer\38560c2.msi
+ 2011-01-11 07:03 . 2011-01-11 07:03 228352 c:\windows\Installer\1d88903b.msi
+ 2010-10-14 19:26 . 2010-05-12 01:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-05-12 00:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
+ 2010-10-14 19:26 . 2010-03-25 00:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
- 2010-10-14 19:26 . 2010-03-24 23:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2011-01-24 19:06 . 2011-01-24 21:33 3476088 c:\windows\system32\Restore\rstrlog.dat
+ 2010-10-22 04:04 . 2010-10-22 04:04 2827728 c:\windows\Downloaded Program Files\CONFLICT.82\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-22 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 15:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-24 15:12:28
ComboFix-quarantined-files.txt 2011-01-24 23:12
ComboFix2.txt 2011-01-24 19:29
ComboFix3.txt 2011-01-23 08:00
ComboFix4.txt 2011-01-17 04:57
ComboFix5.txt 2011-01-24 23:04

Pre-Run: 153,319,882,752 bytes free
Post-Run: 153,311,760,384 bytes free

- - End Of File - - B38AC776F1FFBF8D3425892EB76341DD

#11
rkinsey1313

Posted 28 January 2011 - 06:39 AM

Member

Topic Starter
Member
90 posts

ComboFix 10-12-22.04 - HP_Administrator 12/22/2010 22:29:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.673 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Local
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\10.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\11.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\12.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\13.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\14.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\15.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\16.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\17.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\18.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\19.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\20.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\21.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\22.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\23.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\24.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\25.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\26.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\27.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\28.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\29.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\30.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\31.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\32.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\33.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\34.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\35.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\36.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\acqhhqqpdjae.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\ctlrxfoukbdz.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\dquasgtrlbnl.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\fdxuutdxlacg.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\goumcxjtterh.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\gruqcqtfotix.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\hkfvmzijvszv.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\hruumdwjremy.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\hymtzzeriyoi.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\khcjwbsztwyb.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\kqrxrmaixhno.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\kvcarofpfebx.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\lrfjgykdbohn.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\lzxuizwmfmbh.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\mmrfjyjodaal.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\mtdbypnasqdx.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\rrogfjwindkf.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\srxczceyewyq.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\acqhhqqpdjae.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ctlrxfoukbdz.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ddxjdiyytzku.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ddxjdiyytzku.avi(3).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ddxjdiyytzku.avi(4).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ddxjdiyytzku.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\dquasgtrlbnl.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\fdxuutdxlacg.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\goumcxjtterh.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\gruqcqtfotix.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\hkfvmzijvszv.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\hruumdwjremy.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\hymtzzeriyoi.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\khcjwbsztwyb.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\kqrxrmaixhno.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\kvcarofpfebx.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\lihqvpgugbsw.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\lititjetgokw.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\lititjetgokw.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\lrfjgykdbohn.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\lzxuizwmfmbh.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mmrfjyjodaal.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(3).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(4).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(5).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(6).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(7).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi(8).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\mtdbypnasqdx.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\pyxzrxzjxvxp.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\pyxzrxzjxvxp.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\rrogfjwindkf.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\srxczceyewyq.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\t(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\t(3).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\t(4).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\t.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvbszyfvclpo(2).avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvbszyfvclpo(3).avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvbszyfvclpo.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ujlbelzwsjtv.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ujlbelzwsjtv.avi(3).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\ujlbelzwsjtv.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\uyoqoqnyehld.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vkohpvxirjae.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vpfzwmowhejm.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vqifydiffvee.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\wbrdamgheywo.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xlgdpxtlzpgh.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\zrexnmsexdko.avi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\tvbszyfvclpo.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\ujlbelzwsjtv.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\uyoqoqnyehld.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\vkohpvxirjae.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\vpfzwmowhejm.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\vqifydiffvee.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\wbrdamgheywo.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\xlgdpxtlzpgh.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\zrexnmsexdko.avi.ddr
c:\windows\system32\Oeminfo.ini
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 06:09 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 06:09 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 06:09 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 06:09 . 2010-12-23 06:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-23 06:07 . 2010-12-23 06:10 -------- d-----w- c:\program files\DivX
2010-12-23 06:03 . 2010-12-23 06:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-23 06:02 . 2010-12-23 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-22 11:44 . 2010-12-22 11:44 -------- d-----w- c:\windows\system32\LogFiles
2010-12-18 08:41 . 2010-12-18 08:41 -------- d-----w- C:\Riot Games
2010-12-18 07:25 . 2010-12-23 06:03 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-18 07:24 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-18 07:19 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-18 07:18 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-18 07:18 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-18 05:55 . 2010-12-18 07:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-12-17 22:13 . 2010-12-18 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-17 22:13 . 2010-12-17 22:13 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-13 06:08 . 2010-01-22 12:23 249856 ------w- c:\windows\Setup1.exe
2010-10-13 06:08 . 2009-11-26 03:28 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57938:TCP"= 57938:TCP:Pando Media Booster
"57938:UDP"= 57938:UDP:Pando Media Booster

S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/7/2005 11:23 PM 21120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-18 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2010-12-18 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 22:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-22 22:34:18
ComboFix-quarantined-files.txt 2010-12-23 06:34

Pre-Run: 154,701,312,000 bytes free
Post-Run: 154,692,497,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 6DCDD9445B702396E5426B109EDBF7FA
ComboFix 10-12-30.01 - HP_Administrator 12/30/2010 16:21:43.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.614 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\Local
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\5.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\7.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\9.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\aqclajrlixoy.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\hymtzzeriyoi.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\lbvfpqxlzqrq.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\rahyubpkvrho.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\aqclajrlixoy.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\hymtzzeriyoi.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\lbvfpqxlzqrq.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\rahyubpkvrho.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\thmpkcjxgtjd.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vgegnxbfbgij.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vgegnxbfbgij.avi(3).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vgegnxbfbgij.avi(4).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vgegnxbfbgij.avi(5).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vgegnxbfbgij.avi(6).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\vgegnxbfbgij.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xebslpiwokev.avi(2).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xebslpiwokev.avi(3).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xebslpiwokev.avi(4).ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xebslpiwokev.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\yhcaxggnfslv.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\zknqaygfdmhh.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\zlkdhbnlkynx.avi.ddp
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\thmpkcjxgtjd.avi.ddr
c:\documents and settings\HP_Administrator\Application Data\Local\Temp\DDM\Settings\zlkdhbnlkynx.avi.ddr
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\system32\Oeminfo.ini
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-28 21:25 . 2010-12-28 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-23 09:34 . 2010-12-23 09:34 -------- d-----w- C:\Riot Games
2010-12-23 08:43 . 2010-12-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-23 08:42 . 2010-12-23 08:42 -------- d-----w- c:\program files\Pando Networks
2010-12-23 08:31 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-12-23 08:31 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-12-23 08:31 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-23 08:22 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 08:22 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 07:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 07:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 07:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 07:06 . 2010-12-28 19:20 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-23 07:05 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-23 07:01 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-23 07:01 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-23 07:01 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-23 05:38 . 2010-12-23 07:07 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-10-13 06:08 . 2010-01-22 12:23 249856 ------w- c:\windows\Setup1.exe
2010-10-13 06:08 . 2009-11-26 03:28 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 16:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-12-30 16:31:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 00:31
ComboFix2.txt 2010-12-23 06:34

Pre-Run: 155,374,620,672 bytes free
Post-Run: 155,671,048,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 3B64CE66CC125A657D5EEF6C9F53AAE5
ComboFix 10-12-31.01 - HP_Administrator 12/31/2010 11:59:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.568 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-23 09:34 . 2010-12-23 09:34 -------- d-----w- C:\Riot Games
2010-12-23 08:43 . 2010-12-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-23 08:42 . 2010-12-23 08:42 -------- d-----w- c:\program files\Pando Networks
2010-12-23 08:31 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-12-23 08:31 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-12-23 08:31 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-23 08:22 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 08:22 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 07:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 07:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 07:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 07:06 . 2010-12-28 19:20 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-23 07:05 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-23 07:01 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-23 07:01 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-23 07:01 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-23 05:38 . 2010-12-23 07:07 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-10-13 06:08 . 2010-01-22 12:23 249856 ------w- c:\windows\Setup1.exe
2010-10-13 06:08 . 2009-11-26 03:28 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-31 12:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-31 12:05:37
ComboFix-quarantined-files.txt 2010-12-31 20:05
ComboFix2.txt 2010-12-31 00:31
ComboFix3.txt 2010-12-23 06:34

Pre-Run: 155,671,080,960 bytes free
Post-Run: 155,663,814,656 bytes free

- - End Of File - - CFC6D43EECA8CA319116864A34982A67
ComboFix 11-01-02.03 - HP_Administrator 01/03/2011 1:49.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.586 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 06:01 . 2011-01-03 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-23 09:34 . 2010-12-23 09:34 -------- d-----w- C:\Riot Games
2010-12-23 08:43 . 2010-12-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-23 08:42 . 2010-12-23 08:42 -------- d-----w- c:\program files\Pando Networks
2010-12-23 08:31 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-12-23 08:31 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-12-23 08:31 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-23 08:22 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 08:22 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 07:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 07:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 07:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 07:06 . 2010-12-31 22:33 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-23 07:05 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-23 07:01 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-23 07:01 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-23 07:01 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-23 05:38 . 2010-12-23 07:07 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-10-13 06:08 . 2010-01-22 12:23 249856 ------w- c:\windows\Setup1.exe
2010-10-13 06:08 . 2009-11-26 03:28 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 01:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-03 01:56:31
ComboFix-quarantined-files.txt 2011-01-03 09:56
ComboFix2.txt 2010-12-31 20:05
ComboFix3.txt 2010-12-31 00:31
ComboFix4.txt 2010-12-23 06:34

Pre-Run: 155,561,209,856 bytes free
Post-Run: 155,567,132,672 bytes free

- - End Of File - - 74C10B5D5ABA7221324D063C56C29DAF
ComboFix 11-01-11.01 - HP_Administrator 01/11/2011 21:29:18.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.573 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 )))))))))))))))))))))))))))))))
.

2011-01-10 08:14 . 2010-10-21 20:06 4208208 ----a-w- c:\windows\system32\GameMon.des
2011-01-10 08:14 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-01-10 08:14 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-10 07:58 . 2011-01-10 09:01 -------- d-----w- c:\program files\REACTOR
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Ventrilo
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-01-03 06:01 . 2011-01-03 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-23 09:34 . 2010-12-23 09:34 -------- d-----w- C:\Riot Games
2010-12-23 08:43 . 2010-12-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-23 08:42 . 2010-12-23 08:42 -------- d-----w- c:\program files\Pando Networks
2010-12-23 08:31 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-12-23 08:31 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-12-23 08:31 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-23 08:22 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 08:22 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 07:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 07:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 07:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 07:06 . 2011-01-05 04:22 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-23 07:05 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-23 07:01 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-23 07:01 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-23 07:01 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-23 05:38 . 2010-12-23 07:07 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.27.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-01-10 07:59 . 2011-01-10 07:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-10 07:59 . 2011-01-10 07:59 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-01-06 05:51 . 2011-01-06 05:51 683520 c:\windows\Installer\38560c2.msi
+ 2011-01-11 07:03 . 2011-01-11 07:03 228352 c:\windows\Installer\1d88903b.msi
+ 2010-10-14 19:26 . 2010-05-12 01:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-05-12 00:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-03-24 23:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2010-10-14 19:26 . 2010-03-25 00:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-10-22 04:04 . 2010-10-22 04:04 2827728 c:\windows\Downloaded Program Files\CONFLICT.82\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUMP_WMIMMC
*Deregistered* - dump_wmimmc
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Gunz - c:\ijji\ENGLISH\Gunz\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 21:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-11 21:35:37
ComboFix-quarantined-files.txt 2011-01-12 05:35
ComboFix2.txt 2011-01-03 09:56
ComboFix3.txt 2010-12-31 20:05
ComboFix4.txt 2010-12-31 00:31
ComboFix5.txt 2011-01-12 05:28

Pre-Run: 154,924,498,944 bytes free
Post-Run: 154,956,804,096 bytes free

- - End Of File - - 1A55D25CF01EE69E29F4216A1F8039B4
ComboFix 11-01-13.01 - HP_Administrator 01/14/2011 2:04.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.593 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-13 04:31 . 2011-01-13 04:31 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-01-10 08:14 . 2010-10-21 20:06 4208208 ----a-w- c:\windows\system32\GameMon.des
2011-01-10 08:14 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-01-10 08:14 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-10 07:58 . 2011-01-10 09:01 -------- d-----w- c:\program files\REACTOR
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Ventrilo
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-23 09:34 . 2010-12-23 09:34 -------- d-----w- C:\Riot Games
2010-12-23 08:43 . 2010-12-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-23 08:42 . 2010-12-23 08:42 -------- d-----w- c:\program files\Pando Networks
2010-12-23 08:31 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-12-23 08:31 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-12-23 08:31 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-23 08:22 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 08:22 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 07:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 07:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 07:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 07:06 . 2011-01-12 05:37 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-23 07:05 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-23 07:01 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-23 07:01 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-23 07:01 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-23 05:38 . 2010-12-23 07:07 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.27.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-01-10 07:59 . 2011-01-10 07:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-10 07:59 . 2011-01-10 07:59 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-01-06 05:51 . 2011-01-06 05:51 683520 c:\windows\Installer\38560c2.msi
+ 2011-01-11 07:03 . 2011-01-11 07:03 228352 c:\windows\Installer\1d88903b.msi
+ 2010-10-14 19:26 . 2010-05-12 01:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-05-12 00:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-03-24 23:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2010-10-14 19:26 . 2010-03-25 00:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-10-22 04:04 . 2010-10-22 04:04 2827728 c:\windows\Downloaded Program Files\CONFLICT.82\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUMP_WMIMMC
*Deregistered* - dump_wmimmc
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 02:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-14 02:10:37
ComboFix-quarantined-files.txt 2011-01-14 10:10
ComboFix2.txt 2011-01-12 05:35
ComboFix3.txt 2011-01-03 09:56
ComboFix4.txt 2010-12-31 20:05
ComboFix5.txt 2011-01-14 10:02

Pre-Run: 154,799,906,816 bytes free
Post-Run: 154,794,221,568 bytes free

- - End Of File - - 70094958FE0070B2234F8295744E9F32
ComboFix 11-01-16.02 - HP_Administrator 01/16/2011 20:50:20.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.572 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
.

2011-01-14 18:15 . 2011-01-14 18:15 -------- d-----w- c:\windows\system32\LogFiles
2011-01-10 08:14 . 2010-10-21 20:06 4208208 ----a-w- c:\windows\system32\GameMon.des
2011-01-10 08:14 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-01-10 08:14 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-10 07:58 . 2011-01-10 09:01 -------- d-----w- c:\program files\REACTOR
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Ventrilo
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-23 09:34 . 2010-12-23 09:34 -------- d-----w- C:\Riot Games
2010-12-23 08:43 . 2010-12-23 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-12-23 08:42 . 2010-12-23 08:42 -------- d-----w- c:\program files\Pando Networks
2010-12-23 08:31 . 2008-07-31 18:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-12-23 08:31 . 2008-07-31 18:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-12-23 08:31 . 2008-07-12 16:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-12-23 08:31 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-12-23 08:22 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 08:22 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 07:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-23 07:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-23 07:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-23 07:06 . 2011-01-12 05:37 -------- d-----w- c:\documents and settings\HP_Administrator
2010-12-23 07:05 . 2005-11-11 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-12-23 07:01 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-23 07:01 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-23 07:01 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-12-23 05:38 . 2010-12-23 07:07 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.27.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-01-10 07:59 . 2011-01-10 07:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-10 07:59 . 2011-01-10 07:59 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-01-06 05:51 . 2011-01-06 05:51 683520 c:\windows\Installer\38560c2.msi
+ 2011-01-11 07:03 . 2011-01-11 07:03 228352 c:\windows\Installer\1d88903b.msi
+ 2010-10-14 19:26 . 2010-05-12 01:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-05-12 00:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-03-24 23:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2010-10-14 19:26 . 2010-03-25 00:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-10-22 04:04 . 2010-10-22 04:04 2827728 c:\windows\Downloaded Program Files\CONFLICT.82\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUMP_WMIMMC
*Deregistered* - dump_wmimmc
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2010-12-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-TeamSpeak 3 Client - c:\program files\TeamSpeak 3 Client\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 20:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-16 20:57:04
ComboFix-quarantined-files.txt 2011-01-17 04:56
ComboFix2.txt 2011-01-14 10:10
ComboFix3.txt 2011-01-12 05:35
ComboFix4.txt 2011-01-03 09:56
ComboFix5.txt 2011-01-17 04:49

Pre-Run: 154,740,961,280 bytes free
Post-Run: 154,735,587,328 bytes free

- - End Of File - - 1F4D2CC13071E25DD7C5F32197B3E788
ComboFix 11-01-22.02 - HP_Administrator 01/22/2011 23:53:40.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.597 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-17 04:59 . 2011-01-17 04:59 -------- d-----w- c:\program files\ESET
2011-01-14 18:15 . 2011-01-14 18:15 -------- d-----w- c:\windows\system32\LogFiles
2011-01-12 23:50 . 2011-01-12 23:50 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2011-01-10 08:14 . 2010-10-21 20:06 4208208 ----a-w- c:\windows\system32\GameMon.des
2011-01-10 08:14 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-01-10 08:14 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-10 07:58 . 2011-01-10 09:01 -------- d-----w- c:\program files\REACTOR
2011-01-06 05:52 . 2011-01-13 00:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Ventrilo
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-31_00.27.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-01-10 07:59 . 2011-01-10 07:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-10 07:59 . 2011-01-10 07:59 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-01-06 05:51 . 2011-01-06 05:51 683520 c:\windows\Installer\38560c2.msi
+ 2011-01-11 07:03 . 2011-01-11 07:03 228352 c:\windows\Installer\1d88903b.msi
+ 2010-10-14 19:26 . 2010-05-12 01:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-05-12 00:28 173232 c:\windows\Downloaded Program Files\PubPlugin.dll
- 2010-10-14 19:26 . 2010-03-24 23:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2010-10-14 19:26 . 2010-03-25 00:56 143968 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-10-22 04:04 . 2010-10-22 04:04 2827728 c:\windows\Downloaded Program Files\CONFLICT.82\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\REACTOR\\REACTOR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-22 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 23:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-23 00:00:11
ComboFix-quarantined-files.txt 2011-01-23 08:00
ComboFix2.txt 2011-01-17 04:57
ComboFix3.txt 2011-01-14 10:10
ComboFix4.txt 2011-01-12 05:35
ComboFix5.txt 2011-01-23 07:52

Pre-Run: 154,457,890,816 bytes free
Post-Run: 154,453,499,904 bytes free

- - End Of File - - BFD879D0D9D498060F193507613C8622
ComboFix 11-01-22.02 - HP_Administrator 01/24/2011 11:20:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.651 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\Local
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 19:11 . 2011-01-24 19:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-23 10:00 . 2011-01-24 19:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Local(2)
2011-01-23 08:01 . 2011-01-24 19:07 -------- d-----w- C:\RECYCLER(2)
2011-01-17 04:59 . 2011-01-17 04:59 -------- d-----w- c:\program files\ESET(2)
2011-01-14 18:15 . 2011-01-14 18:15 -------- d-----w- c:\windows\system32\LogFiles
2011-01-12 23:50 . 2011-01-12 23:50 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2011-01-10 08:14 . 2011-01-10 08:14 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-01-10 07:58 . 2011-01-24 19:09 -------- d-----w- c:\program files\REACTOR
2011-01-06 05:52 . 2011-01-24 19:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2011-01-06 05:51 . 2011-01-24 19:09 -------- d-----w- c:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-08-10 53248]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"57066:TCP"= 57066:TCP:Pando Media Booster
"57066:UDP"= 57066:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCD5SRVC{085326CB-51A3560A-05010003}
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469911042-1935599223-620547350-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 11:41]

2011-01-22 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
AddRemove-DivX Setup.divx.com - c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 11:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-01-24 11:29:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-24 19:29
ComboFix2.txt 2011-01-23 08:00
ComboFix3.txt 2011-01-17 04:57
ComboFix4.txt 2011-01-14 10:10
ComboFix5.txt 2011-01-24 19:16

Pre-Run: 152,810,532,864 bytes free
Post-Run: 152,809,664,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 607880C4BD58A88BC80DA0E57A60953C

#12
SweetTech

Posted 28 January 2011 - 10:25 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello rkinsey1313,

Let me know how things are running after doing these scans:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#13
rkinsey1313

Posted 29 January 2011 - 08:32 AM

Member

Topic Starter
Member
90 posts

Het Sweet. I Just got done with the tasks you provided me with. I do regularly run Malwarebytes every night after I get off the computer. So it's rare that I end up finding anything with that. I ran Eset scanner as well and it did not find anything and did not provide me with a log to post here. My computer still seems to run good 3/4 of the time and really crappy the other 1/4 of time. Here and the MBAM and Security Check Logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5633

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/29/2011 12:03:44 AM
mbam-log-2011-01-29 (00-03-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 265095
Time elapsed: 59 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

#14
SweetTech

Posted 29 January 2011 - 09:39 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello rkinsey1313,

That's good to hear that you run MBAM nightly. You are running an outdated version of MBAM though. The current version is 1.50.1.1100.

Please update yourself to the latest version:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Update Windows XP
Service Pack 3 (SP3)
It would be in your best interest to install this service pack. This update includes all previously released updates for your system.
Microsoft advises that SP1 or SP1a needs to be installed before installing this update.
Attention: The SP3 download is very large! Based on your Internet connection... be prepared, it could take hours to download!!
Alternately, you could see if a friend or family member has the SP3 update on CD or order it from MS for a fee ... based on your location.

This will be a 2 step process...
The 1st step in this process is to apply Service Pack 3 (SP3) for Windows XP. This update, includes security fixes, to protect your computer.
The 2nd step is to apply all the critical updates and patches since SP3 was released.
Note: If at any time during these steps, you experience problems with your computer...:stop: ...Do not continue with the steps and post a description of the problem.

First
Obtain Windows XP Service Pack 3 from the Microsoft Download Center
Click the Download ...button. Choose "Save" at the prompt...and save the file to your desktop.
Double click the "WindowsXP-KB936929-SP3-x86-ENU.exe" file on your desktop to install the update.
When the installation has completed successfully...
! IMPORTANT ! reboot your computer (normally) before proceeding to the next step.

Second

Now...Go to: Windows Update and install the Critical Updates.
Press the "Express"...button to have all "critical" updates shown.
Make sure all critical updates and patches are checked for download and installation.
Press the Install Updates ... button to begin downloading and installing the updates
After successfully installing the critical updates and patches...
! IMPORTANT ! reboot your computer normally (again) before proceeding.

#15
rkinsey1313

Posted 29 January 2011 - 11:10 AM

Member

Topic Starter
Member
90 posts

Hey ST. I ran Automatic Windows Updates. Downloaded 137 updates. I was having issues in the past downloading them so I had turned them off. It seems like that problem was fixed and I was able to update. I also updated Adobe and to SP3. Here is the MBAM and OTL Logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5633

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/29/2011 12:03:44 AM
mbam-log-2011-01-29 (00-03-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 265095
Time elapsed: 59 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 3287682 bytes
->Temporary Internet Files folder emptied: 6303075 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 86016193 bytes
->Flash cache emptied: 2362 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7082 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 602624 bytes

Total Files Cleaned = 92.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 01292011_081108

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Im gonna play a game and see if the Latency issues seem to be completely gone. Then I will post back with how good the computer is running.