ComboFix 10-07-29.01 - user 07/30/2010 10:59:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.335 [GMT 5.5:30]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.
2010-07-30 05:21 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PMB Files
2010-07-30 05:21 . 2010-07-30 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-30 04:41 . 2010-07-30 04:41 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-07-30 04:27 . 2010-07-30 04:27 -------- d-----w- c:\program files\Pando Networks
2010-07-30 02:38 . 2010-07-30 02:38 -------- d-----w- c:\program files\Microsoft
2010-07-30 02:38 . 2010-07-30 02:38 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-30 02:19 . 2009-08-06 13:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-29 05:32 . 2010-07-29 05:32 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-29 05:32 . 2010-07-29 05:32 -------- d-----w- c:\program files\Trend Micro
2010-07-29 03:56 . 2010-07-29 03:56 63488 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-29 03:56 . 2010-07-29 03:56 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-29 03:56 . 2010-07-29 03:56 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-29 03:56 . 2010-07-29 03:56 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-07-29 03:56 . 2010-07-29 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 03:55 . 2010-07-29 03:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-28 19:12 . 2010-07-28 19:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-26 13:31 . 2010-07-26 13:31 -------- d-----w- c:\program files\Common Files\Skype
2010-07-06 17:38 . 2010-07-06 17:38 0 ----a-w- c:\windows\nsreg.dat
2010-07-06 15:46 . 2010-07-06 15:46 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\msvcp71.dll
2010-07-06 15:46 . 2010-07-06 15:46 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\jmc.dll
2010-07-06 15:46 . 2010-07-06 15:46 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28e5daf6-n\msvcr71.dll
2010-07-06 15:46 . 2010-07-06 15:46 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f78f94e-n\decora-sse.dll
2010-07-06 15:46 . 2010-07-06 15:46 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f78f94e-n\decora-d3d.dll
2010-07-05 10:39 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-02 14:33 . 2010-07-02 14:33 129552 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2010-07-02 14:33 . 2010-07-02 14:33 129624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 05:23 . 2009-12-15 09:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-30 04:52 . 2009-12-05 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-30 04:15 . 2009-12-15 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-07-30 03:45 . 2009-02-13 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-30 02:38 . 2009-09-19 08:52 -------- d-----w- c:\program files\Windows Live
2010-07-30 02:25 . 2009-12-05 02:43 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-30 02:25 . 2009-12-05 02:43 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-30 02:01 . 2009-11-08 17:44 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2010-07-30 01:10 . 2009-11-08 17:46 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2010-07-28 19:11 . 2010-05-02 04:37 -------- d-----w- c:\program files\Java
2010-07-28 19:08 . 2009-10-31 03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 16:36 . 2010-04-05 14:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-23 08:55 . 2009-11-24 15:35 -------- d-----w- c:\documents and settings\user\Application Data\BitTorrent
2010-07-23 07:23 . 2009-09-19 08:18 70516 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-21 10:20 . 2009-02-13 06:58 87736 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 23:30 . 2010-05-02 04:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 15:26 . 2010-05-23 05:13 -------- d-----w- c:\program files\JetAudio
2010-06-14 14:31 . 2009-02-13 06:49 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2009-12-05 03:08 . 2009-12-05 03:08 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-07-29_07.09.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-30 05:35 . 2010-07-30 05:35 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat
+ 2010-04-16 16:42 . 2010-04-16 16:42 48464 c:\windows\system32\sirenacm.dll
+ 2008-04-14 12:00 . 2010-07-30 04:57 68558 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-07-29 05:31 68558 c:\windows\system32\perfc009.dat
+ 2010-07-30 02:38 . 2010-07-30 02:38 27136 c:\windows\Installer\42e37c5.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37 83456 c:\windows\Installer\42e37a5.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37 58880 c:\windows\Installer\42e379d.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38 61272 c:\windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
+ 2010-07-30 02:39 . 2010-07-30 02:39 80395 c:\windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}\MsblIco.Exe
- 2009-02-13 05:26 . 2009-02-13 05:26 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-13 05:26 . 2009-02-13 05:26 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-13 05:26 . 2009-02-13 05:26 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-14 12:00 . 2010-07-29 05:31 435828 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-07-30 04:57 435828 c:\windows\system32\perfh009.dat
+ 2009-08-06 13:53 . 2009-08-06 13:53 215904 c:\windows\system32\muweb.dll
+ 2010-07-30 03:44 . 2010-07-30 03:44 195584 c:\windows\Installer\46abb05.msi
+ 2010-07-30 03:43 . 2010-07-30 03:43 248832 c:\windows\Installer\46abae2.msi
+ 2010-07-30 02:39 . 2010-07-30 02:39 429056 c:\windows\Installer\42e37d7.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38 155648 c:\windows\Installer\42e37cd.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38 140288 c:\windows\Installer\42e37bd.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38 202752 c:\windows\Installer\42e37b5.msi
+ 2010-07-30 02:38 . 2010-07-30 02:38 149504 c:\windows\Installer\42e37ad.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37 107008 c:\windows\Installer\42e3795.msi
+ 2010-07-30 02:37 . 2010-07-30 02:37 301056 c:\windows\Installer\42e378d.msi
- 2009-02-13 05:26 . 2009-02-13 05:26 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-13 05:26 . 2009-02-13 05:26 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-13 05:26 . 2009-02-13 05:26 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-13 05:25 . 2009-02-13 05:25 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-13 05:26 . 2010-07-30 03:45 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-13 05:26 . 2009-02-13 05:26 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-13 05:25 . 2009-02-13 05:25 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-13 05:25 . 2009-02-13 05:25 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-25 13:38 . 2009-02-25 13:38 8311808 c:\windows\Installer\46abb1c.msp
+ 2010-06-11 05:33 . 2010-06-11 05:33 5021184 c:\windows\Installer\46abafa.msp
- 2009-02-13 05:25 . 2009-02-13 05:25 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-13 05:25 . 2009-02-13 05:25 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-13 05:25 . 2010-07-30 03:45 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-09-15 10:55 . 2006-09-15 10:55 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2008-09-24 06:35 . 2008-09-24 06:35 16381440 c:\windows\Installer\46abb4e.msp
+ 2008-08-11 06:19 . 2008-08-11 06:19 22457344 c:\windows\Installer\46abb35.msp
+ 2006-10-27 09:56 . 2006-10-27 09:56 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 12:34 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-20 450649]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"nwiz"="nwiz.exe" [2008-09-19 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"f:\\Torrrent\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2030:TCP"= 2030:TCP:ponvcj
"58306:TCP"= 58306:TCP:Pando Media Booster
"58306:UDP"= 58306:UDP:Pando Media Booster
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/13/2009 12:43 PM 41376]
S2 lpjsyzst;vvkbua;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:30 PM 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\LOCALS~1\Temp\LMT14F.tmp --> c:\docume~1\user\LOCALS~1\Temp\LMT14F.tmp [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lpjsyzst
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 12:26 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
2010-07-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lk/
IE: &Clean Traces - f:\dap\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\dap\dapextie.htm
IE: Download &all with DAP - f:\dap\dapextie2.htm
TCP: {6571282B-F1BC-4B72-8E00-7178E9D8D3EB} = 192.168.202.2
TCP: {E7AFF422-238A-409F-946F-02FB324F93EF} = 172.19.10.25 203.115.24.221
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5k8ztsv0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lk/
FF - prefs.js: network.proxy.type - 0
FF - component: f:\dap\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-30 11:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\LMT14F.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpjsyzst]
"ServiceDll"="c:\windows\system32\thspqdv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-796845957-813497703-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\documents and settings\user\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-07-30 11:10:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 05:40
ComboFix2.txt 2010-07-29 07:12
Pre-Run: 23,808,303,104 bytes free
Post-Run: 23,803,645,952 bytes free
- - End Of File - - 669A7A41BD6EA73AE549EFE82650D9C5