Success at last
ComboFix 12-01-30.02 - Terry and Tracey 02/02/2012 22:43:33.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1765 [GMT 0:00]
Running from: G:\Link1.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-01 03:08 . 2012-02-01 03:09 -------- d-----w- c:\program files\CCleaner
2012-01-23 23:08 . 2012-01-23 23:08 -------- d-----w- c:\documents and settings\Terry and Tracey\Local Settings\Application Data\Mozilla
2012-01-22 22:39 . 2012-01-22 22:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 22:39 . 2012-01-22 22:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:12 . 2012-01-12 16:12 -------- d-----w- c:\documents and settings\Terry and Tracey\Application Data\ArcSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-22 21:59 . 2011-09-06 11:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 12:23 . 2011-12-14 12:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-12 02:35 . 2011-09-05 02:50 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-12-12 02:35 . 2011-09-05 02:50 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-12-12 01:52 . 2011-09-05 02:50 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-12-10 15:24 . 2011-09-05 21:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2002-08-29 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-08-29 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-08-29 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2002-08-29 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-08-29 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2009-02-10 18:07 . 2009-02-10 18:07 18734784 ----a-w- c:\program files\Realtek sound driver.exe
2009-01-16 17:35 . 2009-02-10 12:57 17133432 ----a-w- c:\program files\SystemMechanic.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Terry and Tracey\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Terry and Tracey\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [05/09/2011 02:50 722616]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [14/10/2010 16:08 11352]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [07/12/2011 17:01 228208]
S1 RapportEI;RapportEI;\??\c:\program files\Trusteer\Rapport\bin\RapportEI.sys --> c:\program files\Trusteer\Rapport\bin\RapportEI.sys [?]
S1 RapportPG;RapportPG;\??\c:\program files\Trusteer\Rapport\bin\RapportPG.sys --> c:\program files\Trusteer\Rapport\bin\RapportPG.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [25/07/2011 12:57 27016]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [25/07/2011 12:57 493184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [05/09/2011 01:16 2214504]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [25/07/2011 12:57 36744]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\program files\MSI\Live Update 5\msibios32_100507.sys --> c:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\program files\MSI\Live Update 5\NTIOLib.sys --> c:\program files\MSI\Live Update 5\NTIOLib.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1383384898-839522115-1004Core.job
- c:\documents and settings\Terry and Tracey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-05 02:36]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1383384898-839522115-1004UA.job
- c:\documents and settings\Terry and Tracey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-05 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-02-02 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(200)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\l3codeca.acm
.
- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-02-02 22:52:43
ComboFix-quarantined-files.txt 2012-02-02 22:52
.
Pre-Run: 206,792,704,000 bytes free
Post-Run: 206,894,256,128 bytes free
.
- - End Of File - - BF6A340DE6CB7B3FF8B5ECB5012E2AE4