ComboFix 12-06-28.03 - Saeid 06/29/2012 9:23.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.981.1033.18.3063.1879 [GMT 4.5:30]
Running from: c:\users\Saeid\Documents\Downloads\Programs\ComboFix.exe
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\dmlconf.dat
c:\users\Saeid\AppData\Local\assembly\tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lsprst7.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-27 13:30 . 2012-06-27 13:30 -------- d-----w- c:\programdata\Yahoo! Companion
2012-06-27 12:47 . 2012-06-27 12:47 -------- d-----w- c:\programdata\Malwarebytes
2012-06-27 12:47 . 2012-06-27 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-27 12:47 . 2012-04-04 11:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 12:14 . 2012-06-27 12:14 -------- d-----w- c:\program files\Defraggler
2012-06-27 12:14 . 2012-06-27 12:14 -------- d-----w- c:\program files\Speccy
2012-06-27 12:12 . 2012-06-27 12:12 -------- d-----w- c:\program files\Recuva
2012-06-26 11:22 . 2012-05-31 03:41 6762896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3581FE0-EE13-4696-BFB0-EF95E33069F1}\mpengine.dll
2012-06-22 08:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:11 . 2012-06-02 10:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:11 . 2012-06-02 10:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 12:44 . 2012-06-25 13:25 -------- d-----w- c:\programdata\CPA_VA
2012-06-21 11:40 . 2009-10-20 16:04 162320 ------w- c:\program files\Mozilla *Blocked Russian URL*\components\KavLinkFilter.dll
2012-06-15 16:16 . 2012-06-15 16:16 -------- d-----w- c:\users\Saeid\AppData\Roaming\SUPERAntiSpyware.com
2012-06-15 16:16 . 2012-06-21 20:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-15 16:16 . 2012-06-15 16:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-14 15:58 . 2012-06-21 11:39 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2012-06-14 15:58 . 2012-06-21 11:39 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2012-06-14 15:54 . 2010-07-01 17:04 109240 ------w- c:\program files\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
2012-06-14 15:32 . 2012-06-14 15:32 -------- d-----w- c:\windows\system32\MpEngineStore
2012-06-14 13:25 . 2012-06-21 11:30 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2012-06-13 12:46 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 12:46 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 12:41 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 12:41 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 12:41 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 12:41 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 12:20 . 2012-06-13 12:20 423656 ------w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-06-13 12:20 . 2012-06-13 12:20 423656 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-11 10:24 . 2012-06-11 10:24 -------- d-----w- c:\users\Saeid\AppData\Roaming\Media Player Classic
2012-06-11 10:23 . 2006-09-13 18:44 593938 ----a-w- c:\windows\system32\x264vfw.dll
2012-06-11 10:23 . 2006-06-21 08:12 200704 ----a-w- c:\windows\system32\ssldivx.dll
2012-06-11 10:23 . 2006-06-21 08:12 1044480 ----a-w- c:\windows\system32\libdivx.dll
2012-06-11 10:23 . 2006-05-24 20:17 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2012-06-11 10:23 . 2006-05-24 20:16 200704 ----a-w- c:\windows\system32\dtu100.dll
2012-06-11 10:23 . 2006-05-13 18:46 118784 ----a-w- c:\windows\system32\ac3acm.acm
2012-06-11 10:23 . 2006-04-07 22:43 90112 ----a-w- c:\windows\system32\dpl100.dll
2012-06-11 10:23 . 2006-02-27 11:00 217088 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-11 10:23 . 2003-06-22 22:14 1415680 ----a-w- c:\windows\system32\WMV9VCM.dll
2012-06-11 10:23 . 2006-07-03 19:10 620180 ----a-w- c:\windows\system32\divx.dll
2012-06-11 10:23 . 2012-06-11 10:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-06-01 17:15 . 2012-06-29 05:01 -------- d-----w- c:\users\Saeid\AppData\Local\assembly
2012-06-01 17:10 . 2012-06-01 17:15 -------- d-----w- c:\users\Saeid\AppData\Local\VisualBeeClient
2012-05-31 15:16 . 2012-05-31 15:16 -------- d-----w- C:\Documents
2012-05-31 11:52 . 2012-05-31 11:52 -------- d-----w- c:\users\Saeid\AppData\Roaming\MathWorks
2012-05-31 06:49 . 2004-03-01 18:35 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-05-31 06:14 . 2012-05-31 06:14 -------- d-----w- c:\program files\MATLAB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 21:59 . 2011-11-15 18:04 97208 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ------w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-23 1594664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"HostManager"="c:\program files\Common Files\AOL\1332525462\ee\AOLSoftware.exe" [2009-07-20 41264]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 dvxrctzt;dvxrctzt;c:\windows\system32\drivers\dvxrctzt.sys
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys
R1 SASKUTIL;SASKUTIL;
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl32.sys
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: Add to Anti-Banner - %ProductRoot%\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{081331FC-0698-45FF-A217-F68D7A67B14D}: NameServer = 192.168.1.3 192.168.1.2
TCP: Interfaces\{EB069C30-DB0F-4DAE-83D4-466F9A5FEFE4}: NameServer = 8.4.4.8,3.2.2.3
FF - ProfilePath - c:\users\Saeid\AppData\Roaming\Mozilla\Firefox\Profiles\qaurd1x0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=55555
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 0
FF - user.js: protocol-handler.warn-external.dnUpdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0e38f85e-eee9-426a-ae1c-60c36b729951} - (no file)
HKLM-Run-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
AddRemove-{2C72D4EA-BA65-4B9D-92F9-B916A25A8C4D}_is1 - c:\program files\TKM17\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1338443668-846065355-974167902-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,88,68,61,66,d5,35,e4,b7,c5,6a,2f,15,55,a4,7a,45,55,3b,d5,75,31,69,
cc,2d,4a,31,52,d8,3e,6e,cf,5b,5f,0c,2e,c9,48,50,70,5a,49,98,2a,26,be,a6,e6,\
"??"=hex:fe,94,16,33,a2,f0,68,4b,6b,9d,81,d8,7c,85,bb,9d
.
[HKEY_USERS\S-1-5-21-1338443668-846065355-974167902-1000_Classes\CLSID\{01680c4a-b31f-45d3-8be1-b859b4623e35}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000028
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1338443668-846065355-974167902-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,d8,92,eb,22,77,b1,b4,34,91,07,25,ff,2e,77,3c,bb,80,33,ab,b8,
d7,2f,07,46,07,e5,b1,19,39,ef,99,67,03,07,de,17,77,9b,1a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\guard32.dll
.
Completion time: 2012-06-29 09:39:07
ComboFix-quarantined-files.txt 2012-06-29 05:09
.
Pre-Run: 36,514,598,912 bytes free
Post-Run: 36,162,297,856 bytes free
.
- - End Of File - - ED5A56F1DA15E4B0EB76CB998FD10176