ComboFix 11-01-20.03 - yuvi 01/21/2011 20:02:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.288 [GMT 5.5:30]
Running from: f:\documents and settings\yuvi\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.
2011-01-21 02:21 . 2011-01-21 02:21 -------- d-----w- F:\Intel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="f:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-20 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCtlSuc"="f:\program files\3G Data Card\Resource\MCtlSuc.exe" [2010-09-26 94720]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="f:\windows\system32\igfxpers.exe" [2008-02-15 131072]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:55 PM 12872]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 12:11 AM 67656]
R3 u302bus;HSPADataCard WMC Bus Driver (WDM);f:\windows\system32\drivers\u302bus.sys [7/30/2010 9:23 AM 119112]
R3 u302mdfl;HSPADataCard Modem Filter;f:\windows\system32\drivers\u302mdfl.sys [7/30/2010 9:23 AM 14920]
R3 u302mdm;HSPADataCard Modem Driver;f:\windows\system32\drivers\u302mdm.sys [7/30/2010 9:23 AM 135880]
R3 u302mgmt;HSPADataCard USB Device Management Drivers (WDM);f:\windows\system32\drivers\u302mgmt.sys [7/30/2010 9:23 AM 129992]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [1/20/2011 5:47 PM 136176]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [1/21/2011 7:46 AM 1684736]
.
Contents of the 'Scheduled Tasks' folder
2011-01-21 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:17]
2011-01-21 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {45FA6F7A-2BB7-47DA-A79B-046BD0F1EC3F} = 4.2.2.2 218.248.240.135
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-SpybotSD TeaTimer - f:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-21 20:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(560)
f:\program files\SUPERAntiSpyware\SASWINLO.DLL
f:\windows\system32\igfxdev.dll
.
Completion time: 2011-01-21 20:15:19
ComboFix-quarantined-files.txt 2011-01-21 14:45
ComboFix2.txt 2011-01-19 23:59
Pre-Run: 16,009,834,496 bytes free
Post-Run: 16,521,809,920 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 030C7A329611EB73B5F000CECCB717FE