ComboFix 11-05-14.01 - Owner 15/05/2011 10:25:44.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.331 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 09:33 . 2011-05-15 09:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKsld931e1f3.sys
2011-05-15 09:15 . 2011-05-15 09:15 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKslca26fab0.sys
2011-05-15 09:14 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\mpengine.dll
2011-05-15 09:06 . 2011-05-15 09:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 10:34 . 2011-05-14 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2011-05-14 08:29 . 2011-05-14 08:29 -------- d-----w- c:\program files\ESET
2011-05-08 11:48 . 2011-05-09 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Ulirmo
2011-05-05 21:22 . 2011-05-05 21:22 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-05 21:22 . 2011-05-05 21:22 -------- d-----w- c:\program files\Trend Micro
2011-05-05 21:20 . 2011-05-05 21:20 -------- d-----w- c:\program files\Common Files\Java
2011-05-05 20:44 . 2011-05-05 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-05 20:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 20:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 20:32 . 2011-05-05 20:32 -------- d-----w- c:\program files\CCleaner
2011-05-05 18:46 . 2011-05-05 18:46 114176 --sha-r- c:\windows\system32\rpcns4H.dll
2011-05-05 18:46 . 2011-05-05 18:46 114176 --sha-r- c:\windows\system32\logonuiv.dll
2011-05-05 18:46 . 2011-05-05 18:46 114176 --sha-r- c:\windows\system32\ialmuTHAU.dll
2011-04-29 12:34 . 2011-04-29 12:34 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 12:30 . 2011-04-29 12:33 -------- d-s---w- c:\documents and settings\Administrator
2011-04-29 06:43 . 2011-04-29 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Sibelius Software
2011-04-28 23:18 . 2011-04-28 23:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-28 23:18 . 2011-04-28 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-28 23:18 . 2011-05-05 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-28 22:38 . 2011-04-28 22:38 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-04-28 22:38 . 2011-05-08 11:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-25 15:51 . 2011-04-25 15:51 -------- d-----w- c:\program files\iPod
2011-04-25 15:51 . 2011-04-25 15:53 -------- d-----w- c:\program files\iTunes
2011-04-25 15:46 . 2011-04-25 15:46 -------- d-----w- c:\program files\Bonjour
2011-04-25 14:07 . 2011-04-25 14:07 -------- d-----r- C:\MSOCache
2011-04-25 13:59 . 2011-04-25 13:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
2011-04-25 13:59 . 2011-05-14 11:28 -------- d-----w- c:\documents and settings\Owner\Application Data\SoftGrid Client
2011-04-25 13:59 . 2011-04-25 13:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
2011-04-25 13:59 . 2011-05-14 11:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2011-04-25 13:57 . 2011-04-25 13:57 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-04-25 13:57 . 2011-04-29 12:38 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-04-25 13:56 . 2011-04-25 14:01 -------- d-----w- c:\documents and settings\Owner\Application Data\TP
2011-04-18 21:13 . 2011-04-18 21:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2011-04-18 21:12 . 2011-04-18 21:12 -------- d-----w- c:\program files\Amazon
2011-04-17 14:07 . 2011-04-17 14:07 -------- d-----w- c:\windows\Sun
2011-04-16 14:29 . 2011-04-16 14:29 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2011-04-16 14:26 . 2011-04-16 14:26 -------- d-----w- c:\program files\OpenOffice.org 3
2011-04-16 14:25 . 2011-04-14 04:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-16 14:25 . 2011-04-14 01:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-16 14:25 . 2011-05-05 21:20 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2011-04-29 06:43 . 2011-04-29 06:43 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
2011-04-11 07:04 . 2011-02-06 22:20 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33 . 2011-01-11 19:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-01-19 20:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-09_16.53.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 09:59 . 2011-01-11 09:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-05-15 09:33 . 2011-05-15 09:33 16384 c:\windows\temp\Perflib_Perfdata_74c.dat
+ 2011-01-11 09:59 . 2011-01-11 09:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-05-15 09:06 . 2011-05-15 09:06 240288 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-15 09:06 . 2011-05-15 09:06 321184 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
+ 2011-05-09 17:10 . 2011-05-09 17:10 223232 c:\windows\Installer\186080.msi
+ 2011-01-11 09:59 . 2011-01-11 09:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 09:59 . 2011-01-11 09:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-19 20:26 . 2011-05-11 17:41 42829768 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-08 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKslca26fab0;MpKslca26fab0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKslca26fab0.sys [15/05/2011 10:15 28752]
R1 MpKsld931e1f3;MpKsld931e1f3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A938866-38C7-452E-BE72-C0210707AC87}\MpKsld931e1f3.sys [15/05/2011 10:33 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [22/02/2007 12:28 30864]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 02:33 821664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 01:10 483688]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 01:10 209768]
S0 nwba;nwba;c:\windows\system32\drivers\fxufjr.sys --> c:\windows\system32\drivers\fxufjr.sys [?]
S2 AMService;AMService;c:\windows\TEMP\kixd\setup.exe run --> c:\windows\TEMP\kixd\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 11:00 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\WMZuneComm.exe [11/11/2010 14:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD931E1F3
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-05-15 10:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(724)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
f:\zune\ZuneBusEnum.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\stsystra.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-05-15 10:38:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-15 09:38
ComboFix2.txt 2011-05-11 17:19
ComboFix3.txt 2011-05-10 17:23
ComboFix4.txt 2011-05-09 16:54
.
Pre-Run: 487,744,663,552 bytes free
Post-Run: 487,813,476,352 bytes free
.
- - End Of File - - 089C36B5AA4188206B2D13BE7F2779A3