ComboFix 10-04-21.01 - Mohna 04/24/2010 21:49:19.2.1 - x86
Microsoft
Windows Vista
Home Premium 6.0.6000.0.1252.1.1033.18.895.135 [GMT -5:00]
Running from: c:\users\Mohna\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Naeem\AppData\Local\temp
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Minna\AppData\Local\temp
2010-04-25 03:02 . 2010-04-25 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 23:12 . 2010-04-24 23:11 61696 ----a-w- c:\users\Mohna\AppData\Local\asam.exe
2010-04-24 23:11 . 2010-04-24 23:11 61696 ----a-w- c:\users\Mohna\AppData\Local\syssvc.exe
2010-04-24 23:08 . 2010-04-24 23:08 -------- d-----w- c:\users\Mohna\AppData\Local\tarhowcaa
2010-04-24 00:14 . 2010-04-24 00:14 -------- d-----w- c:\users\Mohna\AppData\Local\avG
2010-04-24 00:14 . 2010-04-24 00:14 -------- d-----w- c:\programdata\avG
2010-04-24 00:13 . 2010-04-24 00:13 -------- d-----w- c:\users\Mohna\AppData\Roaming\24174809A31F690B8A343C4C0AF43F1F
2010-04-14 02:41 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 02:41 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 02:41 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 02:41 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 02:41 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 02:41 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 02:40 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 02:40 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 02:40 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 02:40 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-14 02:40 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-14 02:40 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-14 00:39 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 00:18 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-02 18:27 . 2010-04-02 18:19 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-02 18:27 . 2010-04-02 18:17 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-02 18:27 . 2010-04-02 18:27 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-02 18:26 . 2010-04-02 18:26 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-02 18:26 . 2010-04-02 18:26 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-02 18:26 . 2010-04-02 18:26 57677 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-02 18:24 . 2010-04-07 12:50 -------- d-----w- c:\users\Mohna\AppData\Roaming\DivX
2010-04-02 18:22 . 2010-04-02 18:22 84035 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-02 18:22 . 2010-04-02 18:22 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-02 18:21 . 2010-04-02 18:21 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 18:20 . 2010-04-02 18:20 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-02 18:20 . 2010-04-02 18:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-02 18:20 . 2010-04-02 18:20 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-04-02 18:19 . 2010-04-02 18:26 -------- d-----w- c:\program files\DivX
2010-04-02 18:19 . 2010-04-02 18:19 62776 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-02 18:18 . 2010-04-02 18:27 -------- d-----w- c:\programdata\DivX
2010-03-28 07:40 . 2010-03-28 07:41 20846064 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-26 03:53 . 2010-03-26 03:53 -------- d-----w- c:\users\Mohna\AppData\Roaming\Leawo
2010-03-26 03:48 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-03-26 03:48 . 2010-03-26 03:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 03:47 . 2010-03-26 03:47 -------- d-----w- c:\program files\Leawo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 02:43 . 2008-03-03 04:08 -------- d-----w- c:\users\Mohna\AppData\Roaming\Spare Backup
2010-04-24 23:29 . 2008-04-15 01:16 24634 ----a-w- c:\users\Mohna\AppData\Roaming\wklnhst.dat
2010-04-24 02:21 . 2008-04-20 20:55 -------- d-----w- c:\programdata\Google Updater
2010-04-23 23:00 . 2008-12-14 00:41 -------- d-----w- c:\program files\Norton Security Scan
2010-04-18 19:43 . 2010-03-11 23:41 439816 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-14 23:31 . 2010-01-23 18:53 -------- d-----w- c:\users\Mohna\AppData\Roaming\TuneUpMedia
2010-04-14 18:57 . 2007-11-18 01:40 -------- d-----w- c:\programdata\WildTangent
2010-04-14 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-13 20:13 . 2007-11-18 01:35 -------- d-----w- c:\program files\Google
2010-04-02 18:22 . 2008-11-29 02:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-26 16:47 . 2009-10-11 04:35 -------- d-sh--w- c:\users\Mohna\AppData\Roaming\twain32
2010-03-26 00:46 . 2010-03-26 00:46 -------- d-----w- c:\program files\3ivx
2010-03-26 00:46 . 2010-03-26 00:46 -------- d-----w- c:\program files\Flip Video
2010-03-26 00:45 . 2010-03-26 00:45 -------- d-----w- c:\programdata\Flip Video
2010-03-12 07:42 . 2010-03-12 07:42 8405312 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-12 07:42 . 2010-03-12 07:42 149000 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-12 07:42 . 2010-03-12 07:42 10309448 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-12 07:42 . 2010-03-12 07:42 283280 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-12 07:42 . 2010-03-12 07:42 181768 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-12 07:42 . 2010-03-12 07:42 79368 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-12 07:42 . 2010-03-12 07:42 64000 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-12 07:42 . 2010-03-12 07:42 52288 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-12 07:42 . 2010-03-12 07:42 50688 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-12 07:42 . 2010-03-12 07:42 118784 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-12 07:42 . 2010-03-12 07:42 49152 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-09 16:54 . 2010-03-31 00:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-03-31 00:33 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-03-31 00:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-03-31 00:33 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-03-31 00:33 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-03-31 00:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-03-31 00:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-04 02:19 . 2009-04-15 21:23 1356 ----a-w- c:\users\Mohna\AppData\Local\d3d9caps.dat
2010-03-03 02:43 . 2010-03-03 02:43 -------- d-----w- c:\program files\RegCure
2010-03-03 02:43 . 2010-03-03 02:43 -------- d-----w- c:\programdata\RegCure
2010-03-01 20:03 . 2008-05-07 20:21 -------- d-----w- c:\users\Naeem\AppData\Roaming\Spare Backup
2010-03-01 19:57 . 2008-05-07 20:20 104008 ----a-w- c:\users\Naeem\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 23:41 . 2009-11-24 06:17 439816 ----a-w- c:\users\Mohna\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-24 14:11 . 2008-03-03 04:08 104008 ----a-w- c:\users\Mohna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:54 . 2010-03-10 09:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-10 09:01 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-10 09:01 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 16:07 . 2008-03-10 20:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe
2010-02-16 16:07 . 2008-03-10 20:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-01-28 07:47 . 2010-01-28 07:47 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD3EA.tmp.exe
2010-01-25 12:58 . 2010-02-23 22:19 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-23 22:19 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-23 22:19 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-23 22:19 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-23 22:19 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-23 22:19 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-23 22:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-23 22:19 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:19 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 05:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-04-11 2321600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"kaaojsou"="c:\users\Mohna\AppData\Local\tarhowcaa\kgqntsktssd.exe" [2010-04-24 272640]
"asam"="c:\users\Mohna\AppData\Local\asam.exe" [2010-04-24 61696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-18 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 185896]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
c:\users\Minna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-3-10 106496]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2675523129-3664480364-4030225571-1000]
"EnableNotificationsRef"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080429.001\IDSvix86.sys [2008-02-13 261680]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-02-13 109616]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-18 04:59]
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 06:54]
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 06:54]
2010-04-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mohna.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]
2010-04-23 c:\windows\Tasks\Norton Security Scan for Mohna.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]
2010-04-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
2010-04-25 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
2010-03-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642mStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Mohna\AppData\Roaming\Mozilla\Firefox\Profiles\rujx6o7t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\users\Mohna\Downloads\components\coFFPlgn.dll
FF - component: c:\users\Mohna\Downloads\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Mohna\AppData\Roaming\Mozilla\Firefox\Profiles\rujx6o7t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\np-mswmp.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\npCouponPrinter.dll
FF - plugin: c:\users\Mohna\Downloads\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 22:02
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5036)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Completion time: 2010-04-24 22:07:35
ComboFix-quarantined-files.txt 2010-04-25 03:07
ComboFix2.txt 2010-04-25 02:36
Pre-Run: 156,552,335,360 bytes free
Post-Run: 156,497,797,120 bytes free
- - End Of File - - BB59297C186526B9289F023B244F7A12