ComboFix 10-09-13.01 - Wanda_2 09/14/2010 20:26:36.17.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1195 [GMT -4:00]
Running from: c:\documents and settings\Wanda_2\Desktop\ComboFix.exe
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hostntfscat.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.
2010-09-13 01:43 . 2010-09-13 01:39 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-09-10 20:11 . 2010-09-10 20:11 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-09-10 20:11 . 2010-09-10 20:11 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-09-10 20:11 . 2010-09-10 20:11 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-09-10 20:11 . 2010-09-10 20:11 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-09-10 20:11 . 2010-09-10 20:11 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-09-10 20:11 . 2010-09-10 20:11 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-09-10 20:11 . 2010-09-10 20:11 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-09-10 20:11 . 2010-09-10 20:11 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-09-10 20:11 . 2010-09-10 20:11 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-09-10 20:11 . 2010-09-10 20:11 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-09-10 20:11 . 2010-09-10 20:11 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-09-10 20:11 . 2010-09-10 20:11 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-08-27 00:47 . 2010-08-27 01:13 546 ----a-w- c:\windows\checkip.dat
2010-08-23 02:03 . 2010-08-23 02:03 -------- d-----w- c:\documents and settings\Jewel\Application Data\GameMill
2010-08-22 23:34 . 2010-08-22 23:34 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\GameMill
2010-08-22 23:34 . 2010-08-22 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GameMill
2010-08-22 23:34 . 2008-10-27 14:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-08-22 23:34 . 2008-10-27 14:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-08-22 23:34 . 2008-10-10 08:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-22 23:34 . 2008-10-10 08:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-08-22 23:34 . 2008-10-10 08:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-08-22 23:32 . 2010-08-22 23:32 -------- d-----w- c:\windows\Logs
2010-08-22 23:30 . 2010-08-22 23:30 -------- d-----w- c:\documents and settings\Lexi_2\Local Settings\Application Data\Downloaded Installations
2010-08-22 23:29 . 2010-08-22 23:32 -------- d-----w- c:\program files\Game Mill Entertainment
2010-08-22 21:09 . 2010-08-22 21:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-22 20:56 . 2010-08-22 20:56 -------- d-----w- C:\ProgramData
2010-08-22 20:56 . 2010-08-22 20:56 -------- d-----w- c:\program files\Angle Interactive
2010-08-21 16:30 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-21 16:28 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 16:25 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-21 16:23 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 00:37 . 2008-09-09 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-15 00:26 . 2010-09-15 00:26 880 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-13 01:38 . 2009-11-13 17:57 -------- d-----w- c:\program files\SpywareGuard
2010-09-13 01:38 . 2009-09-26 02:22 -------- d-----w- c:\program files\STOPzilla!
2010-09-11 13:47 . 2010-03-21 17:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-11 13:38 . 2009-08-07 18:22 117760 ----a-w- c:\documents and settings\Wanda_2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-11 13:38 . 2009-08-07 18:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-11 04:54 . 2008-09-21 01:58 -------- d-----w- c:\program files\Total 3D Home
2010-09-10 19:00 . 2008-04-19 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-10 00:49 . 2008-10-01 01:42 81920 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\screensavercontoller.dll
2010-09-10 00:49 . 2008-10-01 01:42 151552 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\sysinfo.exe
2010-09-10 00:49 . 2008-10-01 01:42 1153816 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\flash.exe
2010-09-10 00:49 . 2008-10-01 01:42 1638404 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\swfplayer.exe
2010-09-06 16:38 . 2008-09-27 15:16 -------- d-----w- c:\documents and settings\Jewel\Application Data\Smilebox
2010-09-05 13:22 . 2008-09-23 13:52 68160 ----a-w- c:\documents and settings\Wanda_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-28 13:57 . 2008-09-07 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-08-28 13:57 . 2008-07-26 16:11 -------- d-----w- c:\program files\Yahoo! Games
2010-08-22 21:12 . 2010-08-22 21:12 4720 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-08-22 09:54 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA
2010-08-22 07:17 . 2008-04-19 04:44 -------- d-----w- c:\program files\Microsoft Works
2010-08-09 02:02 . 2008-07-21 02:42 134 ----a-w- c:\documents and settings\Jewel\Application Data\wklnhst.dat
2010-08-04 12:17 . 2010-08-01 21:25 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\ShopperReports3
2010-08-04 12:16 . 2010-08-04 12:16 -------- d-----w- c:\program files\Dogpile Toolbar
2010-08-04 12:16 . 2009-11-15 14:23 -------- d-----w- c:\program files\PlaySushi
2010-08-03 19:17 . 2010-08-03 19:17 -------- d-----w- c:\program files\FacePaint
2010-08-02 12:52 . 2010-08-02 12:52 202752 ----a-w- c:\documents and settings\Lexi_2\Application Data\Mozilla\Firefox\Profiles\zj3jvf37.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
2010-08-02 12:52 . 2010-08-02 12:52 202752 ----a-w- c:\documents and settings\Lexi_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\Jewel\Application Data\ShopperReports3
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\program files\QuestDns
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\QuestDns
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\program files\ClickPotatoLite
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\documents and settings\Jewel\Application Data\ClickPotatoLite
2010-08-01 18:39 . 2010-08-01 18:39 -------- d-----w- c:\program files\ShopperReports3
2010-07-30 16:47 . 2010-08-01 18:39 57600 ----a-w- c:\documents and settings\All Users\Application Data\QuestDns\questdns110.exe
2010-06-30 12:31 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 17:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 17:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 17:51 80384 ----a-w- c:\windows\system32\iccvid.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-09-13 00:06 2735200 ----a-w- c:\program files\IObitCom\tbIOb0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb0.dll" [2010-09-13 2735200]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb0.dll" [2010-09-13 2735200]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1411.0\mswinext.exe" [2010-03-16 243032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"uibootpack.exe"="c:\documents and settings\All Users\Start Menu\Programs\Startup\uibootpack.exe" [2010-09-15 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\Wanda_2\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-5-10 1089536]
uibootpack.exe [2010-9-14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jewel^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lexi_2^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Lexi_2\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Wanda_2^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Wanda_2\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-01-20 01:46 342848 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2008-02-15 11:03 1052672 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-07-28 19:01 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1208580525\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=
"c:\\Program Files\\iWin Games\\iWinTrusted.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [7/20/2008 4:33 PM 16855]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 1:30 PM 78104]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 6:57 PM 18944]
R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 2:36 PM 32528]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [1/11/2010 9:50 PM 104960]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [7/20/2008 4:33 PM 21808]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [1/11/2010 9:50 PM 14336]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [8/26/2008 5:14 PM 20496]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 gupdate1ca26895b87caa0;Google Update Service (gupdate1ca26895b87caa0);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 4:11 PM 133104]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 6:22 PM 71512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 20:11]
2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 20:11]
2010-08-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]
2010-09-15 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]
2010-09-10 c:\windows\Tasks\Norton Security Scan for Wanda_2.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-29 23:58]
2010-09-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{B6408099-33BB-431F-905A-F6A5D1FC4BBD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.myembarq.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} -
hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cabDPF: {E6BB2089-163F-466B-812A-748096614DFD} -
hxxp://cainternetsecurity.net/scanner/cascanner.cabFF - ProfilePath - c:\documents and settings\Wanda_2\Application Data\Mozilla\Firefox\Profiles\ogdutm03.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage -
hxxp://www.msn.comFF - prefs.js: keyword.URL -
hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=Bw9wbe9Kdu3I4Gq8YhO73w&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c73b&searchfor=FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1411.0\Firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Wanda_2\Application Data\Mozilla\Firefox\Profiles\ogdutm03.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1411.0\npwinext.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-*hostntfscat.exe - c:\documents and settings\All Users\Application Data\hostntfscat.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-14 20:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,a1,c4,fd,1b,8c,63,41,81,ee,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,b6,31,0a,9e,6c,6b,45,bc,e9,8d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-14 20:39:51
ComboFix-quarantined-files.txt 2010-09-15 00:39
ComboFix2.txt 2010-09-14 01:18
ComboFix3.txt 2010-03-27 14:36
ComboFix4.txt 2010-01-07 03:13
ComboFix5.txt 2010-09-15 00:25
Pre-Run: 121,076,711,424 bytes free
Post-Run: 121,107,472,384 bytes free
- - End Of File - - 8AF36169DB11707005E642AAE804C3DB