ComboFix 13-11-19.01 - Torrie 11/21/2013 19:54:15.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.321 [GMT -5:00]
Running from: c:\documents and settings\Torrie\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Torrie\WINDOWS
c:\program files\Conference
c:\program files\Conference\Conference.db
c:\program files\Conference\Conference.dll
c:\program files\Conference\Conference.exe
c:\program files\Conference\Conference.ini
c:\program files\Conference\Languages\de.xml
c:\program files\Conference\Languages\en.xml
c:\program files\Conference\Languages\es.xml
c:\program files\Conference\Languages\fr.xml
c:\program files\Conference\Languages\hu.xml
c:\program files\Conference\Languages\pl.xml
c:\program files\Conference\Languages\pt.xml
c:\program files\Conference\Languages\ru.xml
c:\program files\Conference\Languages\ua.xml
c:\windows\COUPon~1.ocx
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\SET185.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET199.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-22 00:44 . 2013-11-22 00:44 -------- d-----w- c:\program files\Common Files\Java
2013-11-22 00:44 . 2013-10-08 12:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-22 00:43 . 2013-10-08 12:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-21 03:06 . 2013-11-21 03:06 -------- d-----w- c:\windows\ERUNT
2013-11-19 00:05 . 2013-11-19 02:53 -------- d-----w- C:\AdwCleaner
2013-11-17 17:30 . 2013-11-19 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-17 17:30 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 07:39 . 2011-07-15 16:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 15:56 . 2004-08-04 10:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-12 14:54 . 2006-03-04 03:33 668672 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 14:54 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-10-12 14:54 . 2004-08-04 10:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-10-12 11:54 . 2004-08-04 10:00 369664 ----a-w- c:\windows\system32\html.iec
2013-10-09 13:12 . 2004-08-04 10:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-04 10:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-04-16 21:38 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-08-29 01:31 . 2004-08-04 10:00 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"Easy Dock"="c:\documents and settings\Torrie\My Documents\RCA easyRip\EZDock.exe" [2012-06-12 585728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\documents and settings\Torrie\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Torrie\My Documents\RCA Detective\RCADetective.exe [2013-6-6 866304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD@ccess.lnk - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2012-6-16 888832]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-4-8 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/17/2009 11:10 PM 64160]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 1:23 PM 11352]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [6/16/2012 10:21 AM 29156]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/17/2013 12:30 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/17/2013 12:30 PM 701512]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/17/2013 12:30 PM 22856]
S2 Parclass;Parclass;c:\windows\system32\drivers\PARCLASS.SYS [4/4/2000 12:27 PM 19824]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [4/23/2003 8:45 AM 16896]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [8/23/2007 11:15 PM 19968]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 07:39]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 23:48]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 23:48]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/?ilc=1uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext =
hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Torrie\Application Data\Mozilla\Firefox\Profiles\69q7x22k.default-1377060245812\
FF - prefs.js: browser.startup.homepage - yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-iLivid - c:\documents and settings\Torrie\Local Settings\Application Data\iLivid\iLivid.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Run-Easy Dock - (no file)
HKLM-Run-QBCD Autorun - D:\autorun.exe
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
MSConfigStartUp-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
AddRemove-Video Conference - c:\program files\Conference\Conference.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-11-21 20:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-11-21 20:16:54
ComboFix-quarantined-files.txt 2013-11-22 01:16
ComboFix2.txt 2009-07-20 23:07
.
Pre-Run: 102,099,476,480 bytes free
Post-Run: 103,177,945,088 bytes free
.
- - End Of File - - D4EE621A97B210B28D64899D89C44446
5CB90281D1A59B251F6603134774EEC3