ComboFix 10-06-20.06 - A2Z 21/06/2010 14:46:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1342 [GMT -4:00] Running from: c:\documents and settings\A2Z\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\nfr.assembly c:\windows\system32\nfr.gpref . ((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))))) . 2010-06-19 02:50 . 2010-06-19 02:50 45056 ----a-w- c:\windows\system32\t6Ts2p4X.dll 2010-06-19 02:49 . 2010-06-19 02:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-06-19 02:01 . 2010-06-19 02:01 -------- d-----w- c:\program files\ERUNT 2010-06-18 07:19 . 2010-06-18 07:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-18 01:44 . 2010-06-18 01:44 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-06-18 01:44 . 2010-06-18 01:44 214592 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-06-18 01:44 . 2010-06-18 01:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-06-17 19:32 . 2010-06-19 06:35 -------- d-----w- c:\program files\ATI Tray Tools 2010-06-17 18:46 . 2010-02-11 01:20 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-06-17 18:45 . 2010-06-17 19:30 -------- d-----w- c:\program files\ATI Technologies 2010-06-17 18:39 . 2010-06-17 18:40 -------- d-----w- c:\program files\Driver Cleaner Pro 2010-06-17 18:15 . 2010-06-17 18:16 -------- d-----w- c:\program files\Driver Sweeper 2010-06-17 16:01 . 2010-06-17 16:01 62633 ----a-w- c:\windows\prio197uninstall.exe 2010-06-17 15:56 . 2010-06-17 15:56 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\In The Money 2010-06-17 15:07 . 2010-06-18 08:11 -------- d-----w- c:\program files\muBlinder 2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\DIFX 2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\USB TV 2010-06-17 14:31 . 2009-02-04 02:31 170496 ----a-w- c:\windows\system32\drivers\atinavt2.sys 2010-06-17 10:14 . 2010-06-17 10:14 -------- d-----w- c:\program files\SystemRequirementsLab 2010-06-16 10:01 . 2010-06-16 10:01 -------- d-----w- c:\documents and settings\A2Z\Application Data\Blitware 2010-06-09 10:44 . 2010-06-09 10:44 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\PunkBuster 2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Temp 2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Equilab 2010-06-07 04:51 . 2010-06-07 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-06-01 04:23 . 2010-06-01 04:23 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\TechSmith 2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\windows\system32\QuickTime 2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith 2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\TechSmith 2010-05-23 21:44 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-21 18:28 . 2009-10-25 03:22 -------- d-----w- c:\documents and settings\A2Z\Application Data\Skype 2010-06-21 18:25 . 2007-09-06 20:15 46208 ----a-w- c:\windows\system32\drivers\jraid.sys 2010-06-21 01:18 . 2007-09-07 19:24 -------- d-----w- c:\program files\DivX 2010-06-20 02:25 . 2007-09-06 21:13 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-20 00:00 . 2009-12-09 00:44 -------- d-----w- c:\documents and settings\A2Z\Application Data\FrostWire 2010-06-19 23:48 . 2007-09-07 19:28 -------- d-----w- c:\program files\Java 2010-06-19 21:11 . 2007-09-06 19:50 70920 ----a-w- c:\documents and settings\A2Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-19 06:59 . 2008-03-03 05:43 -------- d-----w- c:\program files\Windows Live Safety Center 2010-06-19 05:41 . 2009-11-30 07:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-19 05:11 . 2008-03-27 04:03 -------- d-----w- c:\documents and settings\A2Z\Application Data\uTorrent 2010-06-18 02:30 . 2008-03-02 09:55 -------- d-----w- c:\program files\CCleaner 2010-06-17 18:46 . 2007-09-06 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-17 18:24 . 2009-08-20 01:11 -------- d-----w- c:\documents and settings\A2Z\Application Data\ATI 2010-06-17 17:26 . 2010-02-06 08:11 193344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-06-17 11:04 . 2010-06-17 11:04 63488 ----a-w- c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-15 03:48 . 2009-11-29 08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys 2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys 2010-06-07 04:56 . 2010-06-07 04:56 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-07 04:56 . 2010-06-07 04:56 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-06-07 04:56 . 2010-06-07 04:56 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-06-07 04:56 . 2010-06-07 04:56 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-07 04:56 . 2010-06-07 04:56 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-06-07 04:55 . 2010-06-07 04:55 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-06-07 04:54 . 2010-06-07 04:54 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-06-07 04:54 . 2010-06-07 04:54 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-06-07 04:54 . 2010-02-01 01:22 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-07 04:51 . 2010-06-07 04:56 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-06-07 04:51 . 2010-06-07 04:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-06-07 04:51 . 2010-06-07 04:56 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-30 01:06 . 2009-02-24 23:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-30 01:02 . 2008-03-27 04:03 -------- d-----w- c:\program files\uTorrent 2010-05-23 22:34 . 2010-05-23 22:34 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-05-23 22:34 . 2010-02-28 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2010-05-16 08:05 . 2009-10-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-29 19:39 . 2009-11-29 08:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-11-29 08:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 18:40 . 2007-09-07 19:24 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2007-09-07 19:24 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-27 18:40 . 2007-09-07 19:24 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2007-09-07 19:24 126448 -c----w- c:\windows\system32\pxinsi64.exe 2008-03-01 06:51 . 2008-03-01 06:51 5240347 -csha-w- c:\windows\PAHud-Install-v1.18.exe 2009-12-21 05:25 . 2009-05-15 07:40 170610976 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-21 05:25 . 2009-05-15 07:40 4341536 --sha-w- c:\windows\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}] 2010-06-19 02:50 45056 ----a-w- c:\windows\system32\t6Ts2p4X.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "AtiTrayTools"="c:\program files\ATI Tray Tools\atitray.exe" [2010-04-22 883200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-07-04 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-07-04 1953792] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 1423360] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "muBlinder"="c:\program files\muBlinder\muBlinder.exe" [2010-02-24 1462784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\prio.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\startupfolder\C:^Documents and Settings^A2Z^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\A2Z\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk] backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] 2009-07-04 07:40 299008 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 14:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-07-04 07:43 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\A2Z\\Desktop\\utorrent.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2007 7:47 PM 722416] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [20/05/2010 7:44 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [20/05/2010 7:44 PM 173104] R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [22/04/2010 12:15 AM 19232] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [20/05/2010 7:44 PM 501888] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/10/2009 10:24 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 10:24 PM 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [20/05/2010 7:44 PM 116784] R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [22/05/2010 2:16 PM 691248] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2009 4:24 AM 304464] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [20/05/2010 7:44 PM 126392] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13/03/2009 6:50 AM 65536] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/06/2010 5:17 AM 102448] R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [06/09/2007 2:59 PM 4544] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [18/06/2010 6:06 PM 331640] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [17/02/2009 10:44 PM 33792] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2009 4:23 AM 20952] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [06/09/2007 9:59 PM 38656] S3 B-Service;B-Service;c:\documents and settings\A2Z\Application Data\Mikogo\B-Service.exe [15/01/2010 5:07 PM 185640] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336] S3 fsfilter;Fighting Stick Filter Driver;c:\windows\system32\drivers\fsfilter.sys [28/02/2009 8:06 PM 4992] S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 12:24 AM 6656] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?] S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [08/08/2005 2:44 PM 6640] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 4:22 PM 34064] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 10:24 PM 12872] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [02/03/2008 10:31 AM 44928] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-06-21 c:\windows\Tasks\Auslogics Console Defragmentation.job - c:\program files\Auslogics\BoostSpeed\cdefrag.exe [2009-07-04 18:54] 2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{8825A66C-7C4C-45E0-BB90-454FA438416D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8 mWindow Title = uInternet Settings,ProxyOverride = *.local; uInternet Settings,ProxyServer = http=localhost:7171 IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: Download All Files by HiDownload IE: Download by HiDownload IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: live.com\onecare Trusted Zone: microsoft.com\www.update TCP: {E5B762EC-A66A-450B-8639-611B22592849} = 192.168.2.1 Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} - hxxp://www.tanhoalap.blogdns.com/AVC_AX_DVR.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} FF - ProfilePath - c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll FF - plugin: c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBattlerapPlugin2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) SafeBoot-klmdb.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 14:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spns.sys >>UNKNOWN [0x8A873938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28 \Driver\ACPI -> ACPI.sys @ 0xb9e66cb8 \Driver\atapi -> atapi.sys @ 0xb9dfbb40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\5.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1214440339-1532298954-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(916) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1620) c:\windows\system32\WININET.dll c:\program files\ATI Tray Tools\raphook.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\libusbd-nt.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\PnkBstrA.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\RTHDCPL.EXE c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~3\rapimgr.exe . ************************************************************************** . Completion time: 2010-06-21 15:01:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-21 19:01 Pre-Run: 211,660,062,720 bytes free Post-Run: 211,472,617,472 bytes free Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 953B492DD3BCE7DD96719EE2D6523ED1