ComboFix 10-07-14.02 - Larry 07/15/2010 16:44:30.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1037 [GMT -5:00] Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Larry\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100715-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Larry\Local Settings\Application Data\tykyspnrg . ((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 ))))))))))))))))))))))))))))))) . 2010-07-15 12:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-15 11:23 . 2010-07-15 11:23 -------- d-----w- C:\_OTL 2010-07-13 22:52 . 2010-07-13 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-07-13 22:11 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 22:11 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 21:05 . 2010-07-15 08:47 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-24 18:30 . 2010-06-24 18:30 -------- d-----w- c:\documents and settings\Larry\Application Data\dvdcss 2010-06-24 17:18 . 2010-06-24 17:18 -------- d-----w- c:\program files\iPod 2010-06-24 17:18 . 2010-06-24 17:19 -------- d-----w- c:\program files\iTunes 2010-06-24 17:08 . 2010-06-24 17:08 -------- d-----w- c:\program files\Bonjour 2010-06-24 17:04 . 2010-06-24 17:04 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-24 16:58 . 2010-06-24 16:58 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-15 21:41 . 2007-12-25 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak 2010-07-15 21:34 . 2010-06-24 17:32 -------- d-----w- c:\documents and settings\Larry\Application Data\LimeWire 2010-07-14 16:55 . 2007-09-10 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-11 19:53 . 2003-12-02 20:44 -------- d-----w- c:\program files\Quicken 2010-07-01 13:18 . 2008-09-18 22:35 -------- d-----w- c:\documents and settings\Larry\Application Data\BitTorrent 2010-06-24 17:18 . 2008-04-23 22:44 -------- d-----w- c:\program files\Common Files\Apple 2010-06-24 17:01 . 2009-07-18 19:25 -------- d-----w- c:\program files\Safari 2010-06-14 14:31 . 2008-02-01 16:07 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-05-26 13:20 . 2007-09-10 16:28 46144 -c--a-w- c:\documents and settings\Larry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 22:38 . 2008-10-31 15:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-05-25 19:59 . 2009-01-10 20:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-25 18:10 . 2010-05-25 18:10 -------- d-----w- c:\program files\MSBuild 2010-05-25 17:58 . 2010-05-25 17:58 -------- d-----w- c:\program files\Reference Assemblies 2010-05-22 22:11 . 2010-05-22 22:11 503808 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7569b96f-n\msvcp71.dll 2010-05-22 22:11 . 2010-05-22 22:11 499712 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7569b96f-n\jmc.dll 2010-05-22 22:11 . 2010-05-22 22:11 348160 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7569b96f-n\msvcr71.dll 2010-05-22 22:11 . 2010-05-22 22:11 61440 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d33b804-n\decora-sse.dll 2010-05-22 22:11 . 2010-05-22 22:11 12800 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d33b804-n\decora-d3d.dll 2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20 . 2006-06-23 17:33 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2009-04-29 23:04 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-03 13:19 . 2010-05-03 13:19 503808 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16c5969b-n\msvcp71.dll 2010-05-03 13:19 . 2010-05-03 13:19 499712 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16c5969b-n\jmc.dll 2010-05-03 13:19 . 2010-05-03 13:19 348160 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16c5969b-n\msvcr71.dll 2010-05-03 13:19 . 2010-05-03 13:19 61440 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4669462d-n\decora-sse.dll 2010-05-03 13:19 . 2010-05-03 13:19 12800 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4669462d-n\decora-d3d.dll 2010-05-03 13:18 . 2010-05-03 13:18 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2006-05-03 10:06 . 2009-07-25 16:10 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2010-01-01 21:51 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2010-01-01 21:51 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-25 2397424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640] "nwiz"="nwiz.exe" [2008-12-26 1657376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\documents and settings\Larry\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-10 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-03-18 16:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "ICQ"="c:\program files\ICQ6\ICQ.exe" silent "BitTorrent DNA"="c:\program files\DNA\btdna.exe" "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CTHelper"=CTHELPER.EXE "CTxfiHlp"=CTXFIHLP.EXE "HotKeysCmds"=c:\windows\System32\hkcmd.exe "IgfxTray"=c:\windows\System32\igfxtray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "UpdReg"=c:\windows\UpdReg.EXE "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe "EPSON Stylus Photo R220 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "VAIO Recovery"=c:\windows\Sonysys\VAIO Recovery\PartSeal.exe "VAIOSurvey"=c:\program files\sony\vaio survey\surveysa.exe "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" ""= "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "h:\\Program Files\\New Winmx\\WinMX\\WinMX.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Documents and Settings\\Larry\\Application Data\\Chameleon Submitter\\chameleon.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"= "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "9322:TCP"= 9322:TCP:EKDiscovery R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/9/2009 7:00 AM 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/9/2009 7:00 AM 20560] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016] R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [12/7/2009 9:11 AM 2396464] S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?] S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 1:11 PM 17920] S3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [10/20/2009 10:08 AM 22016] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [3/11/2008 11:49 AM 3768] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/18/2008 6:29 PM 717296] . Contents of the 'Scheduled Tasks' folder 2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 00:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.comcast.net/ mWindow Title = Windows Internet Explorer provided by Comcast LSP: c:\windows\system32\HMIPCore.dll Trusted Zone: pimproll.com\stats DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.130.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=1987669332_24.12.62.168_1688&=&req=1239382563346OneCC.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\zaif9zv2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - BHO-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file) BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:71,6b,ac,b9,f5,ff,dc,8a,be,1a,ff,fe,76,6d,d6,de,0d,44,4a,ab,8a, 86,f4,9e,4f,5a,87,99,d3,af,6d,a4,57,e7,5b,d6,f1,eb,2d,30,43,3c,29,9a,b1,e0,\ [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:71,6b,ac,b9,f5,ff,dc,8a,be,1a,ff,fe,76,6d,d6,de,0d,44,4a,ab,8a, 86,f4,9e,4f,5a,87,99,d3,af,6d,a4,57,e7,5b,d6,f1,eb,2d,30,43,3c,29,9a,b1,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(748) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(804) c:\windows\system32\HMIPCore.dll . Completion time: 2010-07-15 16:57:39 ComboFix-quarantined-files.txt 2010-07-15 21:57 ComboFix2.txt 2010-07-15 12:17 Pre-Run: 24,069,185,536 bytes free Post-Run: 24,106,557,440 bytes free - - End Of File - - 06BEE1020E60FB80AFEF70ED10A707E8