ComboFix 11-12-08.01 - Pc 12/08/2011 19:51:24.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2363 [GMT -5:00] Running from: c:\users\Pc\Desktop\ComboFix.exe AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Trend Micro Firewall Booster *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Pc\Documents\~WRL0001.tmp c:\windows\keys.ini c:\windows\settings.reg c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 ))))))))))))))))))))))))))))))) . . 2011-12-09 00:56 . 2011-12-09 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-06 00:38 . 2011-12-06 00:38 -------- d-----w- C:\_OTL 2011-12-06 00:10 . 2011-12-06 00:10 -------- d-----w- c:\users\Pc\AppData\Roaming\Malwarebytes 2011-12-06 00:09 . 2011-12-06 00:09 -------- d-----w- c:\programdata\Malwarebytes 2011-12-06 00:09 . 2011-12-06 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-06 00:09 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 15:26 . 2011-12-04 16:41 -------- d-----w- c:\users\Pc\DoctorWeb 2011-12-03 13:46 . 2011-12-08 21:47 12800 ----a-w- c:\windows\DCEBoot64.exe 2011-11-18 01:46 . 2011-11-18 01:46 -------- d-----w- c:\users\Pc\AppData\Local\Mozilla 2011-11-18 01:46 . 2011-11-18 01:47 -------- d-----w- c:\program files (x86)\Mozilla Firefox2 2011-11-15 01:58 . 2011-11-18 01:47 -------- d-----w- c:\program files (x86)\MozBackup 2011-11-13 19:50 . 2011-11-27 18:50 -------- d-----w- c:\programdata\STOPzilla! 2011-11-13 18:41 . 2011-11-13 18:41 0 ---ha-w- c:\users\Pc\AppData\Local\BIT7531.tmp 2011-11-09 11:23 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 11:23 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 11:23 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 11:23 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-13 22:30 . 2011-06-13 23:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:25 . 2011-10-12 05:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:42 . 2011-10-12 05:42 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "P17Helper"="P17.dll" [2005-05-03 64512] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-12 79360] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176] R3 P1764;Sound Blaster Audigy;c:\windows\system32\drivers\P1764.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 00:53] . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 00:53] . 2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172982383-171431040-4183071795-1000Core.job - c:\users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 01:48] . 2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172982383-171431040-4183071795-1000UA.job - c:\users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-18 01:48] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "combofix"="c:\combofix\CF217.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.ca/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: rogers.com\www TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\IoctlSvc.exe c:\windows\SysWOW64\rundll32.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-12-08 20:04:17 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-09 01:04 . Pre-Run: 127,671,324,672 bytes free Post-Run: 127,125,921,792 bytes free . - - End Of File - - DBD0F78365C8AEECCD36D67AC8A3E0D5