ComboFix 12-08-10.02 - Manisha_ibkr 08/13/2012  17:23:57.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2721 [GMT 9:00]
Running from: c:\documents and settings\Manisha_ibkr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\JRSKD24.SYS
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JRSKD24
-------\Service_JRSKD24
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-13 to 2012-08-13  )))))))))))))))))))))))))))))))
.
.
2020-03-09 06:22 . 2020-03-09 06:22	--------	d-----w-	c:\program files\Analog Devices
2012-08-13 08:03 . 2012-08-13 08:03	--------	d-----w-	C:\_OTL
2012-08-13 06:20 . 2012-08-13 06:28	--------	d-----w-	c:\program files\ABC Amber PDF Converter
2012-08-13 06:15 . 2012-08-13 06:17	--------	d-----w-	c:\program files\ABC Amber Text Converter
2012-08-13 05:46 . 2012-08-13 05:46	--------	d-----w-	c:\program files\CMake 2.8
2012-08-13 05:24 . 2012-08-13 05:24	--------	d-----w-	c:\documents and settings\Manisha_ibkr\Application Data\DawningSoft
2012-08-13 05:24 . 1997-12-19 05:26	68096	----a-w-	c:\windows\system32\Itcc.dll
2012-08-13 05:24 . 2012-08-13 05:24	--------	d-----w-	c:\program files\DawningSoft
2012-08-09 10:01 . 2012-08-09 10:01	--------	d-----w-	c:\documents and settings\Manisha_ibkr\Application Data\Registry Mechanic
2012-08-08 18:10 . 2012-06-29 08:44	6891424	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C50B433E-9429-4F9A-BEEA-DB498982E701}\mpengine.dll
2012-08-07 18:08 . 2012-06-29 08:44	6891424	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 06:56 . 2012-05-30 08:59	126048	----a-w-	c:\windows\system32\kcrtx86.sys
2012-06-13 13:19 . 2008-04-14 12:00	1866112	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 06:19 . 2009-08-06 10:24	22040	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 06:19 . 2012-05-02 10:59	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 06:19 . 2012-05-02 10:59	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 06:19 . 2012-05-02 10:59	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 06:19 . 2009-08-06 10:24	15384	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 06:19 . 2012-05-02 10:59	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 06:19 . 2012-05-02 10:59	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 06:19 . 2009-08-06 10:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 06:19 . 2009-08-06 10:24	15384	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 06:19 . 2008-04-14 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 06:19 . 2009-08-06 10:24	17944	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 06:19 . 2012-05-02 10:59	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 06:19 . 2012-05-02 10:59	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 06:18 . 2012-05-04 00:23	275696	----a-w-	c:\windows\system32\mucltui.dll
2012-06-02 06:18 . 2012-05-04 00:23	214256	----a-w-	c:\windows\system32\muweb.dll
2012-06-02 06:18 . 2012-05-04 00:23	17136	----a-w-	c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00	599040	----a-w-	c:\windows\system32\crypt32.dll
2012-05-30 08:59 . 2012-05-30 08:59	19496	----a-r-	c:\windows\system32\JRSUKD25.SYS
2012-05-30 08:59 . 2012-05-30 08:59	137128	----a-r-	c:\windows\system32\CKAgent.exe
2012-05-30 08:23 . 2012-05-30 08:26	3259699	----a-w-	c:\program files\ALZip_eng_632.exe
2012-05-25 03:37 . 2012-05-25 03:37	77921	----a-w-	c:\windows\system32\v3w32se2.dll
2012-05-16 15:08 . 2008-04-14 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 02:28	1307928	----a-w-	c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-18 272528]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [5/25/2012 12:34 PM 96200]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/7/2012 9:48 AM 242240]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/7/2012 9:48 AM 632792]
R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [5/30/2012 5:59 PM 19496]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [5/25/2012 12:34 PM 19616]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [5/30/2012 5:59 PM 126048]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/18/2011 2:33 AM 237008]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [5/25/2012 12:34 PM 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [5/25/2012 12:34 PM 121536]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 NA2USB;Integrated Biometrics USB-FP Driver(UsbFpDrv.sys);c:\windows\system32\drivers\UsbFpDrv.sys [6/4/2012 4:24 PM 22128]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WmUsbIce;Analog Devices, Inc. USB Driver (WmUsbIce.sys);c:\windows\system32\drivers\WmUsbIce.sys [8/17/2011 11:23 PM 16896]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 08:03]
.
2012-08-13 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 08:03]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 168.126.63.1 168.126.63.2
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://ubi.wooribank.com/XecureObject/XecureWeb/v7.2.2.8/xw_install.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\[%^%%`%Q%�**%%U%�*[%^%/*0�H��(*��X�_*�p��)*]
"Filename"="???(??_???) on +�+���-++�+�"
"DateLastVisited"=hex:88,3d,ed,45,da,a8,cd,01
.
[HKEY_USERS\S-1-5-21-839522115-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\[%^%%`%Q%�**%%U%�*[%^%/*T�t�]
"Filename"="?? on +�+���-++�+�"
"DateLastVisited"=hex:88,3d,ed,45,da,a8,cd,01
.
[HKEY_USERS\S-1-5-21-839522115-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\[%^%%`%Q%�**%%U%�*[%^%/*|��� *� *�T�ܴ]
"Filename"="?? ? ??? on +�+���-++�+�"
"DateLastVisited"=hex:88,3d,ed,45,da,a8,cd,01
.
[HKEY_USERS\S-1-5-21-839522115-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\[%^%%`%Q%�**%%U%�*[%^%/*��8� *�Ű�t�*� *��̸]
"Filename"="?? ???? ?? on +�+���-++�+�"
"DateLastVisited"=hex:88,3d,ed,45,da,a8,cd,01
.
[HKEY_USERS\S-1-5-21-839522115-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\[%^%%`%Q%�**%%U%�*[%^%/*��XՀ��� *1�
��]
"Filename"="???? ??? on +�+���-++�+�"
"DateLastVisited"=hex:88,3d,ed,45,da,a8,cd,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(212)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-08-13  17:31:20 - machine was rebooted
ComboFix-quarantined-files.txt  2012-08-13 08:31
.
Pre-Run: 176,104,697,856 bytes free
Post-Run: 177,503,096,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0B91857F39F8EE0FC8849F133A7E3AED