ComboFix 12-10-10.02 - CRC 10/15/2012 21:51:48.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.578 [GMT -4:00] Running from: c:\documents and settings\CRC\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\CRC\GoToAssistDownloadHelper.exe c:\documents and settings\CRC\salfutrocuqt.exe c:\documents and settings\CRC\WINDOWS c:\documents and settings\Default User\WINDOWS c:\windows\iun6002.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET66.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET7F.tmp c:\windows\system32\setb0.tmp c:\windows\system32\SETB9.tmp c:\windows\system32\Thumbs.db c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\msvcr71.dll.int c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 ))))))))))))))))))))))))))))))) . . 2012-10-16 01:41 . 2012-09-19 04:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D5F8373-67CD-49CC-A4DB-97B005838CAA}\mpengine.dll 2012-10-09 00:55 . 2012-10-09 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-09 00:55 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-06 04:07 . 2012-09-19 04:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-06 00:48 . 2012-10-06 00:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth 2012-10-06 00:47 . 2012-10-06 00:48 -------- d-----w- c:\program files\Microsoft Security Client 2012-10-05 20:05 . 2012-10-05 20:05 59776 ----a-w- c:\windows\system32\drivers\c5f9d43c205aa79d.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-06-14 22:20 . 2012-07-06 01:03 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll . [code]
c:\windows\inf\WG511v2\snetcfg .exe[/code] . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\CRC\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-21 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-29 198160] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\CRC\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EasyNotes.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EasyNotes.lnk backup=c:\windows\pss\EasyNotes.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk backup=c:\windows\pss\eFax 4.3.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG511v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG511v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG511v2 Smart Wizard.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Weekly Compass.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Weekly Compass.lnk backup=c:\windows\pss\Weekly Compass.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2005-04-12 23:17 88358 ----a-w- c:\windows\agrsmmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-04-11 17:00 339968 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] 2005-03-31 13:30 1106944 ----a-w- c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2005-05-31 13:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3] 2007-03-06 17:21 116224 -c--a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2009-09-22 20:41 122368 -c--a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] 2005-04-12 23:18 184320 -c--a-w- c:\program files\ltmoh\ltmoh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] c:\program files\McAfee.com\Agent\mcagent.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer] 2006-05-04 23:59 40960 -c--a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2007-05-23 14:40 95800 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] 2004-09-07 21:03 1077301 -c--a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2005-03-22 13:39 167936 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER] 2005-03-18 00:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-12-11 15:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] 2008-11-27 04:31 160592 -c--a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2005-04-15 23:51 122880 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe] 2004-07-19 19:12 3018752 ----a-w- c:\program files\StorageSync\StrgSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-09-21 17:50 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-09-21 17:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2004-10-14 22:26 688218 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2004-10-14 22:28 98394 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] 2005-04-25 16:15 339968 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-29 17:50 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] 2004-12-30 07:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] 2004-12-28 23:02 270336 ----a-w- c:\windows\system32\TPSMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2005-04-05 23:25 73728 -c--a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMT0070] c:\program files\McAfee.com\Agent\mcagent.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "TAPPSRV"=2 (0x2) "ose"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "ACS"=2 (0x2) "Swupdtmr"=2 (0x2) "DVD-RAM_Service"=2 (0x2) "CFSvcs"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "wlidsvc"=2 (0x2) "MDM"=2 (0x2) . S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/5/2012 9:03 PM 113120] . Contents of the 'Scheduled Tasks' folder . 2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . . ------- Supplementary Scan ------- . uStart Page = https://login.yahoo.com/config/mail?.src=ym&.intl=us uInternet Settings,ProxyOverride =