This topic is locked
ComboFix 11-04-27.03 - Aleq 04/28/2011 9:36.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.398 [GMT -5:00]
Running from: c:\users\Aleq\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 14:45 . 2011-04-28 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-27 06:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\users\Aleq\AppData\Roaming\SUPERAntiSpyware.com
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 05:16 . 2011-04-27 05:16 -------- d-----w- c:\windows\Downloaded Program Files
2011-04-26 22:24 . 2011-04-27 02:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-26 22:24 . 2011-04-26 22:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-26 21:16 . 2011-04-28 14:45 -------- d-----w- c:\users\Aleq\AppData\Local\Temp
2011-04-26 20:30 . 2011-04-26 20:30 -------- d-----w- c:\users\Aleq\AppData\Roaming\toshiba
2011-04-26 20:25 . 2011-04-26 20:29 -------- d-----w- c:\program files\TOSHIBA
2011-04-26 20:25 . 1999-10-12 23:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2011-04-26 20:25 . 1999-10-12 23:45 24576 ----a-w- c:\windows\system32\THCI.dll
2011-04-26 15:48 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24F71EFA-CCC5-4892-8921-39AC637DFDDA}\mpengine.dll
2011-04-25 20:05 . 2011-04-25 20:05 388096 ----a-r- c:\users\Aleq\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 20:05 . 2011-04-25 20:05 -------- d-----w- c:\program files\Trend Micro
2011-04-25 19:43 . 2011-04-25 19:43 -------- d-----w- c:\programdata\PC Tools
2011-04-25 16:38 . 2011-04-27 03:18 -------- d-----w- c:\program files\Lotoshare Registry Cleaner
2011-04-17 06:50 . 2011-04-17 06:50 -------- d-----w- c:\program files\Marvell
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\users\Aleq\AppData\Roaming\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\users\Aleq\AppData\Roaming\DriverCure
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\programdata\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\program files\ParetoLogic
2011-04-15 19:18 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-15 19:18 . 2011-04-15 19:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-15 19:17 . 2011-04-15 19:17 -------- d-----w- c:\users\Aleq\AppData\Local\Sunbelt Software
2011-04-15 03:06 . 2011-04-15 03:06 -------- d-----w- c:\program files\EASEUS
2011-04-15 03:00 . 2011-04-15 03:05 -------- d-----w- c:\programdata\Lavasoft
2011-04-15 02:33 . 2008-07-10 15:38 28672 ----a-w- c:\windows\Getdisk.exe
2011-04-15 02:33 . 2011-04-15 02:33 -------- d-----w- c:\program files\Recover Data for FAT & NTFS
2011-04-15 02:33 . 2011-04-15 02:33 -------- d-----w- c:\windows\Recover Data for FAT & NTFS
2011-04-14 20:26 . 2011-04-14 20:26 -------- d-----w- c:\users\Aleq\AppData\Roaming\Registry Mechanic
2011-04-14 03:33 . 2011-04-17 07:12 -------- d-----w- c:\users\Aleq\AppData\Local\ElevatedDiagnostics
2011-04-14 03:02 . 2011-04-14 03:02 -------- d-----w- c:\users\Aleq\AppData\Roaming\Malwarebytes
2011-04-14 03:02 . 2011-04-14 03:02 -------- d-----w- c:\programdata\Malwarebytes
2011-04-14 03:02 . 2011-04-27 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 21:39 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 21:39 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 21:39 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 21:39 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 21:39 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 21:39 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 21:39 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 21:38 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 21:38 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-12 21:38 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-12 21:38 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 21:38 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-12 21:38 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 21:38 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 21:38 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 21:38 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 21:38 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 05:11 . 2011-04-13 08:08 -------- d-----w- c:\program files\Microsoft
2011-04-12 05:10 . 2011-04-12 05:10 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e62db99a1cbf8cf02\InstallManager_WLE_WLE.exe
2011-04-12 05:09 . 2011-04-12 05:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7d776b01cbf8cf01\MeshBetaRemover.exe
2011-04-07 22:39 . 2011-04-07 22:42 -------- d-----w- c:\program files\TabIt
2011-03-29 22:06 . 2011-03-29 22:06 -------- d-----w- c:\users\Aleq\AppData\Roaming\Publish Providers
2011-03-29 22:06 . 2011-03-29 22:06 -------- d-----w- c:\users\Aleq\AppData\Roaming\NetMedia Providers
2011-03-29 22:06 . 2011-03-29 22:06 -------- d-----w- c:\users\Aleq\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-30 16:40 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:56 . 2011-03-09 07:17 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:56 . 2011-03-09 07:17 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:56 . 2011-03-09 07:17 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-14 04:58 . 2011-02-14 04:58 967 ----a-w- c:\windows\ScUnin.pif
2011-02-14 04:58 . 2011-02-14 04:58 94208 ----a-w- c:\windows\ScUnin.exe
2011-02-03 05:45 . 2011-02-08 23:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 02:40 . 2010-09-16 21:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:11 . 2010-08-19 16:37 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-01 64512]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 07:07]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 07:07]
.
2011-04-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-04-23 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-04-22 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-04-27 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Aleq\AppData\Roaming\Mozilla\Firefox\Profiles\vboj4svp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=8302E132-2405-4FCA-BEE7-E80BD94D2A82&apn_ptnrs=RW&apn_sauid=1C1929C8-5B20-4899-B243-1F0EEDDAED28&apn_dtid=YYYYYYYYUS&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3536)
c:\windows\system32\igd10umd32.dll
.
Completion time: 2011-04-28 09:49:28
ComboFix-quarantined-files.txt 2011-04-28 14:49
ComboFix2.txt 2011-04-26 17:24
ComboFix3.txt 2011-04-20 15:25
.
Pre-Run: 14,094,757,888 bytes free
Post-Run: 14,072,066,048 bytes free
.
- - End Of File - - 8955AFF9BF99EF721E7342FA3347361B
Sign In
Create Account
