combofix log
ComboFix 11-07-01.02 - harrisap 07/02/2011 9:12.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3050.2028 [GMT -4:00]
Running from: c:\documents and settings\harrisap\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
.
.
2011-07-01 00:48 . 2011-07-01 00:48 -------- d-----w- c:\program files\iPod
2011-07-01 00:48 . 2011-07-01 00:49 -------- d-----w- c:\program files\iTunes
2011-07-01 00:44 . 2011-07-01 00:44 -------- d-----w- c:\program files\Bonjour
2011-07-01 00:34 . 2011-07-01 00:34 -------- d-----w- c:\program files\Safari
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-07-01 00:31 . 2011-07-01 00:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-07-01 00:31 . 2011-07-01 00:31 -------- d-----w- c:\program files\QuickTime
2011-06-28 11:06 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\45932412.sys
2011-06-28 11:06 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\4593241.sys
2011-06-28 11:06 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\45932411.sys
2011-06-26 00:10 . 2011-06-26 00:10 -------- d-----w- c:\windows\Cache
2011-06-26 00:10 . 2011-06-26 00:10 -------- d-----w- c:\program files\HP Photo Creations
2011-06-26 00:10 . 2011-06-26 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-06-26 00:10 . 2011-06-26 00:10 -------- d-----w- c:\documents and settings\harrisap\Application Data\HpUpdate
2011-06-26 00:05 . 2011-06-26 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-06-25 22:56 . 2011-06-25 22:56 169472 ----a-w- c:\windows\system32\mciole1632.dll
2011-06-25 18:34 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-06-25 18:34 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-06-25 18:34 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-06-25 18:34 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-06-25 18:34 . 2011-06-16 08:00 73216 ----a-w- c:\windows\system32\ff_vfw.dll
2011-06-25 18:34 . 2011-06-25 18:35 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-06-20 14:01 . 2011-06-20 14:01 -------- d-----w- c:\documents and settings\harrisap\Application Data\SUPERAntiSpyware.com
2011-06-20 14:01 . 2011-06-21 01:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-18 04:06 . 2011-06-18 04:06 0 ---ha-w- c:\documents and settings\harrisap\pftwgunibm.tmp
2011-06-18 02:59 . 2011-06-18 02:59 349696 ----a-w- c:\windows\system32\atioglx232.dll
2011-06-13 22:31 . 2011-06-13 22:31 -------- d-----w- c:\program files\ESET
2011-06-13 05:29 . 2011-06-21 03:40 -------- d-----w- c:\program files\Xactware
2011-06-12 12:59 . 2011-06-12 12:59 -------- d-----w- c:\documents and settings\harrisap\Application Data\SPE
2011-06-12 05:11 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 03:48 . 2011-06-06 03:48 -------- d-----w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 13:21 . 2007-11-15 10:11 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-07-02 13:21 . 2007-11-15 19:11 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-06-24 01:23 . 2007-11-15 16:58 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-06-02 00:15 . 2010-02-23 02:18 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-02 00:10 . 2010-02-23 02:18 644608 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-28 14:34 . 2010-07-26 11:10 13160 ----a-w- c:\windows\system32\Upgrd.exe
2011-05-28 14:34 . 2007-11-15 19:11 58288 ------w- c:\windows\system32\rpcnet.exe
2011-05-26 21:19 . 2011-05-26 21:19 0 ----a-w- c:\documents and settings\harrisap\Local Settings\Application Data\BIT5A.tmp
2011-05-10 12:06 . 2010-07-11 12:57 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2010-07-11 12:57 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01DDBE95-1B2C-411A-AF1F-D5B285186F8c}]
2011-06-18 02:59 349696 ----a-w- c:\windows\system32\atioglx232.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D878C055-93D0-B676-E86D-BDA5143E8BB5}]
2011-06-25 22:56 169472 ----a-w- c:\windows\system32\mciole1632.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-14 1323008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-06-12 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\mciole1632.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintNow.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrintNow.lnk
backup=c:\windows\pss\PrintNow.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 09:42 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-04-07 21:27 1511424 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v1]
2003-07-11 01:19 380928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2009-06-12 19:39 606208 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-06-10 16:26 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%programfiles%\UltaVnc\winvnc.exe"= %programfiles%\UltaVnc\winvnc.exe:LocalSubNet,192.168.24.0/255.255.255.0,199.231.8.0/255.255.255.0,192.168.151.0/255.255.255.0:enabled:UltraVnc
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:TCP"= 2967:TCP:199.231.8.0/255.255.255.0:Enabled:NAV10.1
"5900:TCP"= 5900:TCP:LocalSubNet,192.168.24.0/255.255.255.0,199.231.8.0/255.255.255.0,192.168.151.0/255.255.255.0:Enabled:UltraVnc-Port
"2967:UDP"= 2967:UDP:199.231.8.0/255.255.255.0:Enabled:NAV9.1
"38293:UDP"= 38293:UDP:199.231.8.0/255.255.255.0:Enabled:NAV9.2
"139:TCP"= 139:TCP:LocalSubNet,199.231.8.0/255.255.255.0,192.168.24.0/255.255.255.0,192.168.151.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet,199.231.8.0/255.255.255.0,192.168.24.0/255.255.255.0,192.168.151.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet,199.231.8.0/255.255.255.0,192.168.24.0/255.255.255.0,192.168.151.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet,199.231.8.0/255.255.255.0,192.168.24.0/255.255.255.0,192.168.151.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
"3389:TCP"= 3389:TCP:LocalSubnet,192.168.24.0/255.255.255.0,192.168.151.0/255.255.255.0,199.231.8.0/255.255.255.0:Enabled:@xpsp2res.dll,-22009
"2568:TCP"= 2568:TCP:199.231.8.0/255.255.255.0:Enabled:SMS-CliHealth
"2701:TCP"= 2701:TCP:199.231.8.0/255.255.255.0:Enabled:SMS-Ping
"2702:TCP"= 2702:TCP:199.231.8.0/255.255.255.0:Enabled:SMS-RemoteControl
"2703:TCP"= 2703:TCP:199.231.8.0/255.255.255.0:Enabled:SMS-Chat
"2704:TCP"= 2704:TCP:199.231.8.0/255.255.255.0:Enabled:SMS-FileXfr
"9322:TCP"= 9322:TCP:EKDiscovery
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
"RemoteAddresses"= *
.
R0 45932412;45932412 Boot Guard Driver;c:\windows\system32\drivers\45932412.sys [6/28/2011 7:06 AM 37392]
R1 45932411;45932411;c:\windows\system32\drivers\45932411.sys [6/28/2011 7:06 AM 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\system32\F5InstallerService.exe [6/4/2008 9:51 AM 262784]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [8/5/2008 5:58 PM 29184016]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5/14/2009 11:41 AM 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2011 7:13 AM 105592]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [5/14/2009 6:19 PM 33920]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 8:59 AM 136176]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe --> c:\program files\Kodak\AiO\Center\EKDiscovery.exe [?]
S2 KodakSvc;Kodak AiO Device Service;"c:\program files\Kodak\AiO\center\KodakSvc.exe" --> c:\program files\Kodak\AiO\center\KodakSvc.exe [?]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/14/2009 11:41 AM 475520]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [12/2/2008 12:07 PM 10752]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 8:59 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/12/2011 1:11 AM 39984]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [10/19/2000 12:55 PM 411244]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [7/8/2010 4:43 PM 229376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 12:59]
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 12:59]
.
2011-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2009-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: adp.com
Trusted Zone: centra.com
Trusted Zone: dhl-usa.com
Trusted Zone: learn.com
Trusted Zone: microsoft.com
Trusted Zone: virtela.net
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{BD21A35D-410C-445D-8CDC-301D6B859268}: DhcpNameServer = 97.64.209.36 97.64.168.13
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {68132570-CED6-11D5-91AE-000039F5040E} - hxxp://www.employeeedge.com/NAVUPDPRJ.CAB
DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} - file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab
.
.
------- File Associations -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-07-02 09:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\notes\ntmulti.exe
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\msiexec.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-07-02 09:29:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-02 13:29
ComboFix2.txt 2011-06-25 23:03
.
Pre-Run: 94,505,803,776 bytes free
Post-Run: 96,059,011,072 bytes free
.
Current=5 Default=5 Failed=4 LastKnownGood=2 Sets=1,2,3,4,5
- - End Of File - - B9B0638E5C738823E817452A8468D787