ComboFix 13-04-10.01 - Marita XoXo 04/11/2013 13:10:53.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.457 [GMT -7:00] Running from: c:\documents and settings\Marita XoXo\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Marita XoXo\Desktop\CFScript.txt . FILE :: "c:\windows\system32\drivers\hitmanpro37.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_HITMANPRO37 -------\Service_hitmanpro37 . . ((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 ))))))))))))))))))))))))))))))) . . 2013-04-11 17:19 . 2013-04-11 17:19 -------- d-----w- C:\TDSSKiller_Quarantine 2013-04-07 20:26 . 2013-04-11 07:22 -------- d-----w- C:\i386 2013-04-07 18:03 . 2013-04-07 18:03 -------- d-----w- C:\_OTL 2013-04-07 18:03 . 2011-07-12 22:55 2237440 ----a-w- C:\OTLPE.exe 2013-04-07 17:55 . 2013-04-07 14:37 331805736 ----a-w- C:\WindowsXP-KB936929-SP3-x86-ENU.exe 2013-04-06 23:56 . 2013-04-06 23:56 -------- d-----w- C:\FRST 2013-04-06 03:40 . 2013-04-06 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-04-06 02:03 . 2013-04-06 02:03 -------- d-----w- c:\documents and settings\Marita XoXo\Application Data\Malwarebytes 2013-04-06 01:36 . 2013-04-06 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-04-06 01:36 . 2013-04-11 07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-06 01:36 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2013-04-06 01:21 . 2013-04-06 01:22 -------- d-----w- c:\documents and settings\Administrator 2013-03-18 00:09 . 2013-03-18 00:09 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 17:21 . 2004-08-03 23:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2013-03-22 02:26 . 2012-05-03 07:03 693976 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-22 02:26 . 2012-02-07 20:06 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 09:33 . 2013-03-08 09:33 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-12 137752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-26 1512744] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-05-14 53248] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2008-08-22 18432] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2009-03-26 217088] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-07-22 503808] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392] "VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-06-12 866144] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2008-08-22 18432] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\documents and settings\Marita XoXo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-03-18 16:02 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/5/2013 6:36 PM 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/5/2013 6:36 PM 701512] R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [12/25/2012 1:22 PM 529024] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3/19/2013 10:26 PM 3289208] R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [6/24/2009 4:21 AM 104960] R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [1/14/2009 1:38 PM 5184872] R3 5U876UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U876.sys [6/24/2009 3:01 AM 91776] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [6/24/2009 4:21 AM 14336] R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/24/2009 2:33 AM 16194] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/23/2009 9:49 AM 39424] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/5/2013 6:36 PM 22856] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536] S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [12/25/2012 1:22 PM 816672] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2009 2:24 AM 1684736] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/19/2010 11:16 PM 17408] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [6/24/2009 4:29 AM 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [6/24/2009 4:29 AM 70952] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [6/24/2009 4:29 AM 390440] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [6/24/2009 4:29 AM 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [6/24/2009 4:29 AM 91432] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . 2013-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job - c:\documents and settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-06-07 12:10] . 2013-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job - c:\documents and settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-06-07 12:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=15387 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 24.200.241.37 24.202.72.13 FF - ProfilePath - c:\documents and settings\Marita XoXo\Application Data\Mozilla\Firefox\Profiles\z9zagv29.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 51414 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-11 13:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\VESWinlogon.dll . - - - - - - - > 'explorer.exe'(2480) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\UTSCSI.EXE c:\program files\sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\wscntfy.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msiexec.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2013-04-11 13:35:57 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-11 20:35 . Pre-Run: 37,806,653,440 bytes free Post-Run: 37,666,258,944 bytes free . - - End Of File - - 3268CBB98CF649F4EB7DC1BC07D376B7