ComboFix 13-01-30.04 - Dell User 01/30/2013 20:48:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.412 [GMT -6:00]
Running from: c:\documents and settings\Dell User\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\DELLUS~1\LOCALS~1\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\documents and settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Dell User\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 01:56 . 2013-01-31 01:56 -------- d-----w- C:\_OTL
2013-01-30 20:55 . 2013-01-30 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-30 20:55 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 18:45 . 2013-01-04 18:45 -------- d-----w- C:\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-28 14:39 . 2012-12-28 14:39 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-28 14:39 . 2012-12-28 14:39 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-28 14:39 . 2012-12-20 16:17 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-28 14:39 . 2010-06-16 21:29 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-26 04:51 . 2012-12-26 04:04 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 20:30 . 2011-11-12 20:26 4529299 ----a-w- c:\program files\FileZilla_3.5.2_win32-setup.exe
2008-06-08 20:15 . 2008-06-08 20:15 2284108 ----a-w- c:\program files\office.reg
2012-11-29 08:27 . 2012-12-26 21:02 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Dell User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Dell User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Dell User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Dell User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\documents and settings\Dell User\Application Data\Spotify\Spotify.exe" [2012-10-28 7880664]
"Spotify Web Helper"="c:\documents and settings\Dell User\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-10-28 1199576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
"GenieoUpdaterService"="c:\documents and settings\Dell User\Application Data\Genieo\Application\Updater\bin\genupdater.exe" [2013-01-03 289632]
"GenieoSystemTray"="c:\documents and settings\Dell User\Application Data\Genieo\Application\TrayUi\bin\gentray.exe" [2013-01-03 526688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SMessaging"="c:\documents and settings\Dell User\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]
.
c:\documents and settings\Dell User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Dell User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dell User^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Dell User\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-03-31 01:00 138008 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 15:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Dell User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Dell User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/5/2007 5:13 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 2:22 PM 822624]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 11:58 AM 1085440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/30/2013 2:55 PM 398184]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 8:30 AM 508776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/30/2013 2:55 PM 21104]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 8:30 AM 219496]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/30/2013 2:55 PM 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 16:24 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 21:30]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 21:30]
.
.
------- Supplementary Scan -------
.
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Dell User\Application Data\Mozilla\Firefox\Profiles\t6yzf0ql.default\
FF - ExtSQL: 2012-12-26 15:10; [email protected]; c:\documents and settings\Dell User\Application Data\Mozilla\Firefox\Profiles\t6yzf0ql.default\extensions\[email protected]
FF - ExtSQL: 2013-01-30 15:10; wecarereminder@bryan; c:\documents and settings\Dell User\Application Data\Mozilla\Firefox\Profiles\t6yzf0ql.default\extensions\wecarereminder@bryan
FF - ExtSQL: 2013-01-30 15:10; [email protected]; c:\documents and settings\Dell User\Application Data\Mozilla\Firefox\Profiles\t6yzf0ql.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-7-zip - c:\program files\7-zip\uninstall.exe
AddRemove-DefaultTab - c:\documents and settings\Dell User\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-30 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\documents and settings\Dell User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre7\bin\javaw.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-01-30 21:01:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 03:01
.
Pre-Run: 25,504,407,552 bytes free
Post-Run: 25,358,856,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8B23F8D6C2B6AF618AF63A4ACBE491D1