ComboFix 12-03-22.01 - Kelli 03/23/2012 0:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2399 [GMT -4:00]
Running from: c:\users\Kelli\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~xSw8pf89PIF3eg
c:\programdata\~xSw8pf89PIF3egr
c:\programdata\xSw8pf89PIF3eg
c:\users\Kris\Desktop\System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 04:47 . 2012-03-23 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 04:09 . 2012-03-23 04:09 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl25625841.sys
2012-03-23 04:07 . 2012-03-23 04:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\offreg.dll
2012-03-23 02:15 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\mpengine.dll
2012-03-22 13:45 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 13:45 . 2012-03-22 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-22 12:33 . 2012-03-22 12:32 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4040A0CE-C292-406E-9EEA-195731FD7168}\gapaengine.dll
2012-03-22 12:30 . 2012-03-22 12:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 05:02 . 2012-03-21 05:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 02:07 . 2012-03-21 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 02:04 . 2012-03-21 02:04 -------- d-----w- c:\program files\WOT
2012-03-20 23:35 . 2012-03-21 01:05 -------- d-----w- c:\users\Kelli
2012-03-20 23:30 . 2012-03-20 23:30 -------- d-----w- c:\program files\CCleaner
2012-03-20 23:02 . 2012-03-20 23:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 22:25 . 2012-03-20 23:27 -------- d-----w- C:\usr
2012-03-20 22:22 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6064EBB1-A048-460C-94D3-DEA32612088F}\mpengine.dll
2012-03-20 22:04 . 2012-03-20 22:08 -------- d-----w- c:\users\Rollbackrx
2012-03-20 21:54 . 2012-03-20 21:54 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-10-22 23:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-03-21 01:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Rollbackrx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-30 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0029071332293059mcinstcleanup;McAfee Application Installer Cleanup (0029071332293059);c:\users\Kelli\AppData\Local\Temp\002907~1.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25675224
*NewlyCreated* - MPKSL25625841
*Deregistered* - 25675224
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:35]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:35]
.
2012-03-23 c:\windows\Tasks\User_Feed_Synchronization-{8664DD1A-9AE7-4396-976B-16D3119F0393}.job
- c:\windows\system32\msfeedssync.exe [2011-06-20 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://wmtss1.wcsu.edu/auth/taweb.cab
FF - ProfilePath - c:\users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\l79wd44r.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-3ivx MPEG-4 5.0.3 - c:\program files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe
AddRemove-AIM MusicLink 4.0.0.0 - c:\progra~1\AIMMUS~1\UNWISE.EXE
AddRemove-Snood 4_is1 - c:\program files\Snood 4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-03-23 00:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-23 00:50:22
ComboFix-quarantined-files.txt 2012-03-23 04:50
.
Pre-Run: 63,040,983,040 bytes free
Post-Run: 63,159,918,592 bytes free
.
- - End Of File - - 1AB7D8EC6E9D63B4DA9069984F23C872