Combo Fix
Hello-Sorry about not being attentive enough to details. Had to use last faster USB port to check out the scan.msi on scanner and ran combofix the first time without plugging back in an external drive so I did that and ran it again thus two logs.Thx.
First Run
ComboFix 11-07-31.04 - User 07/31/2011 14:52:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.329 [GMT -4:00]
Running from: d:\program files\Combofix 7-31-11\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.VALUED-7B9600FA\WINDOWS
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Bubba.VALUED-7B9600FA\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\User\jaudio16k.tar
c:\documents and settings\User\Recent\Thumbs.db
c:\documents and settings\User\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\UNWISE.EXE
D:\install.exe
d:\mydocu~1\CDRIVE~1\PLANET~1\AUCTIO~1\AUCTIO~1\AUCTIO~2\AUCTio~1.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 18:28 . 2011-07-31 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Avira
2011-07-31 17:08 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-31 17:08 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-31 17:08 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-31 17:08 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\program files\Avira
2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-07-30 09:09 . 2011-07-30 09:09 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2011-07-28 19:03 . 2011-07-28 19:03 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2011-07-28 19:02 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 19:02 . 2011-07-28 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-28 19:02 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 18:46 . 2011-07-28 18:46 -------- d-----w- c:\program files\Trend Micro
2011-07-18 22:39 . 2011-07-18 22:39 -------- d-----w- c:\program files\IObit Toolbar
2011-07-17 00:55 . 2011-07-17 00:55 -------- d-----w- c:\documents and settings\User\Application Data\Search Settings
2011-07-17 00:54 . 2011-07-17 00:55 -------- d-----w- c:\program files\Application Updater
2011-07-17 00:54 . 2011-07-17 00:54 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 16:15 . 2011-06-11 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 15:04 . 2009-08-19 00:10 4702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-02 14:02 . 2001-12-14 19:26 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2010-05-05 22:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-01-26 02:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1BackedupFileOverlay]
@="{3F1FB271-8290-4330-8069-310F32C030EF}"
[HKEY_CLASSES_ROOT\CLSID\{3F1FB271-8290-4330-8069-310F32C030EF}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2LiveProtectedFileOverlay]
@="{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}"
[HKEY_CLASSES_ROOT\CLSID\{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3ProtectedFileOverlay]
@="{A94C4834-6F18-491F-A205-3AFF24B16BC0}"
[HKEY_CLASSES_ROOT\CLSID\{A94C4834-6F18-491F-A205-3AFF24B16BC0}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SharedFileOverlay]
@="{C85F4084-C3E3-453c-B242-4BDABA8F58FB}"
[HKEY_CLASSES_ROOT\CLSID\{C85F4084-C3E3-453c-B242-4BDABA8F58FB}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SyncedFileOverlay]
@="{58605E40-AE20-45d7-887B-08F3D9FF3651}"
[HKEY_CLASSES_ROOT\CLSID\{58605E40-AE20-45d7-887B-08F3D9FF3651}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!6SyncingFileOverlay]
@="{06DF45CB-D312-4306-B97D-6CDA50A10B30}"
[HKEY_CLASSES_ROOT\CLSID\{06DF45CB-D312-4306-B97D-6CDA50A10B30}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!7ConflictedFileOverlay]
@="{D1542785-76CA-4d0c-9688-F290B1E77E01}"
[HKEY_CLASSES_ROOT\CLSID\{D1542785-76CA-4d0c-9688-F290B1E77E01}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-30 160328]
"Messenger (Yahoo!)"="d:\progra~2\YAHOOI~1.0\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-27 98304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Yankee Clipper III.lnk - d:\program files\Yankee Clipper\YankClip.exe [2005-7-11 1368064]
.
c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
quicken online backup taskbar icon.lnk.disabled [2004-7-3 679]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - d:\program files\Logitech MX 1000 Mouseware\SetPoint\KEM.exe [2006-10-12 573440]
openURL.vbs [2011-7-31 131]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk.disabled
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-04-26 11:06 29696 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-02-27 09:32 98304 -c--a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PestPatrolCL"=c:\progra~1\PESTPA~1\PestPatrolCL.exe c:\
"PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Yahoo IM 7.0\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabled
xpsp2res.dll,-22009
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/23/2011 8:39 PM 13496]
R2 KDATA;KDATA;c:\windows\system32\drivers\Kdata.sys [1/15/2004 10:29 AM 44504]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/23/2006 8:19 PM 45312]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [3/9/2004 7:20 AM 3712]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 4:53 PM 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/2/2005 8:27 PM 7196]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/23/2006 8:19 PM 55936]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/23/2011 8:43 PM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/23/2011 8:43 PM 16080]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 8:55 PM 54271]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/5/2011 12:26 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 10:58 PM 27064]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 3:26 PM 593000]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/23/2004 3:25 PM 15576]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [4/26/2006 7:59 PM 899884]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/23/2011 8:43 PM 239472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 22:32]
.
2011-07-31 c:\windows\Tasks\SmartDefrag_Startup.job
- d:\program downloads\Smart Defrag 2\SmartDefrag.exe [2011-06-24 00:19]
.
2011-07-25 c:\windows\Tasks\SOS Online Backup - Prompter.job
- c:\program files\Common Files\SOS Online Backup\Prompter\Prompter.exe [2010-04-20 20:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Customize Menu &4
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Logoff &5
IE: Open Link Target in Firefox
IE: Reset Fields &-
IE: Rf Options &O
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Set Fields &=
IE: Stop popups from this web page
IE: Translate this page
IE: View This Page in Firefox
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Trusted Zone: linkshare.com
Trusted Zone: linksynergy.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pjv41h00.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1088
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-LyraWirelessRemote - d:\program files\Lyra Remote\Lyraw.exe
AddRemove-Adobe Photoshop 7.0 - d:\program files\Adobe Photoshop\Uninst.isu
AddRemove-EBookPaper - c:\program files\EBookPaper.com\EBookPaper\Uninst.isu
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-IrfanView - d:\program files\Irfanview 3.97\iv_uninstall.exe
AddRemove-SetupPPUpdater - c:\progra~1\PESTPA~1\UNWISE.EXE
AddRemove-Total Uninstall_is1 - d:\program files\Total Uninstall\unins000.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - d:\program files\AVG PC Tuneup 2011\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-07-31 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-07-31 15:56:45
ComboFix-quarantined-files.txt 2011-07-31 19:56
.
Pre-Run: 680,407,040 bytes free
Post-Run: 1,243,287,552 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 68314DA55CB9E74A60B5536706A8B3FA
---------------------------------------------------------------------------
Second Run
ComboFix 11-07-31.04 - User 07/31/2011 16:17:52.2.1 - x86
Running from: d:\program files\Combofix 7-31-11\ComboFix.exe
Command switches used :: /Uninstal
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 18:28 . 2011-07-31 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Avira
2011-07-31 17:08 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-31 17:08 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-31 17:08 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-31 17:08 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\program files\Avira
2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-07-30 09:09 . 2011-07-30 09:09 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2011-07-28 19:03 . 2011-07-28 19:03 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2011-07-28 19:02 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 19:02 . 2011-07-28 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-28 19:02 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 18:46 . 2011-07-28 18:46 -------- d-----w- c:\program files\Trend Micro
2011-07-18 22:39 . 2011-07-18 22:39 -------- d-----w- c:\program files\IObit Toolbar
2011-07-17 00:55 . 2011-07-17 00:55 -------- d-----w- c:\documents and settings\User\Application Data\Search Settings
2011-07-17 00:54 . 2011-07-17 00:55 -------- d-----w- c:\program files\Application Updater
2011-07-17 00:54 . 2011-07-17 00:54 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 16:15 . 2011-06-11 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 15:04 . 2009-08-19 00:10 4702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-02 14:02 . 2001-12-14 19:26 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2010-05-05 22:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-01-26 02:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1BackedupFileOverlay]
@="{3F1FB271-8290-4330-8069-310F32C030EF}"
[HKEY_CLASSES_ROOT\CLSID\{3F1FB271-8290-4330-8069-310F32C030EF}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2LiveProtectedFileOverlay]
@="{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}"
[HKEY_CLASSES_ROOT\CLSID\{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3ProtectedFileOverlay]
@="{A94C4834-6F18-491F-A205-3AFF24B16BC0}"
[HKEY_CLASSES_ROOT\CLSID\{A94C4834-6F18-491F-A205-3AFF24B16BC0}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SharedFileOverlay]
@="{C85F4084-C3E3-453c-B242-4BDABA8F58FB}"
[HKEY_CLASSES_ROOT\CLSID\{C85F4084-C3E3-453c-B242-4BDABA8F58FB}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SyncedFileOverlay]
@="{58605E40-AE20-45d7-887B-08F3D9FF3651}"
[HKEY_CLASSES_ROOT\CLSID\{58605E40-AE20-45d7-887B-08F3D9FF3651}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!6SyncingFileOverlay]
@="{06DF45CB-D312-4306-B97D-6CDA50A10B30}"
[HKEY_CLASSES_ROOT\CLSID\{06DF45CB-D312-4306-B97D-6CDA50A10B30}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!7ConflictedFileOverlay]
@="{D1542785-76CA-4d0c-9688-F290B1E77E01}"
[HKEY_CLASSES_ROOT\CLSID\{D1542785-76CA-4d0c-9688-F290B1E77E01}]
2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-30 160328]
"Messenger (Yahoo!)"="d:\progra~2\YAHOOI~1.0\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-27 98304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Yankee Clipper III.lnk - d:\program files\Yankee Clipper\YankClip.exe [2005-7-11 1368064]
.
c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
quicken online backup taskbar icon.lnk.disabled [2004-7-3 679]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - d:\program files\Logitech MX 1000 Mouseware\SetPoint\KEM.exe [2006-10-12 573440]
openURL.vbs [2011-7-31 131]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk.disabled
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-04-26 11:06 29696 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-02-27 09:32 98304 -c--a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PestPatrolCL"=c:\progra~1\PESTPA~1\PestPatrolCL.exe c:\
"PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Yahoo IM 7.0\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabled
xpsp2res.dll,-22009
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/23/2011 8:39 PM 13496]
R2 KDATA;KDATA;c:\windows\system32\drivers\Kdata.sys [1/15/2004 10:29 AM 44504]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/23/2006 8:19 PM 45312]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [3/9/2004 7:20 AM 3712]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 4:53 PM 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/2/2005 8:27 PM 7196]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/23/2006 8:19 PM 55936]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/23/2011 8:43 PM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/23/2011 8:43 PM 16080]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 8:55 PM 54271]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/5/2011 12:26 AM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 10:58 PM 27064]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 3:26 PM 593000]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/23/2004 3:25 PM 15576]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [4/26/2006 7:59 PM 899884]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/23/2011 8:43 PM 239472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 22:32]
.
2011-07-31 c:\windows\Tasks\SmartDefrag_Startup.job
- d:\program downloads\Smart Defrag 2\SmartDefrag.exe [2011-06-24 00:19]
.
2011-07-25 c:\windows\Tasks\SOS Online Backup - Prompter.job
- c:\program files\Common Files\SOS Online Backup\Prompter\Prompter.exe [2010-04-20 20:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Customize Menu &4
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Logoff &5
IE: Open Link Target in Firefox
IE: Reset Fields &-
IE: Rf Options &O
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Set Fields &=
IE: Stop popups from this web page
IE: Translate this page
IE: View This Page in Firefox
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Trusted Zone: linkshare.com
Trusted Zone: linksynergy.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pjv41h00.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1088
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-07-31 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-31 18:34:23
ComboFix-quarantined-files.txt 2011-07-31 22:34
ComboFix2.txt 2011-07-31 19:56
.
Pre-Run: 1,313,935,360 bytes free
Post-Run: 1,288,474,624 bytes free
.
Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - E03E64CA1E7189030FDDFFC716CD5183