frankiesweeney
Posts: 20 +0
ComboFix 13-01-11.02 - frank 12/01/2013 13:55:26.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.1014.234 [GMT 0:00]
Running from: c:\users\frank\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 14:17 . 2013-01-12 14:17--------d-----w-c:\users\frank\AppData\Local\temp
2013-01-12 14:17 . 2013-01-12 14:17--------d-----w-c:\users\fs2\AppData\Local\temp
2013-01-12 14:17 . 2013-01-12 14:17--------d-----w-c:\users\Default\AppData\Local\temp
2013-01-11 18:38 . 2013-01-11 18:3860872----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84AD31C-CAA5-4F82-A62B-EEEA7650FE8A}\offreg.dll
2013-01-11 14:53 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84AD31C-CAA5-4F82-A62B-EEEA7650FE8A}\mpengine.dll
2013-01-10 14:20 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-04 18:32 . 2013-01-04 18:32--------d-----w-c:\program files\Common Files\Java
2013-01-04 18:26 . 2013-01-04 18:26477168----a-w-c:\windows\system32\npdeployJava1.dll
2013-01-04 18:24 . 2013-01-04 18:24--------d-----w-c:\programdata\McAfee
2013-01-02 00:40 . 2013-01-02 01:1021840----atw-c:\windows\system32\SIntfNT.dll
2013-01-02 00:40 . 2013-01-02 01:1017212----atw-c:\windows\system32\SIntf32.dll
2013-01-02 00:40 . 2013-01-02 01:1012067----atw-c:\windows\system32\SIntf16.dll
2013-01-01 05:19 . 2013-01-01 05:191409----a-w-c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 08:35 . 2008-06-27 13:09132511717----a-w-c:\windows\DUMP74e0.tmp
2013-01-04 18:26 . 2010-04-22 22:39473072----a-w-c:\windows\system32\deployJava1.dll
2013-01-01 23:05 . 2008-01-21 02:33171008----a-w-c:\windows\system32\apphelp.dll
2013-01-01 11:07 . 2006-11-02 06:3711973----a-w-c:\windows\system32\drivers\secdrv.sys
2012-11-29 17:51 . 2012-11-29 17:55740840------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D0E97DF-B4A4-4C32-8EEB-49D10FC560FD}\gapaengine.dll
2012-11-14 04:16 . 2009-07-10 19:13466008----a-w-c:\windows\system32\drivers\sptd.sys
2006-05-03 12:06163328--sha-r-c:\windows\System32\flvDX.dll
2007-02-21 13:4731232--sha-r-c:\windows\System32\msfDX.dll
2008-03-16 15:30216064--sha-r-c:\windows\System32\nbDX.dll
2010-01-07 00:00107520--sha-r-c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
2012-08-23 19:03214448----a-w-c:\users\frank\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi5"=sxgb.dll
"wave4"=sxgb.dll
"mixer4"=sxgb.dll
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-03-08 11:3840048----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2008-11-17 17:50827904----a-w-c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-13 17:38136176----atw-c:\users\frank\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-11-08 16:5816070136----a-w-c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 19:0662760----a-w-c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51858632----a-w-c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 12:46973488----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-02-18 12:3977824----a-w-c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 21:2381920------w-c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-21 02:3449664----a-w-c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:072260480--sha-r-c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-17 02:15296056----a-w-d:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-23 21:41399736----a-w-c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 16:03303104----a-w-c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:1637376----a-w-c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:331008184----a-w-c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:50]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:50]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1322574-3596047299-79548003-1003Core.job
- c:\users\frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 17:38]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1322574-3596047299-79548003-1003UA.job
- c:\users\frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 17:38]
.
2012-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1322574-3596047299-79548003-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2013-01-11 c:\windows\Tasks\ReclaimerUpdateFiles_frank.job
- c:\users\frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 16:06]
.
2013-01-11 c:\windows\Tasks\ReclaimerUpdateXML_frank.job
- c:\users\frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 16:06]
.
2013-01-12 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_frank.job
- c:\users\frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 16:06]
.
2013-01-12 c:\windows\Tasks\User_Feed_Synchronization-{769BB95A-F5F4-48A1-A0E4-139FF95664FB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-02 04:32]
.
2012-05-30 c:\windows\Tasks\{0D7D0023-D227-44DF-B2FA-BBFF441C858B}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-10-01 c:\windows\Tasks\{29FF558E-8E14-4CEC-8B51-8EB1F850DC87}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-05-30 c:\windows\Tasks\{4B4D1DDD-F3D8-4EFB-8AAC-590CEB692A8A}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-06-02 c:\windows\Tasks\{7E4C7D4F-C4E3-4F3B-8C47-B3BBB8DAE6A4}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-06-02 c:\windows\Tasks\{CF1BBED9-A311-4C26-9F3B-FA3ED12529E6}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-04-23 c:\windows\Tasks\{D796EF20-F94A-4EC1-8E0F-7E1875FFD9CF}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-09-30 c:\windows\Tasks\{FA7315CD-74C4-4A70-BE0D-B09E54D83B1D}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=112060&tt=4812_3&babsrc=HP_ss&mntrId=5a003357000000000000001fe2a7249a
mStart Page = hxxp://en.ie.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-12 14:17
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1322574-3596047299-79548003-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:97,fb,88,10,ef,53,24,f6,94,cf,7f,51,b0,43,4a,ee,b0,bf,e1,88,c0,7a,25,
be,e4,50,15,46,e5,dc,3a,75,96,03,2c,7a,a6,ea,a5,cd,c7,89,24,ea,b5,de,b2,79,\
"??"=hex:e8,c1,83,c9,08,05,0c,71,8a,56,db,ff,2c,c5,cc,b0
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-12 14:22:43
ComboFix-quarantined-files.txt 2013-01-12 14:22
ComboFix2.txt 2013-01-12 06:13
.
Pre-Run: 7,126,511,616 bytes free
Post-Run: 7,085,608,960 bytes free
.
- - End Of File - - 516DF28761D288A48FA8F6B4CD8DE4DF
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.1014.234 [GMT 0:00]
Running from: c:\users\frank\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 14:17 . 2013-01-12 14:17--------d-----w-c:\users\frank\AppData\Local\temp
2013-01-12 14:17 . 2013-01-12 14:17--------d-----w-c:\users\fs2\AppData\Local\temp
2013-01-12 14:17 . 2013-01-12 14:17--------d-----w-c:\users\Default\AppData\Local\temp
2013-01-11 18:38 . 2013-01-11 18:3860872----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84AD31C-CAA5-4F82-A62B-EEEA7650FE8A}\offreg.dll
2013-01-11 14:53 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E84AD31C-CAA5-4F82-A62B-EEEA7650FE8A}\mpengine.dll
2013-01-10 14:20 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-04 18:32 . 2013-01-04 18:32--------d-----w-c:\program files\Common Files\Java
2013-01-04 18:26 . 2013-01-04 18:26477168----a-w-c:\windows\system32\npdeployJava1.dll
2013-01-04 18:24 . 2013-01-04 18:24--------d-----w-c:\programdata\McAfee
2013-01-02 00:40 . 2013-01-02 01:1021840----atw-c:\windows\system32\SIntfNT.dll
2013-01-02 00:40 . 2013-01-02 01:1017212----atw-c:\windows\system32\SIntf32.dll
2013-01-02 00:40 . 2013-01-02 01:1012067----atw-c:\windows\system32\SIntf16.dll
2013-01-01 05:19 . 2013-01-01 05:191409----a-w-c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 08:35 . 2008-06-27 13:09132511717----a-w-c:\windows\DUMP74e0.tmp
2013-01-04 18:26 . 2010-04-22 22:39473072----a-w-c:\windows\system32\deployJava1.dll
2013-01-01 23:05 . 2008-01-21 02:33171008----a-w-c:\windows\system32\apphelp.dll
2013-01-01 11:07 . 2006-11-02 06:3711973----a-w-c:\windows\system32\drivers\secdrv.sys
2012-11-29 17:51 . 2012-11-29 17:55740840------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D0E97DF-B4A4-4C32-8EEB-49D10FC560FD}\gapaengine.dll
2012-11-14 04:16 . 2009-07-10 19:13466008----a-w-c:\windows\system32\drivers\sptd.sys
2006-05-03 12:06163328--sha-r-c:\windows\System32\flvDX.dll
2007-02-21 13:4731232--sha-r-c:\windows\System32\msfDX.dll
2008-03-16 15:30216064--sha-r-c:\windows\System32\nbDX.dll
2010-01-07 00:00107520--sha-r-c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
2012-08-23 19:03214448----a-w-c:\users\frank\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 16:58556056----a-w-c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi5"=sxgb.dll
"wave4"=sxgb.dll
"mixer4"=sxgb.dll
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-03-08 11:3840048----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2008-11-17 17:50827904----a-w-c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-13 17:38136176----atw-c:\users\frank\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-11-08 16:5816070136----a-w-c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 19:0662760----a-w-c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51858632----a-w-c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 12:46973488----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-02-18 12:3977824----a-w-c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 21:2381920------w-c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-21 02:3449664----a-w-c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:072260480--sha-r-c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-17 02:15296056----a-w-d:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-23 21:41399736----a-w-c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 16:03303104----a-w-c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-12-20 15:1637376----a-w-c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:331008184----a-w-c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:50]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:50]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1322574-3596047299-79548003-1003Core.job
- c:\users\frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 17:38]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1322574-3596047299-79548003-1003UA.job
- c:\users\frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 17:38]
.
2012-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1322574-3596047299-79548003-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2013-01-11 c:\windows\Tasks\ReclaimerUpdateFiles_frank.job
- c:\users\frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 16:06]
.
2013-01-11 c:\windows\Tasks\ReclaimerUpdateXML_frank.job
- c:\users\frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 16:06]
.
2013-01-12 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_frank.job
- c:\users\frank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 16:06]
.
2013-01-12 c:\windows\Tasks\User_Feed_Synchronization-{769BB95A-F5F4-48A1-A0E4-139FF95664FB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-02 04:32]
.
2012-05-30 c:\windows\Tasks\{0D7D0023-D227-44DF-B2FA-BBFF441C858B}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-10-01 c:\windows\Tasks\{29FF558E-8E14-4CEC-8B51-8EB1F850DC87}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-05-30 c:\windows\Tasks\{4B4D1DDD-F3D8-4EFB-8AAC-590CEB692A8A}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-06-02 c:\windows\Tasks\{7E4C7D4F-C4E3-4F3B-8C47-B3BBB8DAE6A4}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-06-02 c:\windows\Tasks\{CF1BBED9-A311-4C26-9F3B-FA3ED12529E6}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-04-23 c:\windows\Tasks\{D796EF20-F94A-4EC1-8E0F-7E1875FFD9CF}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
2012-09-30 c:\windows\Tasks\{FA7315CD-74C4-4A70-BE0D-B09E54D83B1D}.job
- c:\users\frank\appdata\local\google\chrome\application\chrome.exe [2011-10-11 00:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=112060&tt=4812_3&babsrc=HP_ss&mntrId=5a003357000000000000001fe2a7249a
mStart Page = hxxp://en.ie.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-12 14:17
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1322574-3596047299-79548003-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:97,fb,88,10,ef,53,24,f6,94,cf,7f,51,b0,43,4a,ee,b0,bf,e1,88,c0,7a,25,
be,e4,50,15,46,e5,dc,3a,75,96,03,2c,7a,a6,ea,a5,cd,c7,89,24,ea,b5,de,b2,79,\
"??"=hex:e8,c1,83,c9,08,05,0c,71,8a,56,db,ff,2c,c5,cc,b0
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-12 14:22:43
ComboFix-quarantined-files.txt 2013-01-12 14:22
ComboFix2.txt 2013-01-12 06:13
.
Pre-Run: 7,126,511,616 bytes free
Post-Run: 7,085,608,960 bytes free
.
- - End Of File - - 516DF28761D288A48FA8F6B4CD8DE4DF