ComboFix 11-04-11.04 - Work 12/04/2011 11:27:34.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.668 [GMT -4:00]
Running from: c:\documents and settings\Work\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Work\Application Data\Adobe\plugs
c:\documents and settings\Work\Application Data\Adobe\shed
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750\enemies-names.txt
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750\local.ini
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750\lsrslt.ini
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\chrome.manifest
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\chrome\content\_cfg.js
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\chrome\content\overlay.xul
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\install.rdf
c:\windows\ororiyijikere.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-11 20:53 . 2011-04-11 20:53 -------- d-----w- C:\found.001
2011-04-01 00:15 . 2011-04-01 16:45 -------- d-----w- c:\documents and settings\Work\Application Data\Axkoyz
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\Work\Application Data\Malwarebytes
2011-03-31 20:20 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 20:20 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 03:56 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 03:56 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 03:56 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 03:56 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 03:52 . 2011-04-03 17:44 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 03:52 . 2011-04-12 15:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-31 03:51 . 2011-04-03 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-03-18 17:53 . 2011-04-05 15:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-03_23.24.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-12 15:19 . 2011-04-12 15:19 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
+ 2008-08-09 14:32 . 2011-04-12 15:23 73418 c:\windows\system32\perfc009.dat
- 2008-08-09 14:32 . 2011-04-03 23:26 73418 c:\windows\system32\perfc009.dat
+ 2008-08-09 14:32 . 2011-04-12 15:23 445884 c:\windows\system32\perfh009.dat
- 2008-08-09 14:32 . 2011-04-03 23:26 445884 c:\windows\system32\perfh009.dat
+ 2009-07-04 18:21 . 2011-04-05 14:55 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-04 18:21 . 2011-04-03 22:41 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\TONY\Start Menu\Programs\Startup\
iRotate.lnk - c:\program files\iRotate\iRotate.exe [2008-6-1 58104]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Work\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIZMO2]
2008-11-17 16:34 2229512 ----a-w- c:\program files\GIZMO2\GIZMO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-13 03:08 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [29/09/2010 5:21 PM 18432]
S0 3078356788;3078356788;c:\windows\system32\drivers\3078356788.sys --> c:\windows\system32\drivers\3078356788.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [30/03/2011 11:56 PM 247760]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [16/10/2009 10:21 PM 17408]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2010-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://eeepc.asus.com/globalIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {531BF312-1783-41CA-9C4F-B7F769AD89B3} = 202.96.128.86,202.96.134.133
FF - ProfilePath - c:\documents and settings\Work\Application Data\Mozilla\Firefox\Profiles\7y7nndfk.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Smipil - c:\windows\ororiyijikere.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-12 11:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-04-12 11:36:22
ComboFix-quarantined-files.txt 2011-04-12 15:36
ComboFix2.txt 2011-04-05 01:09
ComboFix3.txt 2011-04-03 23:28
.
Pre-Run: 22,487,654,400 bytes free
Post-Run: 22,499,610,624 bytes free
.
- - End Of File - - 32A120B1D24D54C3AEAE1FEA029818B6