ComboFix 11-04-27.01 - Eric Grafnitz 04/27/2011 17:48:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2583 [GMT -5:00]
Running from: I:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ERICGR~1\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp
c:\documents and settings\Eric Grafnitz\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
c:\documents and settings\NetworkService\Local Settings\Application Data\nis.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 22:35 . 2011-04-27 22:35 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0ACC7D-6BC9-4AAF-B9D5-D462F89EC676}\MpKsl25400abc.sys
2011-04-24 21:23 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0ACC7D-6BC9-4AAF-B9D5-D462F89EC676}\mpengine.dll
2011-04-22 18:56 . 2011-04-22 18:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-22 16:30 . 2011-04-22 16:30 -------- d-----w- c:\program files\ESET
2011-04-22 15:26 . 2011-04-22 15:26 -------- d-----w- C:\_OTL
2011-04-22 15:25 . 2011-04-22 15:25 -------- d-----w- c:\program files\Common Files\Java
2011-04-22 15:25 . 2011-04-22 15:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-19 22:41 . 2011-04-19 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-04-15 22:49 . 2011-04-15 22:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-14 23:40 . 2007-09-27 06:00 470912 ----a-w- c:\windows\system32\Mrvw243.sys
2011-04-14 23:40 . 2007-09-27 06:00 470912 ----a-w- c:\windows\system32\drivers\Mrvw243.sys
2011-04-14 23:40 . 2007-09-27 05:58 461952 ----a-w- c:\windows\system32\Mrvw245.sys
2011-04-14 23:40 . 2007-09-27 05:58 461952 ----a-w- c:\windows\system32\drivers\Mrvw245.sys
2011-04-14 23:40 . 2011-04-14 23:40 -------- d-----w- c:\program files\Linksys
2011-04-14 23:40 . 2011-04-14 23:40 -------- d-----w- c:\documents and settings\Eric Grafnitz\Application Data\InstallShield
2011-04-14 23:32 . 2011-04-14 23:32 -------- d-----w- C:\Linksys Driver
2011-04-14 00:49 . 2011-04-14 00:49 -------- d-----w- c:\documents and settings\Eric Grafnitz\Application Data\Malwarebytes
2011-04-14 00:49 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 00:49 . 2011-04-14 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-14 00:48 . 2011-04-14 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 00:48 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 23:26 . 2011-04-13 23:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-13 23:25 . 2011-04-13 23:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-08 01:50 . 2011-04-08 01:50 -------- d-----w- c:\program files\Safari
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 15:24 . 2010-09-13 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-15 04:05 . 2010-04-16 15:09 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-08-16 09:18 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-08-16 09:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-03-23 04:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-08-16 09:18 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33 . 2005-08-16 09:18 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 23:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 23:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 23:11 . 2010-04-14 17:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 23:13 . 2011-01-30 23:13 5889712 ----a-w- c:\program files\HSS-1.57-install-anchorfree-232-expatshield.exe
2011-03-18 17:53 . 2011-04-25 01:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-23_21.42.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-27 22:35 . 2011-04-27 22:35 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 8192]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 02:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 15:20 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Eric Grafnitz\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R1 MpKsl25400abc;MpKsl25400abc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0ACC7D-6BC9-4AAF-B9D5-D462F89EC676}\MpKsl25400abc.sys [4/27/2011 5:35 PM 28752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/14/2007 12:37 PM 24652]
S0 tmfag;tmfag;c:\windows\system32\drivers\hprupbe.sys --> c:\windows\system32\drivers\hprupbe.sys [?]
S1 MpKsl43daddbb;MpKsl43daddbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7561ED23-D702-48AE-A507-0CE9E723D71D}\MpKsl43daddbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7561ED23-D702-48AE-A507-0CE9E723D71D}\MpKsl43daddbb.sys [?]
S1 MpKsled0fceeb;MpKsled0fceeb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FFE1E20-1976-47A6-B20B-7E488D3E49DE}\MpKsled0fceeb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FFE1E20-1976-47A6-B20B-7E488D3E49DE}\MpKsled0fceeb.sys [?]
S1 MpKslf96f46df;MpKslf96f46df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0ACC7D-6BC9-4AAF-B9D5-D462F89EC676}\MpKslf96f46df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE0ACC7D-6BC9-4AAF-B9D5-D462F89EC676}\MpKslf96f46df.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL25400ABC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542624359-4108094095-3092757597-1006Core.job
- c:\documents and settings\Eric Grafnitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-25 01:48]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542624359-4108094095-3092757597-1006UA.job
- c:\documents and settings\Eric Grafnitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-25 01:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} -
hxxps://securera-pilot.edwardjones.com/ ... ,1218,2305DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} -
hxxps://securera-pilot.edwardjones.com/ ... ,1218,2305DPF: {49EC7987-E331-44E3-B170-748B58A268B9} -
hxxps://securera-pilot.edwardjones.com/ ... ,1218,2305DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} -
hxxps://securera-pilot.edwardjones.com/ ... ,1218,2305FF - ProfilePath - c:\documents and settings\Eric Grafnitz\Application Data\Mozilla\Firefox\Profiles\tpzzymco.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/reader/view/?hl=e ... rview-pageuser_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-27 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\WININET.dll
.
Completion time: 2011-04-27 17:59:10
ComboFix-quarantined-files.txt 2011-04-27 22:59
ComboFix2.txt 2011-04-23 21:47
.
Pre-Run: 290,160,599,040 bytes free
Post-Run: 290,307,006,464 bytes free
.
- - End Of File - - 96B565AD3C2AAFBD93D9EA130BD105AD