ComboFix 11-06-22.05 - user 06/23/2011 11:36:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2459 [GMT -5:00]
Running from: c:\documents and settings\user\My Documents\malware removal programs\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
FILE ::
"c:\documents and settings\user\My Documents\program installs BUS\BlubsterSetup.exe"
"c:\documents and settings\user\My Documents\program installs BUS\psuite45.exe"
"c:\documents and settings\user\My Documents\program installs BUS\rb09_4_4_0_17.exe"
"c:\documents and settings\user\My Documents\program installs BUS\RegistryReviverSetup.exe"
"c:\documents and settings\user\My Documents\programinstalls\rb09_4_4_0_17.exe"
"c:\documents and settings\user\My Documents\programinstalls\RegistryReviverSetup.exe"
"c:\documents and settings\user\My Documents\programinstalls\ShareazaV6.exe"
"c:\documents and settings\user\My Documents\programinstalls\weatherbug.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ReviverSoft
c:\documents and settings\All Users\Application Data\ReviverSoft\Registry Reviver\Backup\Backup_July_02_10_06_31_39.reg
c:\documents and settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\1033.MST
c:\documents and settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi
c:\documents and settings\All Users\Application Data\ReviverSoft\Registry Reviver\LOGS\LOGS_07_02_2010_06_28_06_AM.log
c:\documents and settings\All Users\Application Data\ReviverSoft\Registry Reviver\TipofDay_EN.xml
c:\documents and settings\user\My Documents\program installs BUS\BlubsterSetup.exe
c:\documents and settings\user\My Documents\program installs BUS\psuite45.exe
c:\documents and settings\user\My Documents\program installs BUS\rb09_4_4_0_17.exe
c:\documents and settings\user\My Documents\program installs BUS\RegistryReviverSetup.exe
c:\documents and settings\user\My Documents\programinstalls\rb09_4_4_0_17.exe
c:\documents and settings\user\My Documents\programinstalls\RegistryReviverSetup.exe
c:\documents and settings\user\My Documents\programinstalls\ShareazaV6.exe
c:\documents and settings\user\My Documents\programinstalls\weatherbug.exe
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-21 23:22 . 2011-06-21 23:22 -------- d-----w- c:\program files\ESET
2011-06-21 23:04 . 2011-06-21 23:04 -------- d-----w- c:\program files\Common Files\Java
2011-06-21 23:04 . 2011-06-21 23:03 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-21 23:04 . 2011-06-21 23:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 23:04 . 2011-06-21 23:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-21 12:21 . 2011-06-21 12:21 -------- d-----w- c:\documents and settings\user\AbiSuite
2011-06-21 12:20 . 2011-06-21 12:20 -------- d-----w- c:\program files\AbiSuite2
2011-06-20 22:27 . 2011-06-20 22:27 -------- d-----w- C:\_OTL
2011-06-20 01:15 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 01:14 . 2011-06-20 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-20 01:14 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 12:51 . 2011-06-17 12:53 -------- d-----w- C:\0936a25e2e974c8c1057
2011-06-16 22:17 . 2011-06-16 22:17 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-16 12:25 . 2011-06-16 12:25 50247 ----a-w- c:\program files\Common Files\Microsoft Shared\Proof\Uninstal.exe
2011-06-16 02:45 . 2011-06-16 02:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 00:02 . 2011-06-17 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-06-15 23:22 . 2011-05-25 20:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll
2011-06-15 23:22 . 2011-06-15 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2011-06-15 23:22 . 2011-06-15 23:22 -------- d-----w- c:\program files\NOS
2011-06-15 23:05 . 2011-06-15 23:05 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-15 22:38 . 2011-06-15 22:38 -------- d-----w- c:\program files\Trend Micro
2011-06-15 01:36 . 2011-06-15 23:09 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-15 00:53 . 2011-06-15 00:53 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 23:34 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-14 01:01 . 2011-06-23 16:48 -------- d-----w- c:\windows\system32\CatRoot2
2011-05-30 22:39 . 2011-05-30 22:39 -------- d-----w- c:\documents and settings\user\Application Data\Superfish
2011-05-30 22:39 . 2011-05-30 22:39 -------- d-----w- c:\program files\Superfish
2011-05-30 22:39 . 2011-05-30 22:39 -------- d-----w- c:\documents and settings\All Users\Application DataMozilla
2011-05-30 17:34 . 2011-05-30 17:49 -------- d-----w- C:\48ff03d23d8e16dee0
2011-05-28 13:12 . 2011-05-28 13:36 -------- d-----w- c:\documents and settings\user\Application Data\Nero
2011-05-28 13:10 . 2011-05-28 13:10 -------- d-----w- c:\program files\Common Files\Nero
2011-05-28 13:10 . 2011-05-28 13:11 -------- d-----w- c:\program files\Nero
2011-05-28 13:10 . 2011-05-28 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-05-28 13:09 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-05-28 13:09 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-05-28 13:08 . 2011-05-28 13:08 -------- d-----w- c:\windows\Logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 03:04 . 2011-01-25 23:11 28672 ----a-w- c:\windows\system32\SpyShelterShellExt.dll
2011-05-02 15:31 . 2010-06-04 01:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 21:47 . 2011-04-28 21:47 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2011-04-28 11:57 . 2011-04-28 11:57 112456 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2011-04-28 11:57 . 2011-04-28 11:57 97096 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2011-04-28 11:57 . 2011-04-28 11:57 143432 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2011-04-28 11:57 . 2011-04-28 11:57 129992 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2011-04-28 11:57 . 2011-04-28 11:57 111688 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyShelter"="c:\program files\SpyShelter Personal Free\SpyShelter.exe" [2011-05-30 2565616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 12:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 00:07 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 09:47 163840 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-09-24 07:08 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 09:47 131072 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 21:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-05-29 14:11 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 09:46 135168 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-06-30 20:33 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-09 00:35 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-19 09:26 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-02-18 10:58 206184 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/19/2011 4:39 PM 28552]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4/28/2011 6:57 AM 129992]
R1 SpyShelter;SpyShelter;c:\program files\SpyShelter Personal Free\SpyShelter.sys [1/25/2011 6:10 PM 158192]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 2:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 4:40 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2011 8:15 PM 366640]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/28/2011 6:58 AM 140608]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [3/4/2011 11:39 AM 584488]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 1:35 PM 196912]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [4/28/2011 6:57 AM 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/28/2011 6:57 AM 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/28/2011 6:57 AM 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [4/28/2011 6:57 AM 112456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2011 8:14 PM 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/15/2010 6:36 PM 1684736]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\user\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\user\LOCALS~1\Temp\CFcatchme.sys [?]
S3 mr8980;Digital Wireless Camera;c:\windows\system32\drivers\mr8980.sys [7/16/2010 4:56 PM 69632]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 22:12]
.
2011-06-23 c:\windows\Tasks\User_Feed_Synchronization-{EBD685C4-8CE4-42A7-A4DA-9B8ED27675CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://google.com/uInternet Settings,ProxyOverride = *.local
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\22nsm24y.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Window Shopper - Powered by Superfish:
superfish@superfish.com - c:\documents and settings\All Users\Application DataMozilla\Extensions\superfish@superfish.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-06-23 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,b3,4a,c8,17,f1,4e,46,b3,c9,e4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,b3,4a,c8,17,f1,4e,46,b3,c9,e4,\
.
[HKEY_USERS\S-1-5-21-854245398-2049760794-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(6716)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
c:\program files\Common Files\Nero\NeroShellExt\SolutionExplorer.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
c:\windows\system32\SpyShelterShellExt.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Tracker Software\Shell Extensions\XCShInfo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-23 17:20:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 22:20
ComboFix2.txt 2011-06-22 22:45
.
Pre-Run: 271,242,735,616 bytes free
Post-Run: 271,227,166,720 bytes free
.
- - End Of File - - 78515CCD0113CF61C06BE639E5AC8545