ComboFix 11-09-02.04 - Maria 09/02/2011 18:19:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1866 [GMT -7:00]
Running from: c:\users\Maria\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 01:28 . 2011-09-03 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-03 01:05 . 2011-09-03 01:05 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B56749D-B536-4C07-99E0-DD39C289EB7F}\MpKsl68035bd0.sys
2011-09-02 17:14 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B56749D-B536-4C07-99E0-DD39C289EB7F}\mpengine.dll
2011-09-01 23:47 . 2011-09-01 23:48 -------- d-----w- c:\windows\system32\ca-ES
2011-09-01 23:47 . 2011-09-01 23:48 -------- d-----w- c:\windows\system32\eu-ES
2011-09-01 23:47 . 2011-09-01 23:48 -------- d-----w- c:\windows\system32\vi-VN
2011-09-01 21:06 . 2011-09-01 21:06 -------- d-----w- C:\_OTL
2011-09-01 20:54 . 2011-09-01 20:54 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D94ECBDB-975B-43E6-91B4-C9912A7FA7D5}\gapaengine.dll
2011-09-01 20:53 . 2011-09-01 20:53 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-01 19:31 . 2011-09-01 19:31 -------- d-----w- C:\MGADiagToolOutput
2011-09-01 19:28 . 2011-09-01 19:28 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-08-27 19:29 . 2011-08-27 19:29 -------- d-----w- c:\windows\system32\EventProviders
2011-08-27 15:55 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-27 15:55 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-27 15:55 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-27 15:55 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-27 15:55 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-27 08:19 . 2009-04-11 06:28 499712 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-08-27 08:18 . 2009-04-11 06:31 507904 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2011-08-26 19:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-26 19:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-26 19:44 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-26 19:44 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-26 19:44 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-26 08:51 . 2011-08-26 08:51 -------- d-----w- c:\program files\Common Files\Java
2011-08-26 08:43 . 2011-08-26 08:49 -------- d-----w- c:\program files\Java
2011-08-26 07:38 . 2011-08-26 07:38 -------- d-----w- c:\program files\Microsoft Silverlight
2011-08-26 02:50 . 2011-08-27 06:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-26 02:50 . 2011-08-27 03:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-26 02:24 . 2011-08-26 02:24 -------- d-----r- C:\Sandbox
2011-08-26 02:05 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-26 02:05 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-26 02:05 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-26 01:58 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-08-26 01:58 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-08-26 01:58 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-08-26 01:58 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-08-26 01:58 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-08-26 01:58 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-08-25 19:07 . 2011-08-26 01:49 -------- d-----w- c:\program files\Common Files\Steam
2011-08-25 19:07 . 2011-09-03 01:06 -------- d-----w- c:\program files\Steam
2011-08-25 18:23 . 2011-08-25 18:23 -------- d-----w- c:\programdata\WindowsSearch
2011-08-25 18:17 . 2011-08-25 18:17 -------- d-----w- c:\windows\Intuit
2011-08-25 18:14 . 2010-10-19 20:51 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-08-25 18:10 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-25 18:09 . 2011-08-25 18:09 -------- d-----w- c:\programdata\Malwarebytes
2011-08-25 18:09 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 18:09 . 2011-08-25 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-25 18:09 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 18:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2011-08-25 18:02 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-25 18:02 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-25 18:02 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-25 18:02 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-25 18:02 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-25 18:02 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-25 18:01 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-08-25 18:01 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-08-25 18:01 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-08-25 18:01 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-08-25 18:01 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-08-25 18:01 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-08-25 18:01 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-25 17:57 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-25 17:57 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-25 17:57 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-25 17:57 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-08-25 17:57 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-25 17:57 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-25 17:57 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-08-25 17:57 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-08-25 17:57 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-08-25 17:57 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-25 17:57 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-25 17:57 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-25 17:57 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-25 17:56 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-08-25 17:56 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-08-25 17:56 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-25 17:56 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-08-25 17:56 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-25 17:56 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-25 17:55 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-25 17:55 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 17:55 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-25 17:55 . 2009-12-02 07:32 763904 ----a-w- c:\windows\system32\MSDTVVDEC.DLL
2011-08-25 17:55 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-25 17:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-25 17:55 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-08-25 17:53 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-08-25 17:52 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-08-25 17:51 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-08-25 17:51 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-25 17:40 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-08-25 17:40 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-08-25 17:37 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-25 17:37 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2011-08-25 17:26 . 2011-08-26 08:49 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-25 17:22 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-08-25 17:22 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-08-25 17:22 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-08-25 17:22 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-08-25 17:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-08-25 17:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-08-25 17:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-08-25 17:22 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-08-25 17:22 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-08-25 17:15 . 2011-08-27 03:11 -------- d-----w- c:\users\Maria
2011-08-25 07:06 . 2011-08-25 18:08 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-25 07:01 . 2008-10-18 01:19 98304 ----a-w- c:\windows\system32\VESWinlogon.dll
2011-08-25 06:58 . 2011-08-25 06:58 -------- d-----w- c:\programdata\Uninstall
2011-08-25 06:58 . 2011-08-25 06:58 -------- d-----w- c:\programdata\Sonic
2011-08-25 06:57 . 2008-08-29 23:23 129520 ----a-w- c:\windows\system32\pxafs.dll
2011-08-25 06:54 . 2005-04-27 23:36 245408 ----a-w- c:\windows\system32\unicows.dll
2011-08-25 06:54 . 1995-07-31 20:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2011-08-25 06:54 . 2011-08-25 17:26 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-08-25 06:54 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2011-08-25 06:54 . 2011-08-26 01:45 -------- d-----w- c:\program files\ArcSoft
2011-08-25 06:54 . 2001-09-05 11:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-08-25 06:54 . 2008-10-14 12:54 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-08-25 06:54 . 2001-09-05 11:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-25 06:54 . 2001-09-05 11:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-25 06:54 . 2001-09-05 11:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-25 06:50 . 2008-09-25 01:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-25 06:43 . 2011-08-25 06:43 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 20:22 . 2011-08-25 18:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-25 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
"Skytel"="Skytel.exe" [2008-10-17 1826816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-10-18 01:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
S1 MpKsl68035bd0;MpKsl68035bd0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B56749D-B536-4C07-99E0-DD39C289EB7F}\MpKsl68035bd0.sys [2011-09-03 28752]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-10-17 104992]
S2 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-09 122880]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-10-18 415584]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-04 446464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-08-22 9344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL68035BD0
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig/redirectdomain ... &bmod=SNYRmStart Page =
hxxp://www.google.com/ig/redirectdomain ... &bmod=SNYRTCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\12ig9t47.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-09-02 18:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-02 18:31:10
ComboFix-quarantined-files.txt 2011-09-03 01:31
.
Pre-Run: 159,878,742,016 bytes free
Post-Run: 159,825,047,552 bytes free
.
- - End Of File - - 25C3377F5D3578511610E8B89CE1E9A8