Code:
ComboFix 10-01-17.04 - Brijesh Patel 18/01/2010 17:41:19.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2038.971 [GMT 0:00]
Running from: c:\users\Brijesh Patel\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1482476501-2000478354-725345543-1003
c:\recycler\S-1-5-21-1482476501-2000478354-725345543-1004
c:\windows\system32\OGACheckControl.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.
2010-01-18 11:09 . 2010-01-18 11:09 -------- d-----w- C:\RootkitNO
2010-01-18 10:51 . 2010-01-18 10:51 2 --shatr- c:\windows\winstart.bat
2010-01-18 10:50 . 2010-01-18 11:36 -------- d-----w- c:\program files\UnHackMe
2010-01-18 08:23 . 2010-01-18 08:23 -------- d-----w- c:\program files\MSXML 4.0
2010-01-17 12:15 . 2010-01-17 12:19 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2010-01-17 12:15 . 2010-01-17 12:15 -------- d-----w- c:\program files\Pinnacle
2010-01-17 12:15 . 2010-01-17 12:15 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-01-17 12:12 . 2010-01-17 12:12 -------- d-----w- c:\programdata\Pinnacle
2010-01-17 12:08 . 2010-01-17 12:12 -------- d-----w- c:\users\Brijesh Patel\AppData\Local\Downloaded Installations
2010-01-16 16:41 . 2010-01-18 11:46 -------- d-----w- c:\users\Brijesh Patel\eee
2010-01-16 16:24 . 2010-01-16 16:24 476512 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\RadioRip.dll
2010-01-16 16:24 . 2010-01-16 16:24 169312 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgSoundclick.dll
2010-01-16 16:24 . 2010-01-16 16:24 128352 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgMyspace.dll
2010-01-16 16:24 . 2010-01-16 16:24 111968 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgPandora.dll
2010-01-16 16:24 . 2010-01-16 16:24 99680 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgIJigg.dll
2010-01-16 16:24 . 2010-01-16 16:24 230752 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgHypemachine.dll
2010-01-16 16:24 . 2010-01-16 16:24 111968 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgLastfm.dll
2010-01-16 16:24 . 2010-01-16 16:24 87392 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgDefault.dll
2010-01-16 16:24 . 2010-01-16 16:24 140640 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgDeezer.dll
2010-01-16 16:24 . 2010-01-16 16:24 120160 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgGeneral.dll
2010-01-16 16:24 . 2010-01-16 16:24 495616 ----a-w- c:\programdata\RapidSolution\Tunebite_2009\EncodingBackend\lame_enc.dll
2010-01-16 16:23 . 2010-01-16 16:23 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-01-16 16:20 . 2010-01-16 16:35 -------- d-----w- c:\program files\RapidSolution
2010-01-16 16:20 . 2010-01-16 16:20 -------- d-----w- c:\programdata\RapidSolution
2010-01-16 16:20 . 2010-01-16 16:20 -------- d-----w- c:\users\Brijesh Patel\AppData\Local\RapidSolution
2010-01-16 15:54 . 2009-12-04 12:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-01-16 15:21 . 2010-01-17 13:52 -------- d-----w- c:\users\Brijesh Patel\AppData\Local\WMTools Downloaded Files
2010-01-16 15:11 . 2010-01-16 15:11 -------- d-----w- c:\program files\Movie Maker 2.6
2010-01-16 15:08 . 2010-01-16 15:07 38784 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-16 15:08 . 2010-01-16 15:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-16 15:08 . 2010-01-16 15:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-16 12:10 . 2010-01-16 13:59 -------- d-----w- c:\program files\PowerMenu
2010-01-13 18:52 . 2010-01-13 18:52 -------- d-----w- c:\program files\Lavasoft
2010-01-13 16:46 . 2010-01-13 16:46 6944624 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2010-01-13 16:44 . 2010-01-13 16:46 -------- d-----w- c:\programdata\Lavasoft
2010-01-13 15:53 . 2010-01-13 17:16 -------- d-----w- c:\program files\FreeTime
2010-01-13 15:53 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:53 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 20:05 . 2010-01-11 20:05 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-01-11 16:30 . 2010-01-11 16:32 -------- d-----w- c:\users\Brijesh Patel\AppData\Local\Adobe
2010-01-10 12:39 . 2010-01-10 12:39 -------- d-----w- c:\program files\Common Files\logishrd
2010-01-10 12:09 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-10 12:09 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-10 12:08 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-10 12:08 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-10 12:08 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-10 12:08 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-10 12:08 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-10 12:02 . 2010-01-10 12:03 -------- d-----w- c:\windows\$regcmp$
2010-01-10 09:10 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 09:10 . 2010-01-10 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 09:10 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 16:55 . 2010-01-09 16:55 -------- d-----w- c:\programdata\F-Secure
2010-01-09 15:46 . 2010-01-09 15:47 -------- d-----w- C:\SDFix
2010-01-09 15:30 . 2010-01-10 11:51 13896 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-09 15:29 . 2010-01-09 15:33 -------- d-----w- c:\programdata\Hitman Pro
2010-01-09 15:29 . 2010-01-09 15:29 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-01-09 14:26 . 2010-01-09 14:28 -------- d-sh--w- c:\users\Brijesh Patel\.COMMgr
2010-01-03 16:26 . 2008-01-21 07:54 485376 ----a-w- c:\windows\system32\mspaint.exe
2010-01-01 13:14 . 2010-01-01 13:15 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-12-24 13:24 . 2009-12-24 13:24 -------- d-----w- c:\programdata\Sony Corporation
2009-12-24 11:58 . 2009-12-24 12:01 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\ImgBurn
2009-12-24 11:38 . 2009-12-24 11:38 -------- d-----w- c:\program files\ImgBurn
2009-12-22 13:53 . 2009-12-22 13:53 -------- d-----w- c:\users\Brijesh Patel\AppData\Local\Yahoo
2009-12-22 13:53 . 2009-12-22 13:53 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\Yahoo!
2009-12-22 13:43 . 2009-12-22 13:43 -------- d-----w- c:\programdata\Yahoo!
2009-12-22 13:43 . 2009-11-10 16:08 607544 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-12-22 13:40 . 2009-12-22 13:43 -------- d-----w- c:\program files\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 10:50 . 2009-10-24 17:44 -------- d-----w- c:\program files\Java
2010-01-18 09:03 . 2009-10-24 17:30 117760 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-17 17:53 . 2009-10-24 18:30 115096 ----a-w- c:\users\Other Users\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-17 17:46 . 2009-10-25 17:43 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\vlc
2010-01-17 12:19 . 2009-10-24 16:54 115096 ----a-w- c:\users\Brijesh Patel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-14 16:52 . 2009-10-24 17:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-13 16:15 . 2009-12-18 08:53 52224 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-13 16:13 . 2009-12-05 21:21 -------- d-----w- c:\program files\a-squared Free
2010-01-13 15:58 . 2009-10-25 07:38 -------- d-----w- c:\programdata\Microsoft Help
2010-01-10 15:08 . 2009-10-26 17:07 -------- d-----w- c:\programdata\SpeedBit
2010-01-10 14:56 . 2009-10-24 17:47 -------- d-----w- c:\program files\Mp3tag
2010-01-10 14:55 . 2009-10-24 17:47 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\Mp3tag
2010-01-10 13:01 . 2010-01-10 12:39 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-09 21:33 . 2009-12-10 08:10 -------- d-----w- c:\program files\SpywareBlaster
2010-01-09 13:51 . 2009-10-24 17:52 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-03 12:38 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-01-03 12:38 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-01-03 12:38 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2009-12-30 10:35 . 2009-10-24 17:15 -------- d-----w- c:\program files\BatteryBar
2009-12-30 10:35 . 2009-10-24 17:16 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\BatteryBar
2009-12-26 15:01 . 2009-10-24 17:37 -------- d-----w- c:\program files\Google
2009-12-24 18:29 . 2009-10-25 16:01 -------- d-----w- c:\program files\Sony
2009-12-24 13:24 . 2009-10-25 16:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 14:31 . 2009-10-24 18:03 -------- d-----w- c:\program files\The KMPlayer
2009-12-18 16:35 . 2009-12-18 16:34 -------- d-----w- c:\program files\QuickTime
2009-12-18 16:34 . 2009-12-18 16:34 -------- d-----w- c:\programdata\Apple Computer
2009-12-16 20:12 . 2009-11-16 18:20 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\ICAClient
2009-12-12 10:18 . 2009-12-12 10:18 -------- d-----w- c:\program files\Gameloft
2009-12-11 17:42 . 2009-12-11 17:42 0 ----a-w- c:\programdata\RapidSolution\GUIcommon.dll
2009-12-11 15:59 . 2009-12-11 15:59 -------- d-----w- c:\program files\ThreatFire
2009-12-11 15:59 . 2009-12-11 15:59 -------- d-----w- c:\programdata\PC Tools
2009-12-04 19:00 . 2009-12-04 19:00 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\Ashampoo
2009-11-29 15:18 . 2009-11-29 15:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-29 15:18 . 2009-11-29 15:18 -------- d-----w- c:\program files\OpenAL
2009-11-29 15:18 . 2009-11-29 15:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-28 17:11 . 2009-11-28 17:11 138240 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-28 17:11 . 2009-11-28 17:11 138240 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-28 17:11 . 2009-11-28 17:11 138240 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-28 17:11 . 2009-11-28 17:11 138240 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-28 17:11 . 2009-10-29 10:24 -------- d-----w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab
2009-11-28 13:14 . 2009-11-28 13:01 -------- d-----w- c:\program files\Opera
2009-11-26 19:14 . 2009-11-26 19:14 -------- d-----w- c:\program files\Auslogics
2009-11-26 17:15 . 2009-11-26 17:15 -------- d-----w- c:\program files\Citrix
2009-11-23 12:49 . 2009-12-11 15:59 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-11-23 12:49 . 2009-12-11 15:59 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-11-23 12:49 . 2009-12-11 15:59 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-11-17 07:45 . 2009-11-17 07:45 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2009-11-17 07:45 . 2009-11-17 07:45 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2009-11-17 07:45 . 2009-11-17 07:45 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2009-11-17 07:45 . 2009-11-17 07:45 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2009-11-15 08:53 . 2009-11-15 08:53 20480 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-11-15 08:53 . 2009-11-15 08:53 18944 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-11-15 08:53 . 2009-11-15 08:53 17408 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2009-11-15 08:53 . 2009-11-15 08:53 8192 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-11-15 08:53 . 2009-11-15 08:53 20480 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-11-02 20:42 . 2009-12-13 18:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 10:24 . 2009-10-29 10:24 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_d_ind.dll
2009-10-29 10:24 . 2009-10-29 10:24 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_c_ind.dll
2009-10-29 10:24 . 2009-10-29 10:24 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_b_ind.dll
2009-10-29 10:24 . 2009-10-29 10:24 247296 ----a-w- c:\users\Brijesh Patel\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_9_0_a_ind.dll
2009-10-29 07:22 . 2009-11-24 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-25 13:53 . 2009-10-25 13:53 720896 ----a-w- c:\windows\iun6002.exe
2009-10-24 17:13 . 2009-10-24 17:13 0 ----a-w- c:\windows\nsreg.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\users\Brijesh Patel\Documents\CoreTemp32\Core Temp.exe" [2009-10-24 378384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-11-23 378128]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Brijesh Patel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Brijesh Patel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-11 17:15 173592 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-11 17:15 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 16:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-11 17:15 150552 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-26 00:39 4489216 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-26 00:39 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [11/12/2009 15:59 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [11/12/2009 15:59 59664]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/01/2010 12:08 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 20:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 20:24 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [05/12/2009 21:21 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/01/2010 12:08 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/01/2010 12:08 53328]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [26/10/2009 17:57 6000640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 20:24 7408]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [03/08/2007 5:36 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13/07/2009 22:13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13/07/2009 22:13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13/07/2009 22:13 661504]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [11/12/2009 15:59 33552]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [24/10/2009 16:13 812544]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\System32\drivers\WsAudio_DeviceS(1).sys [16/01/2010 15:54 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [13/07/2009 22:02 311296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 17:37 133104]
S2 PskSvcRetailInst;PskSvcRetailInst;c:\users\BRIJES~1\AppData\Local\Temp\ISSCAN\PskSvc.exe --> c:\users\BRIJES~1\AppData\Local\Temp\ISSCAN\PskSvc.exe [?]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - Partizan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 16:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 17:37]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 17:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
TCP: {BB929842-C69D-49F1-BCF1-183BECE4CD17} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Brijesh Patel\AppData\Roaming\Mozilla\Firefox\Profiles\5xaz82fm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-GrooveMonitor - c:\progra~1\MIF5BA~1\Office14\GROOVEMN.EXE
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x859A0841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84cade88
QueryNameProcedure -> 0x84cad018
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,1c,11,cd,36,a4,8e,4f,aa,c8,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,1c,11,cd,36,a4,8e,4f,aa,c8,da,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \BBC]
"Order"=hex:08,00,00,00,02,00,00,00,dc,02,00,00,01,00,00,00,05,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,bf,f7,e9,20,00,42,42,43,2d,42,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \Bookmarks bar]
"Order"=hex:08,00,00,00,02,00,00,00,9c,05,00,00,01,00,00,00,0d,00,00,00,7e,00,
00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,61,f6,a9,20,00,43,41,4c,4c,4f,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \Other]
"Order"=hex:08,00,00,00,02,00,00,00,6c,00,00,00,01,00,00,00,01,00,00,00,60,00,
00,00,00,00,00,00,52,00,31,00,00,00,00,00,00,9e,10,65,10,00,45,79,65,73,69,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \Other\Eyesight]
"Order"=hex:08,00,00,00,02,00,00,00,dc,07,00,00,01,00,00,00,0a,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,cd,00,00,00,00,90,52,a8,20,00,41,4e,44,52,45,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \PC]
"Order"=hex:08,00,00,00,02,00,00,00,bc,0e,00,00,01,00,00,00,16,00,00,00,c6,00,
00,00,14,00,00,00,b8,00,32,00,cd,00,00,00,00,57,89,8c,20,00,5f,54,4f,4f,4c,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \PSP]
"Order"=hex:08,00,00,00,02,00,00,00,b2,00,00,00,01,00,00,00,01,00,00,00,a6,00,
00,00,00,00,00,00,98,00,32,00,cd,00,00,00,00,e4,b4,8c,20,00,47,41,4d,45,57,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* \YouTube]
"Order"=hex:08,00,00,00,02,00,00,00,7c,03,00,00,01,00,00,00,06,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,cd,00,00,00,00,b3,13,9e,20,00,42,45,53,54,59,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\O*t*h*e*r* \Eyesight]
"Order"=hex:08,00,00,00,02,00,00,00,dc,07,00,00,01,00,00,00,0a,00,00,00,bc,00,
00,00,00,00,00,00,ae,00,32,00,cd,00,00,00,00,5a,9b,20,20,00,41,4e,44,52,45,\
[HKEY_USERS\S-1-5-21-496605846-828089313-3777899986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*C* ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,0e,0f,00,00,01,00,00,00,16,00,00,00,a2,00,
00,00,03,00,00,00,94,00,32,00,cd,00,00,00,00,42,cf,5e,20,00,41,44,42,4c,4f,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\MPR.dll
- - - - - - - > 'lsass.exe'(540)
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\psbase.dll
.
Completion time: 2010-01-18 18:01:18
ComboFix-quarantined-files.txt 2010-01-18 18:01
Pre-Run: 123,391,926,272 bytes free
Post-Run: 123,737,174,016 bytes free
- - End Of File - - 1075F4874AF0E2C1274270529424340C