ComboFix 11-08-29.03 - Klaudia 08/30/2011 23:00:32.1.

2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1370 [GMT -5:00]
Running from: c:\users\Klaudia\Desktop\username123.exe.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\win32sta.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\windows\system32\win32sta.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))
))))))))))))))))))))))))
.
.
2011-08-30 21:36 . 2011-08-31 03:35
-------d-----wc:\progr
amdata\Avira
2011-08-30 21:25 . 2011-08-30 21:25
-------d--h--wc:\progr
amdata\Common Files
2011-08-30 21:25 . 2011-08-30 21:30
-------d-----wc:\progr
amdata\MFAData
2011-08-30 18:25 . 2011-08-30 18:25
-------d-----wc:\progr
am files\Trend Micro
2011-08-30 16:36 . 2009-04-03 21:00
1310720 ----a-wc:\windows\syste
m32\CNC560C.dll
2011-08-30 16:36 . 2009-04-03 20:59
110592 ----a-wc:\windows\syste
m32\CNC560I.dll
2011-08-30 16:36 . 2009-04-03 20:57
106496 ----a-wc:\windows\syste
m32\CNC560U.dll
2011-08-30 16:36 . 2009-03-19 19:38
303104 ----a-wc:\windows\syste
m32\CNC560L.dll
2011-08-30 15:56 . 2011-08-16 12:48
7152464 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{2A9AEA0C-0175-455F-91A7-2A47932C2E
F8}\mpengine.dll
2011-08-29 06:32 . 2011-08-29 06:57
-------d--h--wc:\windo
ws\msdownld.tmp
2011-08-26 05:11 . 2011-08-26 05:11
-------d--h--wc:\users
\Klaudia\AppData\Local\MicrosoftNT
2011-08-26 05:06 . 2011-08-26 05:06
-------d-----wc:\users
\Klaudia\AppData\Local\Enounce
2011-08-26 05:03 . 2011-08-26 05:03
-------d-----wc:\users
\Klaudia\AppData\Local\Downloaded Installations
2011-08-25 17:35 . 2011-08-25 17:35
-------d-----wc:\progr
am files\VideoLAN
2011-08-25 07:27 . 2011-08-25 07:37
-------d-----wc:\windo
ws\rescache
2011-08-25 02:44 . 2011-08-25 02:44
-------d-----wc:\progr
amdata\MemeoCommon
2011-08-25 02:44 . 2011-08-25 02:44
-------d-----wc:\users
\Klaudia\AppData\Roaming\Memeo
2011-08-25 02:44 . 2011-08-25 02:44
-------d-----wc:\users
\Klaudia\AppData\Roaming\Seagate
2011-08-25 02:43 . 2011-08-25 02:43
-------d-----wc:\progr
am files\Common Files\Memeo
2011-08-25 02:43 . 2011-08-25 02:43
-------d-----wc:\progr

am files\Memeo
2011-08-25 02:41 . 2011-08-25 02:43
-------d-----wc:\progr
am files\Seagate
2011-08-24 15:34 . 2011-07-09 04:30
2048
----a-wc:\windows\syste
m32\tzres.dll
2011-08-20 16:19 . 2011-06-15 09:04
86016 ----a-wc:\windows\syste
m32\odbccu32.dll
2011-08-20 16:19 . 2011-06-15 09:04
81920 ----a-wc:\windows\syste
m32\odbccr32.dll
2011-08-20 16:19 . 2011-06-15 09:04
319488 ----a-wc:\windows\syste
m32\odbcjt32.dll
2011-08-20 16:19 . 2011-06-15 09:04
163840 ----a-wc:\windows\syste
m32\odbctrac.dll
2011-08-20 16:19 . 2011-06-15 09:04
122880 ----a-wc:\windows\syste
m32\odbccp32.dll
2011-08-20 16:19 . 2011-06-15 09:04
94208 ----a-wc:\program files
\Common Files\System\Ole DB\msdaosp.dll
2011-08-20 16:15 . 2011-06-23 04:38
3957120 ----a-wc:\windows\syste
m32\ntkrnlpa.exe
2011-08-20 16:15 . 2011-06-23 04:38
3902336 ----a-wc:\windows\syste
m32\ntoskrnl.exe
2011-08-20 15:59 . 2011-04-29 02:57
311296 ----a-wc:\windows\syste
m32\drivers\srv.sys
2011-08-20 15:59 . 2011-04-29 02:57
309760 ----a-wc:\windows\syste
m32\drivers\srv2.sys
2011-08-20 15:59 . 2011-04-29 02:57
114176 ----a-wc:\windows\syste
m32\drivers\srvnet.sys
2011-08-20 15:59 . 2011-04-25 02:35
338944 ----a-wc:\windows\syste
m32\drivers\afd.sys
2011-08-20 15:59 . 2010-12-18 05:31
571904 ----a-wc:\windows\syste
m32\oleaut32.dll
2011-08-20 15:59 . 2011-05-24 10:35
294912 ----a-wc:\windows\syste
m32\umpnpmgr.dll
2011-08-20 15:57 . 2011-07-16 04:34
290816 ----a-wc:\windows\syste
m32\KernelBase.dll
2011-08-20 15:47 . 2011-01-17 05:38
161792 ----a-wc:\windows\syste
m32\d3d10_1.dll
2011-08-20 15:47 . 2011-04-29 05:08
759296 ----a-wc:\program files
\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-16 18:46 . 2011-04-09 05:56
123904 ----a-wc:\windows\syste
m32\poqexec.exe
2011-08-16 13:21 . 2011-08-16 13:21
-------d-----wc:\users
\Klaudia\AppData\Roaming\Epson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[7] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.2
1772_none_960c0dc1cdddb3a2\kernel32.dll
[7] 2011-07-16 . 7E99A20C758ABB5AE89C7AEEA3A9AEB2 . 868352 . . [6.1.7600.16850]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.1
6850_none_93afb334b78b3d5c\kernel32.dll

[7] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7601.17651]

. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.1
7651_none_95971084b4b0c29f\kernel32.dll
[7] 2011-07-16 . 12DD18C6ECADEDB922E40B494D315206 . 868352 . . [6.1.7600.21010]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.2
1010_none_946467d1d088a0a4\kernel32.dll
[7] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514]
. . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x8
6_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1
b9\kernel32.dll
[7] 2009-12-08 . EB7B2309A2B16EEB73C2C13477FEF8FB . 857088 . . [6.1.7600.20591]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.2
0591_none_940f0901d0c871a5\kernel32.dll
[7] 2009-12-08 . 0369BA73CE6D918745579B24339765E8 . 857088 . . [6.1.7600.16481]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.1
6481_none_93903c22b7a2b5ea\kernel32.dll
[-] 2009-07-14 . 2C69AF6EC2BF413E33A005EB87546BF5 . 868352 . . [6.1.7600.16385]
. . c:\windows\System32\kernel32.dll
[7] 2009-07-14 . 4605F7EE9805F7E1C98D6C959DD2949C . 857088 . . [6.1.7600.16385]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.1
6385_none_93943b64b79f1e1f\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143
ed}]
2008-11-18 18:58
333192 ----a-wc:\program files\AskBarDis\bar\b
in\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\as
kBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\as
kBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [
2006-10-27 31016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 11
83744]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [200
7-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-0
7-11 202256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS
.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164
584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
" [2010-10-29 249064]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.ex
e" [2010-04-30 79112]
.
c:\users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office
\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra0
8.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
Update.exe [2010-06-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\Goog
leUpdate.exe [2010-06-18 136176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 20736
0]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 98099
2]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13
661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\W
atAdminSvc.exe [2010-03-09 1343400]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\E
PW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\E
PW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-27 26168]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Se
agate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows V
ista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\ris
mc32.sys [2006-10-03 47488]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys
[2007-04-25 31232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
Pml Driver HPZ12 Net Driver HPZ12
HPService
REG_MULTI_SZ
HPSLPSVC
hpdevmgmt
REG_MULTI_SZ
hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 18:01]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 18:01]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770972852-140635212-26
30037756-1000Core.job
- c:\users\Klaudia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:5
9]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770972852-140635212-26
30037756-1000UA.job
- c:\users\Klaudia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:5
9]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\ilg
9q52l.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Moz
illa Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@il
limitux.net
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes -----------------------.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi
ce.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-30 23:32:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-31 04:32
.
Pre-Run: 10,567,090,176 bytes free
Post-Run: 13,888,856,064 bytes free
.
- - End Of File - - C64A1ABF7647F4EB708C2BEFB6A3188A