========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.28.0 log created on 09142011_221218
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 27
Java(TM) 6 Update 7
Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.1.102.64
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
COGECO Security Services Anti-Virus fsgk32st.exe
COGECO Security Services Anti-Virus FSGK32.EXE
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
COGECO Security Services Anti-Virus fssm32.exe
COGECO Security Services Anti-Virus fsav32.exe
Windows Defender MsMpEng.exe
``````````End of Log```````````` ComboFix 11-09-14.02 - Darlene 09/14/2011 21:54:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1231 [GMT -4:00]
Running from: c:\documents and settings\Darlene\Desktop\ComboFix.exe
AV: COGECO Security Services 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: COGECO Security Services 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Darlene\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Darlene\Local Settings\Application Data\ApplicationHistory\ConfigWizards.exe.7492e342.ini
c:\documents and settings\Darlene\Local Settings\Application Data\ApplicationHistory\dndlauncher.exe.49f1997f.ini
c:\documents and settings\Darlene\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Darlene\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.e40d002e.ini
c:\documents and settings\Darlene\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.d8bd62d4.ini
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\SGPSA
c:\windows\Downloaded Program Files\popcaploader.dll
Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\documents and settings\Administrator\NTUSER.DAT.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))
.
.
2011-09-15 01:35 . 2011-09-15 01:35 -------- d-----w- C:\_OTL
2011-09-13 19:00 . 2011-08-16 12:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D49DA1D4-9035-47C2-A70B-6D9CC4863102}\mpengine.dll
2011-09-12 20:26 . 2011-09-12 20:26 -------- d-----w- c:\program files\ACW
2011-09-12 19:45 . 2011-09-12 19:45 -------- d-----w- c:\documents and settings\Darlene\Application Data\CBS Interactive
2011-09-12 19:41 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-09 20:00 . 2011-09-09 20:00 -------- d-----w- c:\program files\File Type Assistant
2011-09-09 19:59 . 2011-09-09 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-09-09 19:59 . 2011-09-09 19:59 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-09-06 19:01 . 2011-09-06 19:01 -------- d-----w- c:\program files\CCleaner
2011-09-06 18:00 . 2011-08-16 12:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-06 18:00 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-06 17:59 . 2011-09-06 17:59 -------- d-----w- c:\program files\Windows Defender
2011-09-03 15:44 . 2011-09-03 15:44 -------- d-----w- c:\documents and settings\Darlene\Application Data\VirtualStore
2011-08-29 04:31 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-08-29 04:31 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-08-29 04:31 . 2011-08-29 04:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-08-24 02:36 . 2011-08-24 02:36 -------- d-----w- c:\program files\iPod
2011-08-24 02:36 . 2011-08-24 02:37 -------- d-----w- c:\program files\iTunes
2011-08-24 02:33 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-08-24 02:33 . 2011-05-10 12:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-08-24 02:33 . 2011-08-24 02:33 -------- d-----w- c:\program files\Bonjour
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-24 02:29 . 2011-08-24 02:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-24 02:29 . 2011-08-24 02:29 -------- d-----w- c:\program files\QuickTime
2011-08-23 00:50 . 2011-08-23 00:54 -------- d-----w- c:\program files\SecondLifeViewer2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-02 02:55 . 2011-05-18 01:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 21:17 . 2011-03-27 01:06 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-07-19 09:05 . 2010-04-24 17:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2009-06-29 13:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2009-03-20 06:27 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-08 04:20 . 2011-06-08 04:20 11363664 ----a-w- c:\program files\SUPERAntiSpywarePro.exe
2011-06-08 03:48 . 2011-06-08 03:48 7109120 ----a-w- c:\program files\registrybooster.exe
2011-06-01 03:24 . 2011-06-01 03:23 9352392 ----a-w- c:\program files\Install_MSN_Messenger
2011-05-07 06:07 . 2011-05-07 06:07 440 ----a-w- c:\program files\050720112070929.bat
2011-04-28 02:33 . 2011-04-28 02:32 9013888 ----a-w- c:\program files\MSNOIE8_ENCA_XPL.EXE
2011-02-22 02:06 . 2011-02-22 02:06 442 -c--a-w- c:\program files\0221201121065109.bat
2011-01-31 02:03 . 2011-01-31 02:03 5095264 ----a-w- c:\program files\FLVPlayerSetup.exe
2011-01-21 20:06 . 2011-01-21 20:06 208072 ----a-w- c:\program files\bigfishgamesRainbowWEb2.exe
2011-01-21 18:37 . 2011-01-21 18:37 208072 ----a-w- c:\program files\bigfishgamesSUperGRanny.exe
2010-10-19 21:18 . 2010-10-19 21:18 554280 ----a-w- c:\program files\Mats_Run.AudioPlayback.exe
2010-10-18 15:18 . 2010-10-18 15:17 554264 ----a-w- c:\program files\Mats_Run.IEAddon.exe
2010-09-11 02:04 . 2010-09-11 02:04 441 ----a-w- c:\program files\0910201022044203.bat
2010-06-13 04:02 . 2010-06-13 04:02 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-05-10 18:56 . 2010-04-29 00:17 299864 ----a-w- c:\program files\dxwebsetup.exe
2010-05-01 04:02 . 2010-05-01 04:02 24099296 ----a-w- c:\program files\Second_Life_2-0-1-203797_Setup.exe
2010-04-29 20:59 . 2010-04-29 20:59 252564 ----a-w- c:\program files\FHSetup.exe
2010-04-29 02:40 . 2010-04-29 02:40 22080360 ----a-w- c:\program files\NDP30SP2-KB976570-x64.exe
2010-04-26 19:40 . 2010-04-26 19:40 3774872 ----a-w- c:\program files\rcsetup137.exe
2010-04-26 19:39 . 2010-04-26 19:39 4165768 ----a-w- c:\program files\dfsetup118.exe
2010-04-26 19:39 . 2010-04-26 19:39 3382520 ----a-w- c:\program files\ccsetup231.exe
2010-04-24 18:04 . 2010-04-24 18:04 82045688 ----a-w- c:\program files\197.45_desktop_winxp_32bit_english_whql.exe
2010-04-24 17:53 . 2010-04-24 17:53 921376 ----a-w- c:\program files\JavaSetup6u20.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Point Finder\Helper.dll" [2011-06-21 357376]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2011-06-21 21:23 1544192 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2011-06-21 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2011-06-21 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-03-22 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-02-15 61440]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-03-22 69632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"F-Secure Manager"="c:\program files\COGECO Security Services\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\COGECO Security Services\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
c:\documents and settings\Darlene\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Darlene\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-8-30 2620416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LXCECATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58436:TCP"= 58436:TCP:Pando Media Booster
"58436:UDP"= 58436:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [3/26/2011 9:06 PM 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [3/26/2011 9:06 PM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\COGECO Security Services\HIPS\drivers\fshs.sys [3/26/2011 9:06 PM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/12/2011 3:41 PM 366152]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 4:46 PM 117288]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 4:46 PM 117288]
R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 4:46 PM 154152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys [3/26/2011 9:06 PM 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\COGECO Security Services\ORSP Client\fsorsp.exe [3/26/2011 9:06 PM 61088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/12/2011 3:41 PM 22216]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Darlene\Local Settings\Temporary Internet Files\Content.IE5\SOOA4NAJ\SASKUTIL.SYS --> c:\documents and settings\Darlene\Local Settings\Temporary Internet Files\Content.IE5\SOOA4NAJ\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/19/2010 6:28 PM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/22/2010 2:38 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/19/2010 6:28 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsfilter.sys [3/26/2011 9:06 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\COGECO Security Services\Anti-Virus\win2k\fsrec.sys [3/26/2011 9:06 PM 25184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-29 21:02]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 22:28]
.
2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 22:28]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb70c1aab709f4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 22:28]
.
2011-09-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-09-03 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-10-23 16:03]
.
2010-10-23 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-10-23 16:03]
.
2011-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 880562e9-38fd-4374-ade6-704245a712df.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-05 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.computerhope.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-09-14 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16?
?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-854245398-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Darlene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Darlene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Darlene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Darlene\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\program files\cogeco security services\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(744)
c:\program files\cogeco security services\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(3636)
c:\windows\system32\WININET.dll
c:\program files\cogeco security services\hips\fshook32.dll
c:\program files\COGECO Security Services\Spam Control\fsscoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COGECO Security Services\Anti-Virus\fsgk32st.exe
c:\program files\COGECO Security Services\Common\FSMA32.EXE
c:\program files\COGECO Security Services\Anti-Virus\FSGK32.EXE
c:\program files\COGECO Security Services\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\COGECO Security Services\FWES\Program\fsdfwd.exe
c:\program files\COGECO Security Services\Anti-Virus\fssm32.exe
c:\program files\COGECO Security Services\Anti-Virus\fsav32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\lxcecoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-14 22:09:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-15 02:09
.
Pre-Run: 218,044,141,568 bytes free
Post-Run: 218,032,193,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0971C76DCB125B6DF85C43911BF8674A