ComboFix 12-04-26.01 - Nensy Fensy 26.04.2012 15:19:12.1.1 - x86Microsoft Win

1. ComboFix 12-04-26.01 - Nensy Fensy 26.04.2012 15:19:12.1.1 - x86
2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.273 [GMT 2:00]
3. Running from: c:\documents and settings\Nensy Fensy\Desktop\ComboFix.exe
4. AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
5. .
6. .
7. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
8. .
9. .
10. c:\documents and settings\Nensy Fensy\WINDOWS
11. c:\windows\system32\urttemp
12. c:\windows\system32\urttemp\fusion.dll
13. c:\windows\system32\urttemp\mscoree.dll
14. c:\windows\system32\urttemp\mscoree.dll.local
15. c:\windows\system32\urttemp\mscorsn.dll
16. c:\windows\system32\urttemp\mscorwks.dll
17. c:\windows\system32\urttemp\msvcr71.dll
18. c:\windows\system32\urttemp\regtlib.exe
19. .
20. .
21. ((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
22. .
23. .
24. 2012-04-26 08:57 . 2012-04-26 08:57 -------- d-----w- C:\_OTL
25. 2012-04-25 12:22 . 2012-04-25 12:22 -------- d-----w- c:\documents and settings\Nensy Fensy\Application Data\Malwarebytes
26. 2012-04-25 12:22 . 2012-04-25 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
27. 2012-04-25 12:22 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
28. 2012-04-25 12:22 . 2012-04-25 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
29. .
30. .
31. .
32. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
33. .
34. 2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
35. 2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
36. 2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
37. 2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
38. 2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
39. 2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
40. 2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
41. 2012-03-18 10:59 . 2011-08-17 21:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
42. .
43. .
44. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
45. .
46. .
47. *Note* empty entries & legit default entries are not shown
48. REGEDIT4
49. .
50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
51. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-15 4866048]
52. "nwiz"="nwiz.exe" [2004-04-15 323584]
53. "00THotkey"="c:\windows\system32\00THotkey.exe" [2004-08-11 253952]
54. "000StTHK"="000StTHK.exe" [2001-06-23 24576]
55. "TFNF5"="TFNF5.exe" [2011-08-15 73728]
56. "SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2011-08-15 86073]
57. "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2011-08-15 98304]
58. "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-08-15 495616]
59. "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
60. "AGRSMMSG"="AGRSMMSG.exe" [2011-08-15 88363]
61. "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
62. "TPSMain"="TPSMain.exe" [2004-06-28 266240]
63. "TFncKy"="TFncKy.exe" [BU]
64. "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
65. "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
66. "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
67. "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
68. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
69. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
70. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
71. "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
72. .
73. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
74. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
75. .
76. c:\documents and settings\All Users\Start Menu\Programs\Startup\
77. RAMASST.lnk - c:\windows\system32\RAMASST.exe [2011-8-16 155648]
78. .
79. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
80. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
81. "%windir%\\system32\\sessmgr.exe"=
82. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
83. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
84. "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
85. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
86. .
87. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
88. "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
89. "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
90. .
91. R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
92. R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
93. R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 17:33 249648]
94. R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
95. R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25.4.2012 14:22 654408]
96. R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25.4.2012 14:22 22344]
97. S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
98. S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 19:31 195336]
99. S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
100. S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [1.1.2012 14:56 256512]
101. S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [1.1.2012 14:56 398720]
102. S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.4.2008 14:00 14336]
103. S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
104. .
105. --- Other Services/Drivers In Memory ---
106. .
107. *NewlyCreated* - 65849171
108. *NewlyCreated* - ASWMBR
109. *Deregistered* - 65849171
110. *Deregistered* - aswMBR
111. .
112. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
113. WINRM REG_MULTI_SZ WINRM
114. .
115. Contents of the 'Scheduled Tasks' folder
116. .
117. 2012-04-18 c:\windows\Tasks\Defraggler Volume C Task.job
118. - c:\program files\Defraggler\df.exe [2011-07-07 05:40]
119. .
120. 2012-04-18 c:\windows\Tasks\Defraggler Volume D Task.job
121. - c:\program files\Defraggler\df.exe [2011-07-07 05:40]
122. .
123. .
124. ------- Supplementary Scan -------
125. .
126. uStart Page = hxxp://www.google.com
127. mStart Page = hxxp://www.google.com
128. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
129. TCP: DhcpNameServer = 192.168.1.1
130. FF - ProfilePath - c:\documents and settings\Nensy Fensy\Application Data\Mozilla\Firefox\Profiles\z49iwjkv.default\
131. FF - prefs.js: browser.search.selectedEngine - Google
132. FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
133. .
134. - - - - ORPHANS REMOVED - - - -
135. .
136. AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
137. AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
138. .
139. .
140. .
141. **************************************************************************
142. .
143. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
144. Rootkit scan 2012-04-26 15:25
145. Windows 5.1.2600 Service Pack 3 NTFS
146. .
147. scanning hidden processes ...
148. .
149. scanning hidden autostart entries ...
150. .
151. scanning hidden files ...
152. .
153. scan completed successfully
154. hidden files: 0
155. .
156. **************************************************************************
157. .
158. --------------------- DLLs Loaded Under Running Processes ---------------------
159. .
160. - - - - - - - > 'winlogon.exe'(912)
161. c:\windows\system32\netprovcredman.dll
162. .
163. Completion time: 2012-04-26 15:27:13
164. ComboFix-quarantined-files.txt 2012-04-26 13:27
165. .
166. Pre-Run: 33.486.602.240 bytes free
167. Post-Run: 33.432.236.032 bytes free
168. .
169. WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
170. [boot loader]
171. timeout=2
172. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
173. [operating systems]
174. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
175. UnsupportedDebug="do not select this" /debug
176. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
177. .
178. - - End Of File - - 2426D2BB8DBDB4E5EDD86B43E08AFA59