ÇÑÃ*Ã� ÊÃ�áÃ*á ÊÞÑÃ*Ñ ÇáÃÃ�ÇÉ ComboFix

[|ÈäÊ ÑÇß ●]

<div>

ÇáÓáÇã ÚáÃ*ßã

Ã*ÇÌãÇÚÉ ÞãÊ ÈÃ�Ã�Õ ááÌåÇÒ ÈÇáÃÃ�ÇÉ ComboFix æÙåÑ áÃ* ÇáÊÞÑÃ*Ñ ÇáÊÇáÃ* åá ÌåÇÒÃ* ÓáÃ*ã ¿

ComboFix 12-11-03.02 - PC 11/03/2012 12:16:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.503.279 [GMT -8:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hosts
c:\windows\system32\muzapp.exe
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2F3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 09:23 . 2012-11-03 09:23 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\DigitalVolcano
2012-11-03 09:18 . 2012-11-03 09:18 -------- d-----w- c:\program files\Duplicate Cleaner
2012-10-30 23:40 . 2012-10-30 23:45 -------- d-----w- c:\windows\system32\Adobe
2012-10-30 07:48 . 2012-10-30 07:48 -------- d-----w- C:\Medion
2012-10-28 22:15 . 2012-11-01 15:26 -------- d-----w- c:\documents and settings\PC\Application Data\IDM
2012-10-28 22:15 . 2012-10-28 22:15 -------- d-----w- c:\program files\Internet Download Manager
2012-10-28 13:08 . 2012-10-28 13:08 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-10-28 13:08 . 2012-10-28 13:08 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\eSupport.com
2012-10-28 12:04 . 2012-10-30 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverGenius
2012-10-28 12:03 . 2012-10-28 12:03 -------- d-----w- c:\program files\Driver-Soft
2012-10-27 20:00 . 2012-10-27 20:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 20:00 . 2012-10-27 20:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-27 18:36 . 2012-09-25 07:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-25 15:41 . 2012-10-25 15:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-10-25 14:18 . 2012-10-25 14:18 -------- d-----w- c:\windows\Downloaded Installations
2012-10-25 06:56 . 2012-10-25 06:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-22 20:38 . 2008-04-14 13:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-10-22 20:38 . 2008-04-14 13:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-10-22 20:38 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-10-22 20:38 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-10-22 20:38 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-10-22 20:38 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-10-22 20:38 . 2008-04-14 06:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-10-22 20:38 . 2001-08-17 20:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-10-22 20:38 . 2008-04-14 08:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-10-22 20:38 . 2008-04-14 13:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-10-22 20:38 . 2008-04-14 06:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-10-22 20:36 . 2001-08-17 21:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-10-22 20:35 . 2001-08-18 06:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2012-10-22 20:34 . 2001-08-18 06:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2012-10-22 20:33 . 2001-08-17 22:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2012-10-22 20:32 . 2001-08-18 06:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-10-22 20:31 . 2001-08-18 06:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2012-10-22 20:30 . 2001-08-17 20:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-10-22 20:29 . 2001-08-17 22:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-10-22 20:28 . 2001-08-17 21:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-10-18 09:47 . 2012-10-23 12:46 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-10-17 23:06 . 2001-08-18 06:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-10-17 23:04 . 2008-04-14 06:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-10-17 23:04 . 2001-08-17 20:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-10-17 23:03 . 2008-04-14 12:00 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2012-10-17 23:02 . 2008-04-14 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2012-10-17 23:01 . 2008-04-14 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
2012-10-17 23:00 . 2008-04-14 12:00 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2012-10-17 23:00 . 2001-08-18 06:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-10-17 22:58 . 2001-08-17 21:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-10-17 22:58 . 2001-08-17 21:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-10-17 22:58 . 2008-04-14 08:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-10-17 22:58 . 2001-08-17 20:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-10-17 22:58 . 2001-08-17 20:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-10-17 22:58 . 2001-08-17 20:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-10-17 22:58 . 2008-04-14 06:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-10-17 22:58 . 2001-08-17 20:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-10-17 22:58 . 2001-08-17 20:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-10-17 22:55 . 2008-04-14 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-10-17 22:55 . 2001-08-17 20:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2012-10-17 22:55 . 2008-04-14 13:42 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2012-10-17 22:55 . 2008-04-14 06:04 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2012-10-17 22:55 . 2008-04-14 07:53 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2012-10-17 22:55 . 2008-04-14 07:53 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2012-10-17 22:55 . 2008-04-14 08:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-10-17 22:55 . 2008-04-14 08:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-10-17 22:55 . 2001-08-17 21:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-10-17 22:55 . 2001-08-17 22:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-10-17 22:55 . 2008-04-14 08:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-10-17 22:52 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-10-17 22:52 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-10-17 22:52 . 2001-08-17 21:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-10-17 22:52 . 2008-04-14 08:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-10-17 22:52 . 2001-08-17 21:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-10-17 22:52 . 2008-04-14 08:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-10-17 22:52 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-17 22:52 . 2001-08-17 21:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-10-17 22:52 . 2001-08-17 21:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-10-17 22:48 . 2008-04-14 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2012-10-17 22:46 . 2008-04-14 12:00 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll
2012-10-17 22:45 . 2008-04-14 12:00 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2012-10-17 22:44 . 2004-08-03 19:31 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2012-10-17 22:43 . 2008-04-14 12:00 102456 -c--a-w- c:\windows\system32\dllcache\imlang.dll
2012-10-17 22:42 . 2002-08-29 06:30 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2012-10-17 22:41 . 2008-04-14 12:00 274489 -c--a-w- c:\windows\system32\dllcache\imjputyc.dll
2012-10-17 22:40 . 2004-08-03 19:32 262200 -c--a-w- c:\windows\system32\dllcache\imjputy.exe
2012-10-17 22:39 . 2002-08-29 06:30 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2012-10-17 22:37 . 2004-08-03 19:32 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe
2012-10-17 22:36 . 2004-08-03 19:32 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe
2012-10-17 22:35 . 2004-08-03 19:31 196665 -c--a-w- c:\windows\system32\dllcache\imjpinst.exe
2012-10-17 22:34 . 2004-08-03 19:31 155705 -c--a-w- c:\windows\system32\dllcache\imjpdsvr.exe
2012-10-17 22:33 . 2004-08-03 19:31 307257 -c--a-w- c:\windows\system32\dllcache\imjpdct.exe
2012-10-17 22:32 . 2008-04-14 12:00 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2012-10-17 22:31 . 2002-08-29 06:30 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2012-10-17 22:30 . 2008-04-14 12:00 716856 -c--a-w- c:\windows\system32\dllcache\imjpcus.dll
2012-10-17 22:29 . 2008-04-14 12:00 368696 -c--a-w- c:\windows\system32\dllcache\imjpcic.dll
2012-10-17 22:28 . 2008-04-14 12:00 811064 -c--a-w- c:\windows\system32\dllcache\imjp81k.dll
2012-10-17 22:25 . 2002-08-29 06:30 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2012-10-17 22:24 . 2008-04-14 12:00 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll
2012-10-17 22:23 . 2002-08-29 06:30 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2012-10-17 22:22 . 2008-04-14 12:00 86016 -c--a-w- c:\windows\system32\dllcache\imekrmbx.dll
2012-10-17 22:20 . 2008-04-14 12:00 106496 -c--a-w- c:\windows\system32\dllcache\imekrcic.dll
2012-10-17 22:15 . 2008-04-14 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2012-10-17 22:14 . 2008-04-14 12:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2012-10-17 22:12 . 2008-04-14 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-10-17 22:09 . 2008-04-14 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2012-10-17 22:02 . 2004-08-03 19:31 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2012-10-17 22:00 . 2004-08-03 19:31 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2012-10-17 21:58 . 2008-04-14 12:00 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2012-10-17 21:57 . 2008-04-14 12:00 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
2012-10-17 21:56 . 2008-04-14 12:00 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll
2012-10-17 21:55 . 2008-04-14 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2012-10-17 21:54 . 2008-04-14 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2012-10-17 21:50 . 2008-04-14 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2012-10-17 21:42 . 2008-04-14 15:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-10-17 21:41 . 2008-04-14 15:00 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2012-10-17 13:27 . 2012-10-17 13:27 -------- d-----w- C:\EFSTMPWP
2012-10-16 15:06 . 2001-08-17 21:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-10-16 15:05 . 2001-08-17 20:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-10-16 15:05 . 2001-08-17 20:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-10-16 15:05 . 2001-08-17 20:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-10-16 15:05 . 2001-08-17 21:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-10-16 15:05 . 2008-04-14 08:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-10-16 15:05 . 2001-08-17 20:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-10-16 15:05 . 2001-08-17 20:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-10-16 14:41 . 2001-08-18 06:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-10-12 13:21 . 2012-10-12 13:21 -------- d-----w- c:\program files\Standalone Flash Player
2012-10-12 12:53 . 2001-08-17 20:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2012-10-12 12:53 . 2001-08-17 22:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-10-05 19:39 . 2012-06-19 02:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 19:39 . 2012-06-19 02:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-13 13:45 . 2012-08-13 13:45 388096 ----a-r- c:\documents and settings\PC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-27 10:09 . 2012-10-27 10:09 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-10-10 3536320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-09 15:09 116648 ----atw- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 22:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2012-10-10 09:16 3536320 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 22:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-06-08 12:02 958392 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-06-08 12:02 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-06-08 12:02 3521464 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-12-05 22:49 20065384 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-19 03:01 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.s ys [10/10/2012 1:36 AM 111200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [6/18/2012 3:31 PM 1691480]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [7/8/2012 9:36 PM 80824]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\ DrvAgent32.sys [10/28/2012 5:08 AM 23456]
S3 FileMonitor;FileMonitor; [x]
S3 RegistryMonitor;RegistryMonitor; [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [7/8/2012 9:36 PM 181432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-06-19 20:00]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1801674531-1606980848-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-09 15:09]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1801674531-1606980848-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-09 15:09]
.
2012-10-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1801674531-1606980848-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1801674531-1606980848-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=CityRacing&utm_medium=start
IE: &????? ??? Microsoft Excel
IE: &ÊÕÃ�Ã*Ñ Åáì Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÊÃ�ãÃ*á Çáßá 龂 Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÃ�ãÃ*á 龂 Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\4fe982g5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2012-10-28 14:19; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\PC\Application Data\IDM\idmmzcc5
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-PlusService - c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-03 12:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5e,14,60,73,f1,2e,57,4e,51,ae, 61,b c,a0,60,9c,10,85,e5,66,d7,ca,
34,b6,11,99,cd,65,62,c2,29,c2,3f,fa,48,26,ca,66,d8 ,13,85,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948ac57 0-dc4e-4c5a-8927-2cf824bf3a4f}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f7
"Therad"=dword:0000000f
"SpecVersion"=dword:0000012a
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2012-11-03 12:23:51
ComboFix-quarantined-files.txt 2012-11-03 20:23
.
Pre-Run: 50,356,379,648 bytes free
Post-Run: 50,366,242,816 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /maxmem=504 /numproc=2
.
- - End Of File - - BC9CD0584D8EBC2518C3346D2FABAEFD