I run MS Essentials as my AV and use MBAM all the time.Both of them tell me i have nothing but my Lenovo PC seems slower.On Sunday morning MS detected Exploit Java but quarantined it.I then deleted it and ran a full scan with MS Essentials and then to be sure MBAM and both came clean.Again i ran today and still nothing.But i decided to try COmbo-Fix just to be sure,here is my logfile Can someone check it and tell me if all is OK? Also i have disabled Java since the New Year as recommended by everyone so my Java is disabled on my browser(Firefox).
>>>>>>ComboFix 13-03-04.01 - al 03/04/2013 20:07:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.111 [GMT -5:00]
Running from: d:\documents and settings\al\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\All Users\Application Data\TEMP\RAIDTest
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-04 22:53 . 2013-03-04 22:53 -------- d-----w- d:\documents and settings\All Users\Application Data\Licenses
2013-03-04 22:48 . 2013-03-04 22:48 60872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\offreg.dll
2013-03-04 22:48 . 2013-03-04 22:48 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\MpKsl9bd2e292.sys
2013-03-03 18:41 . 2013-02-08 00:45 6954968 ------w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\mpengine.dll
2013-03-03 14:22 . 2013-02-08 00:45 6954968 ------w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 04:00 . 2013-02-24 04:12 -------- d-----w- d:\program files\TunnelBear
2013-02-20 20:26 . 2013-02-20 20:26 -------- d-----w- d:\documents and settings\All Users\Uniblue
2013-02-20 19:36 . 2013-02-20 19:49 -------- d-----w- d:\documents and settings\al\Application Data\Auslogics
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- d:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 01:51 . 2012-12-10 04:52 71024 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 01:51 . 2012-12-10 04:52 691568 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53 . 2011-09-25 03:02 232336 ------w- d:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2009-01-04 22:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
2013-01-20 20:59 . 2012-03-21 00:44 195296 ----a-w- d:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:28 . 2009-05-24 00:54 2193152 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-01-07 00:45 . 2009-02-06 10:30 2069760 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32 . 2009-05-24 00:54 1876224 ----a-w- d:\windows\system32\win32k.sys
2013-01-02 06:48 . 2009-05-24 00:54 1292288 ----a-w- d:\windows\system32\quartz.dll
2013-01-02 06:48 . 2009-01-04 22:44 148992 ----a-w- d:\windows\system32\mpg2splt.ax
2012-12-28 17:55 . 2012-10-06 20:31 74703 ----a-w- d:\windows\system32\mfc45.dat
2012-12-26 20:16 . 2009-05-24 00:54 916480 ----a-w- d:\windows\system32\wininet.dll
2012-12-26 20:16 . 2009-05-24 00:53 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2009-05-24 00:53 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2009-05-24 00:53 385024 ----a-w- d:\windows\system32\html.iec
2012-12-19 01:28 . 2012-12-19 01:29 93640 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-12-19 01:28 . 2012-12-19 01:30 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-12-19 01:28 . 2012-08-06 04:46 859072 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-12-19 01:28 . 2012-08-06 04:46 779704 ----a-w- d:\windows\system32\deployJava1.dll
2012-12-16 12:31 . 2009-05-24 00:53 290560 ----a-w- d:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-09-19 19:25 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-12-11 15:58 . 2012-12-11 15:58 8281168 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-20 04:08 . 2013-02-20 04:05 263064 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"jmekey"="d:\windows\jmesoft\hotkey.exe" [2010-12-21 114688]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck\0?\0???
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=d:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^al^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=d:\documents and settings\al\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=d:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- d:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 16:11 947152 ----a-w- d:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- d:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"ioloSystemService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Documents and Settings\\al\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"d:\\Documents and Settings\\al\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"d:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R0 MxEFUF;Matrox Extio Upper Function Filter;d:\windows\system32\drivers\MxEFUF32.sys [9/25/2011 12:54 PM 102728]
R0 RapportKELL;RapportKELL;d:\windows\system32\drivers\RapportKELL.sys [7/29/2012 7:52 PM 65848]
R1 MpKsl9bd2e292;MpKsl9bd2e292;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\MpKsl9bd2e292.sys [3/4/2013 5:48 PM 29904]
R1 RapportCerberus_43926;RapportCerberus_43926;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 8:02 AM 272216]
R1 RapportEI;RapportEI;d:\program files\Trusteer\Rapport\bin\RapportEI.sys [7/29/2012 7:52 PM 71480]
R1 RapportPG;RapportPG;d:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/29/2012 7:52 PM 166840]
R2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe -k Akamai [1/4/2009 5:45 PM 14336]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [9/25/2011 12:37 PM 21992]
R2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/19/2012 2:25 PM 398184]
R2 RapportMgmtService;Rapport Management Service;d:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/29/2012 7:52 PM 976728]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [7/25/2012 3:46 AM 681056]
R3 BBUpdate;BBUpdate;d:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9/19/2012 2:25 PM 21104]
S2 BBSvc;BingBar Service;d:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/19/2012 2:25 PM 682344]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [11/9/2012 11:20 AM 160944]
S3 esgiguard;esgiguard;\??\d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;d:\windows\system32\drivers\libusb0.sys [10/7/2011 12:52 PM 21504]
S3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 RapportIaso;RapportIaso;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 3:34 PM 21520]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S4 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [7/25/2012 3:46 AM 1326176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL9BD2E292
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 14:39 1629648 ----a-w- d:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-10 01:51]
.
2013-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 18:21]
.
2013-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 18:21]
.
2013-03-04 d:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- d:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
TCP: DhcpNameServer = 192.168.2.1
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - d:\documents and settings\al\Application Data\Mozilla\Firefox\Profiles\2d9nun89.default-1344442705218\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-04 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="d:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-03-04 20:21:15
ComboFix-quarantined-files.txt 2013-03-05 01:21
.
Pre-Run: 123,410,624,512 bytes free
Post-Run: 123,433,422,848 bytes free
.
- - End Of File - - 2C2CA4255F00D24215CBDE6F2878281A
>>>>>>ComboFix 13-03-04.01 - al 03/04/2013 20:07:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.111 [GMT -5:00]
Running from: d:\documents and settings\al\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\All Users\Application Data\TEMP\RAIDTest
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-04 22:53 . 2013-03-04 22:53 -------- d-----w- d:\documents and settings\All Users\Application Data\Licenses
2013-03-04 22:48 . 2013-03-04 22:48 60872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\offreg.dll
2013-03-04 22:48 . 2013-03-04 22:48 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\MpKsl9bd2e292.sys
2013-03-03 18:41 . 2013-02-08 00:45 6954968 ------w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\mpengine.dll
2013-03-03 14:22 . 2013-02-08 00:45 6954968 ------w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 04:00 . 2013-02-24 04:12 -------- d-----w- d:\program files\TunnelBear
2013-02-20 20:26 . 2013-02-20 20:26 -------- d-----w- d:\documents and settings\All Users\Uniblue
2013-02-20 19:36 . 2013-02-20 19:49 -------- d-----w- d:\documents and settings\al\Application Data\Auslogics
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- d:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 01:51 . 2012-12-10 04:52 71024 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 01:51 . 2012-12-10 04:52 691568 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53 . 2011-09-25 03:02 232336 ------w- d:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2009-01-04 22:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
2013-01-20 20:59 . 2012-03-21 00:44 195296 ----a-w- d:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:28 . 2009-05-24 00:54 2193152 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-01-07 00:45 . 2009-02-06 10:30 2069760 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32 . 2009-05-24 00:54 1876224 ----a-w- d:\windows\system32\win32k.sys
2013-01-02 06:48 . 2009-05-24 00:54 1292288 ----a-w- d:\windows\system32\quartz.dll
2013-01-02 06:48 . 2009-01-04 22:44 148992 ----a-w- d:\windows\system32\mpg2splt.ax
2012-12-28 17:55 . 2012-10-06 20:31 74703 ----a-w- d:\windows\system32\mfc45.dat
2012-12-26 20:16 . 2009-05-24 00:54 916480 ----a-w- d:\windows\system32\wininet.dll
2012-12-26 20:16 . 2009-05-24 00:53 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2009-05-24 00:53 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2009-05-24 00:53 385024 ----a-w- d:\windows\system32\html.iec
2012-12-19 01:28 . 2012-12-19 01:29 93640 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-12-19 01:28 . 2012-12-19 01:30 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-12-19 01:28 . 2012-08-06 04:46 859072 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-12-19 01:28 . 2012-08-06 04:46 779704 ----a-w- d:\windows\system32\deployJava1.dll
2012-12-16 12:31 . 2009-05-24 00:53 290560 ----a-w- d:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-09-19 19:25 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-12-11 15:58 . 2012-12-11 15:58 8281168 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-20 04:08 . 2013-02-20 04:05 263064 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"jmekey"="d:\windows\jmesoft\hotkey.exe" [2010-12-21 114688]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck\0?\0???
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=d:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^al^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=d:\documents and settings\al\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=d:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- d:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 16:11 947152 ----a-w- d:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- d:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"ioloSystemService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Documents and Settings\\al\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"d:\\Documents and Settings\\al\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"d:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R0 MxEFUF;Matrox Extio Upper Function Filter;d:\windows\system32\drivers\MxEFUF32.sys [9/25/2011 12:54 PM 102728]
R0 RapportKELL;RapportKELL;d:\windows\system32\drivers\RapportKELL.sys [7/29/2012 7:52 PM 65848]
R1 MpKsl9bd2e292;MpKsl9bd2e292;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\MpKsl9bd2e292.sys [3/4/2013 5:48 PM 29904]
R1 RapportCerberus_43926;RapportCerberus_43926;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 8:02 AM 272216]
R1 RapportEI;RapportEI;d:\program files\Trusteer\Rapport\bin\RapportEI.sys [7/29/2012 7:52 PM 71480]
R1 RapportPG;RapportPG;d:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/29/2012 7:52 PM 166840]
R2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe -k Akamai [1/4/2009 5:45 PM 14336]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [9/25/2011 12:37 PM 21992]
R2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/19/2012 2:25 PM 398184]
R2 RapportMgmtService;Rapport Management Service;d:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/29/2012 7:52 PM 976728]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [7/25/2012 3:46 AM 681056]
R3 BBUpdate;BBUpdate;d:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9/19/2012 2:25 PM 21104]
S2 BBSvc;BingBar Service;d:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/19/2012 2:25 PM 682344]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [11/9/2012 11:20 AM 160944]
S3 esgiguard;esgiguard;\??\d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;d:\windows\system32\drivers\libusb0.sys [10/7/2011 12:52 PM 21504]
S3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 RapportIaso;RapportIaso;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 3:34 PM 21520]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S4 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [7/25/2012 3:46 AM 1326176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL9BD2E292
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 14:39 1629648 ----a-w- d:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-10 01:51]
.
2013-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 18:21]
.
2013-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 18:21]
.
2013-03-04 d:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- d:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
TCP: DhcpNameServer = 192.168.2.1
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - d:\documents and settings\al\Application Data\Mozilla\Firefox\Profiles\2d9nun89.default-1344442705218\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-04 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="d:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-03-04 20:21:15
ComboFix-quarantined-files.txt 2013-03-05 01:21
.
Pre-Run: 123,410,624,512 bytes free
Post-Run: 123,433,422,848 bytes free
.
- - End Of File - - 2C2CA4255F00D24215CBDE6F2878281A