ComboFix 10-09-14.05 - Mike 09/15/2010 14:35:26.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1983.1096 [GMT -6:00]
Running from: c:\users\Mike\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\5.exe
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0903C2F2-7046-47EC-9DAD-25C847765109}.xps
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\{312D3179-0A4F-4CD2-9B24-F921EB5305CF}.xps
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4311404F-19B0-444B-BD85-B8970CEF09FC}.xps
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C88D332B-5D43-4772-AE42-269FB8AC2582}.xps
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Qv_Tn-iraR7XUO
c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Y_YZzcgPTvC
c:\users\Mike\videos\QBRegCrack.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\chrtmp
c:\windows\system32\drivers\etc\lmhosts
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.
2010-09-15 20:52 . 2010-09-15 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 18:38 . 2010-09-15 18:38 -------- d-----w- c:\program files\Feedback Tool
2010-09-15 15:43 . 2010-09-15 15:43 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-15 15:43 . 2010-09-15 15:43 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-15 15:43 . 2010-09-15 15:43 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-15 15:43 . 2010-09-15 15:43 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-15 15:43 . 2010-09-15 15:43 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-15 15:43 . 2010-09-15 15:43 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-15 15:43 . 2010-09-15 15:43 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-15 15:43 . 2010-09-15 15:43 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-15 15:43 . 2010-09-15 15:43 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-15 15:42 . 2010-09-15 15:42 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-15 13:45 . 2010-09-15 13:45 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-09-13 06:52 . 1995-08-14 22:00 57328 ----a-w- c:\windows\system32\ole2conv.dll
2010-09-13 06:52 . 1995-08-14 22:00 51712 ----a-w- c:\windows\system32\ole2prox.dll
2010-09-13 06:52 . 1995-08-14 22:00 12976 ----a-w- c:\windows\system32\scp.dll
2010-09-13 06:52 . 1995-08-08 22:00 536048 ----a-w- c:\windows\system32\oc25.dll
2010-09-13 06:52 . 2010-09-13 06:52 -------- d-----w- c:\program files\Asymetrix
2010-09-13 06:52 . 2010-09-13 06:54 -------- d-----w- c:\program files\Tool book Computer test
2010-09-13 06:51 . 1996-10-16 00:01 298496 ----a-w- c:\windows\uninst.exe
2010-09-13 05:24 . 2010-09-13 05:24 -------- d-----w- c:\windows\system32\Adobe
2010-09-04 15:34 . 2010-09-04 15:34 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb52E0.tmp.exe
2010-09-04 01:16 . 2004-03-29 22:23 90112 ----a-w- c:\windows\unvise32.exe
2010-09-04 01:15 . 2010-09-04 01:17 -------- d-----w- c:\users\QBPOSDBSrvUser
2010-08-26 20:12 . 2010-08-26 20:12 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2010-08-24 20:49 . 2010-08-24 20:49 -------- d-----w- c:\users\Mike\AppData\Roaming\Download Manager
2010-08-24 20:38 . 2010-09-15 15:51 -------- d-----w- c:\users\Mike\faxes
2010-08-24 15:18 . 2010-08-24 15:00 8192 ----a-w- c:\windows\system32\srvany.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 20:44 . 2010-01-15 05:13 -------- d-----w- c:\users\Mike\AppData\Roaming\DNA
2010-09-15 20:41 . 2010-01-15 06:01 -------- d-----w- c:\users\Mike\AppData\Roaming\BitTorrent
2010-09-15 15:43 . 2010-01-16 21:16 -------- d-----w- c:\program files\Common Files\Real
2010-09-15 15:42 . 2010-01-16 22:42 -------- d-----w- c:\program files\Real
2010-09-15 15:41 . 2010-01-16 22:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-15 15:41 . 2010-01-16 22:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-15 13:43 . 2010-01-28 02:24 -------- d-----w- c:\users\Mike\AppData\Roaming\vlc
2010-09-06 19:18 . 2010-01-15 06:01 -------- d-----w- c:\program files\BitTorrent
2010-08-10 17:39 . 2010-08-10 17:39 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 17:38 . 2010-02-14 16:32 -------- d-----w- c:\program files\Java
2010-08-09 04:34 . 2010-08-02 14:09 766 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{3CD3F0DE-D558-4D67-B0ED-406B2DCA1C36}\_B50F290EB6368D2000FA5A.exe
2010-08-09 04:34 . 2010-08-02 14:09 10134 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{3CD3F0DE-D558-4D67-B0ED-406B2DCA1C36}\_E879BE198FB47E097A074A.exe
2010-08-09 04:34 . 2010-08-02 14:09 10134 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{3CD3F0DE-D558-4D67-B0ED-406B2DCA1C36}\_4412AD15BAA5A28F632D85.exe
2010-08-07 18:25 . 2010-01-15 05:46 -------- d-----w- c:\programdata\Microsoft Help
2010-08-07 18:22 . 2010-01-15 16:28 -------- d-----w- c:\program files\Microsoft
2010-08-07 16:41 . 2010-08-07 16:37 -------- d-----w- c:\program files\Zune
2010-08-05 16:39 . 2010-08-05 16:38 -------- d-----w- c:\program files\esri
2010-08-05 04:23 . 2010-01-15 16:07 114776 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 13:50 . 2010-08-03 13:50 7 ----a-w- c:\programdata\PM.dat
2010-08-02 14:10 . 2010-08-02 14:10 3310 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{311B6629-7711-4937-9DD1-2172016B73FA}\_69525f90.exe
2010-08-02 14:10 . 2010-08-02 14:10 1078 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{311B6629-7711-4937-9DD1-2172016B73FA}\_2cd672ae.exe
2010-08-02 14:10 . 2010-08-02 14:10 3310 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{311B6629-7711-4937-9DD1-2172016B73FA}\_4ae13d6c.exe
2010-08-02 14:10 . 2010-08-02 14:10 3310 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{311B6629-7711-4937-9DD1-2172016B73FA}\_294823.exe
2010-08-02 14:10 . 2010-08-02 14:10 3310 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{311B6629-7711-4937-9DD1-2172016B73FA}\_18be6784.exe
2010-08-02 14:10 . 2010-08-02 14:10 -------- d-----w- c:\program files\FlamMap3
2010-07-29 17:30 . 2010-07-29 17:30 -------- d-----w- c:\users\Mike\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-07-29 06:30 . 2010-08-12 16:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 16:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 19:06 . 2010-07-28 19:06 -------- d-----w- c:\users\Mike\AppData\Roaming\G7PS
2010-07-28 18:48 . 2010-07-28 18:48 -------- d-----w- c:\programdata\G7PS
2010-07-28 18:46 . 2010-07-28 18:46 -------- d-----w- c:\program files\gs
2010-07-28 18:46 . 2010-07-28 18:46 -------- d-----w- c:\program files\Common Files\G7PS
2010-07-28 18:45 . 2010-07-28 18:45 -------- d-----w- c:\program files\G7PS
2010-07-28 18:43 . 2010-02-02 02:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-28 01:12 . 2010-07-28 01:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-07-20 14:27 . 2010-01-28 02:24 -------- d-----w- c:\users\Mike\AppData\Roaming\dvdcss
2010-07-17 11:00 . 2010-06-04 14:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 21:10 . 2010-01-15 15:46 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 21:10 . 2010-07-15 21:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 21:09 . 2010-01-15 15:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 01:20 . 2010-07-15 01:20 331033 ----a-w- c:\users\Mike\AppData\Roaming\.cps\1.0\var\cache\jna\jnidispatch.dll
2010-07-01 04:57 . 2010-07-01 04:57 18944 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-07-01 04:57 . 2010-07-01 04:57 11264 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-06-30 06:25 . 2010-08-12 16:06 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 16:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 16:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 16:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 16:06 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 16:06 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 16:06 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 16:06 2326016 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2010-04-15 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 18:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Mike\Program Files\DNA\btdna.exe" [2010-01-15 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-15 39408]
"Access Remote PC 4.9"="c:\program files\Access Remote PC 4.9\rpcsetup.exe" [2006-04-15 2756608]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-09-02 689016]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
"RDPViewer"="c:\users\Mike\AppData\Local\RDPViewer\RDPViewer.dll" [2010-08-15 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-19 2065760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe" [2009-11-14 243032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2007-02-22 73728]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-15 202256]
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2009-11-3 225680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-08-24 8192]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-22 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-22 11088]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-17 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Access Remote PC Service 4.9;Access Remote PC Service 4.9;c:\program files\Access Remote PC 4.9\rpcsetup.exe [2006-04-15 2756608]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contents of the 'Scheduled Tasks' folder
2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 23:44]
2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 23:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1i9npuua.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-10bLW
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE ... te=Bing&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1051.0\Firefox\components\DomBridge.dll
FF - component: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\1i9npuua.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1051.0\npwinext.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Mike\Program Files\DNA\plugins\npbtdna.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{c1263f1a-a5d3-bdeb-a1b9-1fa6b2d8ae6d} - c:\windows\system32\2liLZ_S5xL6fp-.dll
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-768325780-149051915-1212085013-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF6710A8-FC7B-7AD9-CFBC-9804A0607A0F}*]
"haocchdfdleooola"=hex:6a,61,61,6b,64,66,64,63,6c,6e,64,68,64,6e,66,6d,67,64,
61,61,00,00
"iaadkbidfociliapnl"=hex:6a,61,61,6b,64,66,64,63,6c,6e,64,68,64,6e,66,6d,67,64,
61,61,00,f3
[HKEY_USERS\S-1-5-21-768325780-149051915-1212085013-1001\Software\SuperWaba\appSettings\*´*`& ]
"Len"=dword:0000001b
"Value"=hex:31,30,2e,30,2e,31,2e,31,30,7c,34,30,39,36,7c,35,30,30,30,30,7c,38,
7c,37,7c,30,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-15 14:57:04
ComboFix-quarantined-files.txt 2010-09-15 20:57
Pre-Run: 40,310,018,048 bytes free
Post-Run: 42,629,308,416 bytes free
- - End Of File - - D4D62BE04C6DFA167495B0B9CE12EBC4