ComboFix 10-11-14.01 - CAllen 11/14/2010 17:28:20.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2081 [GMT -5:00]
Running from: c:\users\CAllen\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\progra~2\sysReserve.ini
c:\users\CAllen\AppData\Roaming\Microsoft\stor.cfg
c:\users\CAllen\AppData\Roaming\Microsoft\svchost.exe
c:\users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-14 22:34 . 2010-11-14 22:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-11-14 22:34 . 2010-11-14 22:34 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-11-14 22:34 . 2010-11-14 22:34 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-11-14 22:34 . 2010-11-14 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-12 22:28 . 2010-10-07 23:21 6146896 ----a-w- c:\progra~2\Microsoft\Windows Defender\Definition Updates\{01717802-1689-4B8E-8907-0CC089C43BE4}\mpengine.dll
2010-11-07 18:31 . 2010-11-07 18:48 -------- d-----w- c:\users\CAllen\AppData\Local\temp(67)
2010-11-05 18:17 . 2010-11-05 18:17 -------- d-----w- C:\$RECYCLE(0).BIN
2010-11-05 17:38 . 2010-11-05 17:38 -------- d-----w- c:\program files\NCH Software
2010-11-05 17:38 . 2010-11-05 17:38 -------- d-----w- c:\users\CAllen\AppData\Roaming\NCH Software
2010-11-04 18:19 . 2010-11-04 18:19 -------- d-----w- C:\_OTL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 05:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56 . 2010-10-14 07:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01 . 2010-10-14 07:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 07:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 07:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 07:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-14 07:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-14 07:02 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 07:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 07:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 07:04 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 07:04 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 07:04 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 07:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 07:04 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 07:01 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 07:01 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 05:52 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 07:04 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 07:03 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05 . 2010-10-14 07:01 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-15 00:19 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
"aux5"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\CAllen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage -
hxxp://en-US.start2.mozilla.com/firefox ... S:officialFF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\CAllen\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-14 17:36:49
ComboFix-quarantined-files.txt 2010-11-14 22:36
ComboFix2.txt 2010-06-01 04:09
ComboFix3.txt 2010-06-01 03:01
ComboFix4.txt 2010-05-28 17:14
ComboFix5.txt 2010-11-05 18:06
Pre-Run: 30,768,222,208 bytes free
Post-Run: 30,721,593,344 bytes free
- - End Of File - - 1567C5207DB2A4560A57747EF23F8898