Hi deltalima,
Here is ComboFix.txt
ComboFix 10-12-04.02 - Sonia 12/05/2010 15:48:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.329 [GMT -5:00]
Running from: c:\users\Sonia\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Sonia\AppData\Roaming\Bitrix Security
c:\users\Sonia\AppData\Roaming\Bitrix Security\27102010_221113_277288688_skey_27-10-2010__22-11-58.zip
c:\users\Sonia\AppData\Roaming\Bitrix Security\cet.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\crf.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\ffcd
c:\users\Sonia\AppData\Roaming\Bitrix Security\lrtg.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\mor.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\mxd1.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\podzce_shrd
c:\users\Sonia\AppData\Roaming\Bitrix Security\rgx.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\rjg.txt
c:\users\Sonia\AppData\Roaming\Bitrix Security\uurn
c:\users\Sonia\AppData\Roaming\install
c:\users\Sonia\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\explorer.exe . . . is infected!!
c:\windows\System32\wininit.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-03 10:19 . 2010-12-03 10:19 -------- d-----w- C:\MGADiagToolOutput
2010-12-03 10:01 . 2010-12-04 21:32 -------- d-----w- C:\Malware
2010-12-01 06:31 . 2010-12-01 06:31 388096 ----a-r- c:\users\Sonia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-29 11:52 . 2010-11-29 11:52 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-11-29 11:51 . 2010-11-29 11:51 -------- d-----w- c:\users\Sonia\Office Genuine Advantage
2010-11-28 15:17 . 2010-11-28 15:17 -------- d-----w- c:\program files\Trend Micro
2010-11-25 12:44 . 2010-11-25 13:21 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-25 12:44 . 2010-11-25 12:44 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-25 12:43 . 2010-11-25 12:43 -------- d-----w- c:\programdata\Hitman Pro
2010-11-24 06:32 . 2010-12-03 10:11 -------- d-----w- c:\program files\Fiddler2
2010-11-23 02:39 . 2010-11-23 02:39 -------- d-----w- c:\users\Sonia\AppData\Roaming\Malwarebytes
2010-11-23 02:37 . 2010-11-23 02:37 -------- d-----w- c:\programdata\Malwarebytes
2010-11-23 02:37 . 2010-12-05 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 00:33 . 2010-11-22 00:33 -------- d-----w- c:\users\Joe\AppData\Roaming\Verizon
2010-11-21 23:53 . 2010-12-05 19:34 -------- d-----w- c:\programdata\STOPzilla!
2010-11-17 08:57 . 2010-09-04 19:09 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-11-17 08:57 . 2010-09-04 19:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-17 08:56 . 2010-09-04 19:09 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-11-17 08:56 . 2010-09-04 19:09 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-17 08:56 . 2010-09-04 19:09 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-11-17 08:56 . 2010-09-04 19:09 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-17 08:56 . 2010-09-04 19:09 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-17 08:56 . 2010-09-04 19:09 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-11-17 08:56 . 2010-09-04 19:09 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-17 08:56 . 2010-09-04 19:09 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-11-17 08:56 . 2010-09-04 19:09 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-17 08:56 . 2010-11-17 09:01 -------- d-----w- c:\program files\Common Files\Mcafee
2010-11-17 08:55 . 2010-11-17 09:01 -------- d-----w- c:\program files\McAfee
2010-11-17 08:28 . 2010-11-18 01:07 -------- d-----w- c:\programdata\McAfee
2010-11-17 08:22 . 2010-11-17 08:22 -------- d-----w- c:\users\Sonia\AppData\Roaming\Verizon
2010-11-17 08:22 . 2010-11-17 08:22 -------- d-----w- c:\programdata\Radialpoint
2010-11-17 08:22 . 2010-11-17 08:22 -------- d-----w- c:\programdata\Verizon
2010-11-17 08:22 . 2010-11-17 08:22 -------- d-----w- c:\program files\Verizon
2010-11-16 21:47 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{071AF54F-DAE8-4C9C-9B0A-2C45FE224306}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 11:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-10 16:37 . 2010-10-14 12:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 12:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 12:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 12:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 12:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-14 12:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-14 12:50 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 12:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 12:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-04 19:09 . 2010-11-17 08:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-12 01:43 1780248 ----a-w- c:\program files\Softonic_English\tbSoft.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-12 1780248]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-12 1780248]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Sonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2007-10-27 3656]
West Orange Public Library Tray App.lnk - c:\program files\PermissionTV\bin\dmtray.exe [2008-5-8 57344]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-4-19 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-11-10 17:23 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\PERMIS~1\bin\dm.exe [2007-08-07 221245]
S2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-12-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-24 08:10]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:26]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:26]
2010-11-17 c:\windows\Tasks\HPCeeScheduleForJoe.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23]
2010-12-05 c:\windows\Tasks\HPCeeScheduleForSonia.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23]
2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{2933925B-0929-4965-86AF-B48000DDDC3B}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} -
hxxps://connect2.prudential.com/dana-ca ... Client.cabFF - ProfilePath - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\o428qjez.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\o428qjez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\o428qjez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\o428qjez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\o428qjez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-FileZilla Client - c:\program files\FileZilla Client\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-05 17:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3496)
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Vongo\VongoService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
.
**************************************************************************
.
Completion time: 2010-12-05 17:52:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-05 22:52
Pre-Run: 80,494,735,360 bytes free
Post-Run: 80,391,802,880 bytes free
- - End Of File - - 6F230154BE99502D6D7604BD9EB38430