ComboFix 11-01-16.04 - Robert 01/17/2011 9:00.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1023.302 [GMT -8:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 Premier Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 Premier Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Labelle\lame_enc_en.dll
c:\users\Labelle\lametritonus_en.dll
c:\users\Robert\AppData\Roaming\.#
c:\users\Robert\AppData\Roaming\EurekaLog
c:\users\Robert\AppData\Roaming\EurekaLog\CyberGhost\CyberGhost.elf
c:\users\Robert\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\Robert\AppData\Roaming\inst.exe
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\chrome.manifest
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\chrome\xulcache.jar
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\defaults\preferences\xulcache.js
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\install.rdf
.
((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))
2011-01-17 17:27 . 2011-01-17 17:27 -------- d-----w- c:\users\Labelle\AppData\Local\temp
2011-01-17 17:27 . 2011-01-17 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 17:27 . 2011-01-17 17:27 -------- d-----w- c:\users\Bobert\AppData\Local\temp
2011-01-17 03:54 . 2011-01-17 03:54 -------- d-----w- c:\users\Robert\AppData\Local\Apple
2011-01-16 02:36 . 2011-01-16 02:36 -------- d-----w- c:\users\Robert\AppData\Roaming\WinPatrol
2011-01-13 17:21 . 2011-01-16 11:36 -------- d-----w- c:\users\Robert\AppData\Local\Adobe
2011-01-13 05:08 . 2011-01-13 05:09 -------- d-----w- c:\program files\trend micro
2011-01-13 05:08 . 2011-01-13 05:09 -------- d-----w- C:\rsit
2011-01-12 20:18 . 2011-01-12 20:19 -------- d-sh--w- c:\programdata\D669C4E80122425E2EECE15F50391D93
2011-01-12 19:57 . 2011-01-12 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\FrostWire
2011-01-12 16:39 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-12 16:39 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-12 16:39 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-12 16:39 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-12 16:39 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-12 16:39 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-12 16:39 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-12 16:39 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-12 16:39 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-12 16:39 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-12 16:39 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2011-01-12 16:39 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2011-01-12 16:34 . 2011-01-12 16:34 -------- d-----w- c:\program files\Feedback Tool
2011-01-12 15:54 . 2011-01-12 15:54 -------- d-----w- c:\users\Robert\AppData\Local\BuildAGadget Content
2011-01-11 22:46 . 1998-10-14 16:00 283648 ----a-w- c:\windows\uninst.exe
2011-01-11 21:43 . 2011-01-11 21:43 -------- d-----w- c:\users\Robert\AppData\Local\ElevatedDiagnostics
2011-01-11 21:33 . 2011-01-11 21:38 -------- d-----w- c:\program files\Microsoft ATS
2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-11 20:49 . 2010-10-16 18:55 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-11 20:49 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-01-11 20:49 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-01-11 20:49 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-11 20:49 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-11 20:49 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-11 20:49 . 2010-10-16 18:55 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-11 20:49 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-11 20:49 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-11 20:15 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 20:15 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 20:15 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 20:15 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 20:15 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 20:15 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 20:15 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-11 14:24 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-10 20:13 . 2011-01-10 20:13 -------- d-----w- c:\program files\Windows Imaging
2011-01-10 20:10 . 2011-01-10 20:13 -------- d-----w- c:\program files\Windows AIK
2011-01-10 16:59 . 2011-01-10 17:16 -------- d-----w- c:\users\Robert\AppData\Roaming\Wuala
2011-01-10 16:58 . 2011-01-10 22:54 -------- d-----w- c:\users\Robert\AppData\Local\Wuala
2011-01-10 16:19 . 2011-01-12 19:46 -------- d-----w- c:\program files\vLite
2011-01-09 00:00 . 2011-01-09 00:00 -------- d-----w- c:\users\Robert\AppData\Roaming\Acapela Group
2011-01-08 23:58 . 2011-01-08 23:58 -------- d-----w- c:\programdata\NaturalSoft
2011-01-08 21:53 . 2011-01-10 00:38 -------- d-----w- c:\program files\NaturalSoft
2011-01-07 23:25 . 2011-01-07 23:25 -------- d-----w- c:\users\Robert\AppData\Roaming\S.A.D
2011-01-07 04:16 . 2011-01-07 04:16 -------- d-----w- c:\users\Robert\AppData\Roaming\Media Player Classic
2011-01-07 00:24 . 2011-01-07 00:24 -------- d-----w- c:\program files\XviD
2011-01-06 19:19 . 2011-01-06 19:19 -------- d-----w- c:\users\Robert\AppData\Roaming\DigitalPersona
2011-01-06 19:07 . 2011-01-06 19:07 -------- d-----w- c:\windows\DPDrv
2011-01-06 19:06 . 2011-01-06 19:06 -------- d-----w- c:\program files\DigitalPersona
2011-01-06 18:20 . 2011-01-06 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-01-05 17:35 . 2011-01-06 06:43 -------- d-----w- c:\users\Robert\AppData\Roaming\HandBrake
2011-01-05 17:35 . 2011-01-05 17:35 -------- d-----w- c:\users\Robert\AppData\Local\HandBrake
2011-01-05 17:34 . 2011-01-05 17:34 -------- d-----w- c:\program files\Handbrake
2011-01-05 16:00 . 2011-01-05 16:00 -------- d-----w- c:\users\Robert\AppData\Roaming\DVDFab
2011-01-02 03:31 . 2011-01-02 03:34 -------- d-----w- c:\program files\Hewlett-Packard
2011-01-02 03:29 . 2011-01-02 03:29 -------- d-----w- C:\Swsetup
2010-12-31 13:17 . 2010-12-31 13:17 -------- d-----w- c:\program files\Passware
2010-12-31 12:54 . 2010-12-31 12:56 -------- d-----w- c:\users\Robert\AppData\Roaming\Passware
2010-12-24 11:17 . 2010-12-24 11:17 -------- d-----w- c:\users\Robert\AppData\Roaming\CCS64
2010-12-24 11:17 . 2010-12-24 11:17 -------- d-----w- c:\program files\Computerbrains C.C.S
2010-12-21 13:17 . 2010-12-21 13:17 -------- d-----w- c:\program files\FramefileWizard
2010-12-21 12:43 . 2010-12-21 12:43 3026 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2010-12-21 04:19 . 2010-12-23 11:42 -------- d-----w- C:\games
2010-12-19 02:13 . 2010-12-19 02:13 -------- d-----w- C:\SA
2010-12-18 21:35 . 2010-12-18 21:35 -------- d-----w- c:\program files\Norton System Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2009-09-18 01:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-18 01:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 03:09 . 2010-12-10 02:25 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-10 02:25 . 2010-12-10 02:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-04 20:18 . 2009-09-12 21:30 47360 ----a-w- c:\users\Robert\AppData\Roaming\pcouffin.sys
2010-12-04 04:35 . 2010-12-07 17:26 52096 ----a-w- c:\windows\system32\drivers\dvdfab.sys
2010-12-01 21:44 . 2010-12-01 21:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 21:44 . 2010-12-05 00:24 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-12-01 21:44 . 2010-12-05 00:23 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-01 21:44 . 2010-12-01 21:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-01 21:44 . 2010-12-01 21:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 16:23 . 2010-11-19 16:23 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-11-19 16:23 . 2010-11-19 16:23 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-19 04:00 . 2010-11-19 04:00 2471264 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-11-19 03:52 . 2010-11-19 03:52 594208 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-19 03:51 . 2010-11-19 03:51 170272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-13 02:53 . 2010-06-16 03:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-11 22:00 . 2010-11-11 22:00 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-11-11 22:00 . 2010-11-11 22:00 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-11-11 21:59 . 2010-11-19 09:22 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-11-11 21:59 . 2010-11-19 09:22 404080 ----a-w- c:\windows\system32\vmnat.exe
2010-11-11 21:59 . 2010-11-11 21:59 23792 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-11-11 21:58 . 2010-11-19 09:20 760432 ----a-w- c:\windows\system32\vnetlib.dll
2010-11-11 21:57 . 2010-11-19 09:20 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-11-11 21:56 . 2010-11-19 09:21 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-11-11 20:31 . 2010-11-11 20:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-11-11 20:04 . 2010-11-11 20:04 252528 ----a-w- c:\windows\system32\vmnc.dll
2010-11-11 18:04 . 2010-11-11 18:04 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-11-11 18:04 . 2010-11-11 18:04 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-11-11 18:04 . 2010-11-11 18:04 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-11-11 18:04 . 2010-11-11 18:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-11-11 18:04 . 2010-11-11 18:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-11-04 18:56 . 2010-12-15 19:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 19:57 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 19:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 19:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 19:57 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 19:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 19:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 19:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 19:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 19:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-15 19:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 19:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 19:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-15 19:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-15 19:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-15 19:56 2048 ----a-w- c:\windows\system32\tzres.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinZip E-Mail Companion OEAPI"="c:\program files\WinZip E-Mail Companion\loadwzco.exe" [2007-11-19 75136]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-06-08 2605424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-06-08 362488]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-10 807440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
c:\users\Labelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-10 00:27 99856 ----a-w- c:\windows\System32\DPWLEvHd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2010-12-04 52096]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 MaplomL;MaplomL; [x]
R3 mdxgthkn;mdxgthkn;c:\users\Robert\AppData\Local\Temp\mdxgthkn.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSvix86.sys [2010-11-09 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]
S2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [2010-05-09 4032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-22 44432]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-17 35584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-19 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-17 47360]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\Drivers\WBMS.SYS [2004-11-10 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2011-01-17 c:\windows\Tasks\User_Feed_Synchronization-{939DDA86-9DE7-4E45-A974-CB9D9A0AE2FA}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://securityresponse.symantec.com/av ... _homepage/uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} -
hxxp://content.systemrequirementslab.co ... .3.1.0.cabFF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-DaphneDownLoader - c:\games\Daphne\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-17 09:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5240)
c:\windows\System32\NLSData0009.dll
c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccIPC.dll
c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccGEvt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-17 09:47:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-17 17:47
Pre-Run: 385,886,273,536 bytes free
Post-Run: 385,707,868,160 bytes free
- - End Of File - - 5738EB982D1502812AB6E963A7048718