ComboFix 10-09-01.02 - Jon 09/01/2010 16:41:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1151 [GMT -4:00]
Running from: c:\users\Jon\Desktop\ComboFix.exe
Command switches used :: c:\users\Jon\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\iexplore.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\lib\tray.dll
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\users\Jon\AppData\Roaming\BitTorrent
c:\users\Jon\AppData\Roaming\BitTorrent\dht.dat.old
c:\users\Jon\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\Jon\AppData\Roaming\BitTorrent\rss.dat.old
c:\users\Jon\AppData\Roaming\BitTorrent\settings.dat.old
.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.
2010-09-01 20:49 . 2010-09-01 20:49 -------- d-----w- c:\users\Jon\AppData\Local\temp
2010-09-01 20:49 . 2010-09-01 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-01 20:49 . 2010-09-01 20:49 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-09-01 20:49 . 2010-09-01 20:49 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2010-09-01 20:49 . 2010-09-01 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-31 20:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 20:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 20:35 . 2010-08-31 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 01:57 . 2010-08-30 01:57 -------- d-----w- C:\_OTM
2010-08-30 01:52 . 2010-09-01 10:28 -------- d-----w- c:\program files\ERUNT
2010-08-28 16:03 . 2010-08-28 16:04 -------- d-----w- C:\rsit
2010-08-27 20:17 . 2010-08-27 20:18 -------- d-----w- C:\MGADiagToolOutput
2010-08-24 01:42 . 2010-08-31 21:01 -------- d-----w- c:\program files\Trend Micro
2010-08-24 01:42 . 2010-08-24 01:42 388096 ----a-r- c:\users\Jon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-20 20:03 . 2010-08-20 20:03 -------- d-----w- c:\users\Jon\AppData\Local\ElevatedDiagnostics
2010-08-20 19:52 . 2010-08-20 19:56 -------- d-----w- c:\program files\Microsoft ATS
2010-08-16 16:13 . 2010-08-16 16:13 -------- d-----w- c:\program files\iPod
2010-08-16 16:08 . 2010-08-16 16:08 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-12 03:06 . 2010-08-12 03:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-12 02:45 . 2010-08-12 02:45 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-12 02:44 . 2010-08-12 02:47 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-12 02:40 . 2010-07-09 22:37 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-08-12 02:40 . 2010-07-09 22:37 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-08-12 02:40 . 2010-07-09 22:37 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-08-12 02:40 . 2010-07-09 22:37 5107816 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-08-12 02:40 . 2010-07-09 22:37 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
2010-08-12 02:40 . 2010-07-09 22:37 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
2010-08-12 02:40 . 2010-07-09 22:37 4553832 ----a-w- c:\windows\system32\nvcuda.dll
2010-08-12 02:40 . 2010-07-09 22:37 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-08-12 02:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2010-08-12 02:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-08-12 02:40 . 2010-07-09 22:37 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
2010-08-12 01:41 . 2010-08-18 03:09 -------- d-----w- c:\program files\StarCraft II
2010-08-11 22:41 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 22:41 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 20:48 . 2010-08-11 20:48 -------- d-----w- c:\programdata\Hitman Pro
2010-08-11 20:48 . 2010-08-11 20:48 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-10 01:14 . 2010-08-10 01:14 -------- d-----w- c:\users\Jon\Program Files
2010-08-10 01:01 . 2010-08-10 01:01 -------- d-----w- c:\users\Jon\AppData\Local\Threat Expert
2010-08-10 00:29 . 2010-08-10 00:29 -------- d-sh--w- c:\programdata\MSSPES
2010-08-10 00:28 . 2010-08-10 00:28 -------- d-----w- c:\users\Jon\AppData\Local\fnqnyqtmc
2010-08-10 00:26 . 2010-08-31 01:12 -------- d-----w- c:\users\Jon\AppData\Roaming\ADE9ACEB21DF2F42D561D1A8A5430FF1
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 20:29 . 2008-10-27 18:56 36725 ----a-w- c:\programdata\nvModes.dat
2010-09-01 11:07 . 2008-08-01 16:40 2140 ----a-w- c:\windows\bthservsdp.dat
2010-08-31 20:56 . 2008-08-01 22:02 -------- d-----w- c:\program files\McAfee
2010-08-27 20:08 . 2008-08-13 01:17 -------- d-----w- c:\programdata\Viewpoint
2010-08-27 20:07 . 2008-08-01 21:51 -------- d-----w- c:\program files\Java
2010-08-18 03:07 . 2008-11-30 00:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-16 16:14 . 2009-09-10 21:14 -------- d-----w- c:\program files\iTunes
2010-08-16 16:13 . 2008-08-09 04:25 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 13:15 . 2008-11-22 16:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-12 07:07 . 2008-08-01 22:06 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 07:05 . 2008-10-06 00:01 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-12 03:06 . 2009-08-20 01:24 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-12 02:53 . 2008-08-01 22:17 -------- d-----w- c:\programdata\NVIDIA
2010-08-12 02:45 . 2008-08-01 21:59 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-12 02:21 . 2008-10-27 18:49 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-11 21:02 . 2008-08-20 22:17 -------- d-----w- c:\users\Jon\AppData\Roaming\U3
2010-07-09 22:37 . 2010-08-12 02:40 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2008-08-02 00:29 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:37 . 2008-08-02 00:28 9818728 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-09 22:37 . 2008-08-02 00:28 1625192 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 20:20 . 2010-07-09 20:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:20 . 2010-07-09 20:20 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 20:20 . 2010-07-09 20:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 20:20 . 2010-07-09 20:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 20:20 . 2010-07-09 20:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 20:20 . 2010-07-09 20:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:20 . 2010-07-09 20:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-07 18:03 . 2008-08-02 00:29 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 14:54 . 2010-04-09 01:43 439816 ----a-w- c:\users\Jon\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-30 12:18 . 2008-08-28 00:49 70352 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-11 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 22:40 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 22:40 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 22:40 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 22:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-11 22:40 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:42 . 2008-11-08 17:38 7592 ----a-w- c:\users\Jon\AppData\Local\d3d9caps.dat
2010-06-11 16:15 . 2010-08-11 22:40 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-11 22:40 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 22:40 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 00:32 . 2010-06-30 12:53 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-08-01 21:53 . 2008-08-01 21:53 74 --sh--r- c:\windows\CT4CET.bin
2008-08-02 00:33 . 2008-08-02 00:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-09-01_11.00.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-01 20:30 68204 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-09 03:49 . 2010-09-01 20:30 13156 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3026006837-3582817978-75404658-1000_UserData.bin
- 2008-08-09 03:32 . 2010-09-01 10:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-09 03:32 . 2010-09-01 20:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-30 20:28 . 2010-09-01 20:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-30 20:28 . 2010-09-01 10:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-09 03:32 . 2010-09-01 20:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-09 03:32 . 2010-09-01 10:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-23 20:15 . 2010-09-01 20:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-23 20:15 . 2010-08-31 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-23 20:15 . 2010-08-31 21:20 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-23 20:15 . 2010-09-01 20:28 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-23 20:15 . 2010-08-31 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-23 20:15 . 2010-09-01 20:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-01 20:28 . 2010-09-01 20:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-01 10:43 . 2010-09-01 10:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-01 10:43 . 2010-09-01 10:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-01 20:28 . 2010-09-01 20:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 13:05 . 2010-09-01 10:46 109728 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-01 20:30 109728 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-09-01 20:35 645810 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-01 10:51 645810 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-01 20:35 120908 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-09-01 10:51 120908 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-22 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-09 261736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):91,b7,73,30,6c,40,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\Drivers\LTower.sys [2004-01-23 39936]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 83496]
R3 NiViPxiK;NiViPxiK; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-12 717296]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 160720]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 141792]
S2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2003-04-24 107102]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2003-04-18 36463]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 312616]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-09-13 120320]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-01 18:32]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-01 18:32]
2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{CABDDF5B-D45B-4464-B6DE-DCAE3C3FFECF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.facebook.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\1b514aph.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.facebook.com/FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-01 16:49
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3026006837-3582817978-75404658-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,4a,88,a9,87,2a,ea,89,5a,23,ad,80,1b,3f,b4,66,1f,66,e3,5a,f2,ef,3a,
0b,ff,4c,e9,ba,fb,fb,0f,41,78,5e,23,28,90,d3,2e,8c,b9,94,df,39,31,d8,d1,3c,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-3026006837-3582817978-75404658-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,a4,41,0a,68,a0,b6,8b,c1,0e,bb,66,f8,b0,b6,c8,d3,ef,d2,bb,59,
da,82,8a,15,46,16,cc,16,d7,ca,1e,7c,52,b0,c7,8c,9c,3e,53,31,29,b8,70,ef,df,\
"rkeysecu"=hex:3b,75,86,03,b1,a9,69,23,37,a6,03,de,a6,b2,17,3e
.
Completion time: 2010-09-01 16:53:04
ComboFix-quarantined-files.txt 2010-09-01 20:53
ComboFix2.txt 2010-09-01 11:04
Pre-Run: 24,388,165,632 bytes free
Post-Run: 24,355,069,952 bytes free
- - End Of File - - D8236F104008E409230EFABDCF6598B5