ComboFix 12-03-14.01 - Marie 03/15/2012 10:20:09.4.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.688 [GMT -4:00] Running from: c:\documents and settings\Marie\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Safe c:\documents and settings\All Users\Application Data\Safe\zsinfo.dat c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Marie\WINDOWS C:\RECYCLER(2) c:\recycler(2)\S-1-5-21-3020317350-4059242635-1465099722-1006(2)\Dc20.htm c:\recycler(2)\S-1-5-21-3020317350-4059242635-1465099722-1006(2)\INFO2 . . ((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 ))))))))))))))))))))))))))))))) . . 2012-03-14 21:52 . 2012-03-14 21:52 382 ----a-w- C:\temp929.bat 2012-03-14 21:52 . 2012-03-14 21:52 1143 ----a-w- C:\temp109.bat 2012-03-13 17:48 . 2012-03-13 17:48 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-09 15:30 . 2012-03-09 15:30 -------- d-----w- c:\documents and settings\Marie\Application Data\QuickScan 2012-02-15 13:08 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-15 13:08 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 21:54 . 2011-10-23 21:05 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-02-23 11:54 . 2011-05-14 11:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22 . 2004-08-10 18:51 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-14 14:36 . 2012-01-14 12:57 98072 ----a-w- c:\windows\system32\drivers\SIVX32.sys 2012-01-09 18:51 . 2012-01-09 18:51 11264 ----a-w- c:\windows\system32\drivers\uzezmtex.sys 2012-01-09 18:30 . 2012-01-09 18:01 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 13:56 . 2011-12-29 13:56 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2011-12-29 13:56 . 2011-12-29 13:56 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2011-12-17 19:46 . 2011-03-15 02:09 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:46 . 2004-08-10 18:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-17 19:46 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-17 21:20 . 2011-05-18 22:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2011-11-10 4237312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208] "dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984] "CleanMem Mini Monitor"="c:\program files\CleanMem\Mini_Monitor.exe" [2011-10-03 1294336] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940] . c:\documents and settings\Marie\Start Menu\Programs\Startup\AutorunsDisabled OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-12-09 00:20 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Marie^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SynchronizationService.exe"=2 (0x2) "COSService.exe"=2 (0x2) "WinDefend"=2 (0x2) "SeaPort"=2 (0x2) "RUBotSrv"=2 (0x2) "KodakCCS"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HelpCenter4.1"=c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HelpCenter4.1"=c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "DLCGCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dlcgcoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcgpswx.exe"= "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "19540:UDP"= 19540:UDP:SXUPTP . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [9/6/2011 1:48 PM 14776] R1 uzezmtex;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzezmtex.sys [1/9/2012 2:51 PM 11264] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [11/29/2011 8:23 AM 45288] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [10/27/2011 7:00 AM 25088] S0 BC;BC;c:\windows\system32\drivers\BC.sys [11/24/2011 11:27 AM 24984] S1 MpKsl2d202af5;MpKsl2d202af5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D0F4079-5E18-44C3-B2E1-9CBA375B7A9D}\MpKsl2d202af5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D0F4079-5E18-44C3-B2E1-9CBA375B7A9D}\MpKsl2d202af5.sys [?] S1 MpKsl389220e8;MpKsl389220e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDF69383-0E92-4B2A-BE4F-912C629C1086}\MpKsl389220e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDF69383-0E92-4B2A-BE4F-912C629C1086}\MpKsl389220e8.sys [?] S1 MpKsl402bfbf7;MpKsl402bfbf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDF69383-0E92-4B2A-BE4F-912C629C1086}\MpKsl402bfbf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDF69383-0E92-4B2A-BE4F-912C629C1086}\MpKsl402bfbf7.sys [?] S1 MpKsl612bb0d0;MpKsl612bb0d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55F57EA-842B-47A2-AD90-B0079AF217B3}\MpKsl612bb0d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D55F57EA-842B-47A2-AD90-B0079AF217B3}\MpKsl612bb0d0.sys [?] S1 MpKsl6f7417e8;MpKsl6f7417e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDF69383-0E92-4B2A-BE4F-912C629C1086}\MpKsl6f7417e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDF69383-0E92-4B2A-BE4F-912C629C1086}\MpKsl6f7417e8.sys [?] S1 MpKsl75f5869d;MpKsl75f5869d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A44B044-517C-4E8A-AF09-0FF3F2219950}\MpKsl75f5869d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A44B044-517C-4E8A-AF09-0FF3F2219950}\MpKsl75f5869d.sys [?] S1 MpKslb095e319;MpKslb095e319;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D0F4079-5E18-44C3-B2E1-9CBA375B7A9D}\MpKslb095e319.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D0F4079-5E18-44C3-B2E1-9CBA375B7A9D}\MpKslb095e319.sys [?] S1 MpKslebea63e4;MpKslebea63e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{596DF2EC-2D60-4A1C-9E4F-E38407CB3523}\MpKslebea63e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{596DF2EC-2D60-4A1C-9E4F-E38407CB3523}\MpKslebea63e4.sys [?] S1 MpKslfd8c5a40;MpKslfd8c5a40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0499839-8E53-47A5-B9CC-6B1761659E1F}\MpKslfd8c5a40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0499839-8E53-47A5-B9CC-6B1761659E1F}\MpKslfd8c5a40.sys [?] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648] S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [5/15/2011 9:26 PM 152064] S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [5/15/2011 9:26 PM 49152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/12/2011 4:10 PM 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [3/27/2010 2:18 PM 88176] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704] S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [7/19/2011 10:24 PM 140848] S2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [1/24/2012 7:52 PM 16690] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/28/2011 1:26 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/28/2011 1:26 PM 8456] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [5/12/2011 9:23 PM 130976] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/12/2011 4:10 PM 136176] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [1/9/2012 2:01 PM 24064] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [10/23/2011 5:05 PM 181064] S3 RegFilter;RegFilter;\??\c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys --> c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [?] S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?] S3 SIVDriver;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [1/14/2012 8:57 AM 98072] S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/15/2011 9:25 PM 246936] S3 UrlFilter;UrlFilter;\??\c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys --> c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 2:51 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/18/2008 4:28 AM 384608] S4 FileMonitor;FileMonitor;\??\c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys --> c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 11:56 AM 44896] S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 2:51 PM 14336] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WINRM REG_MULTI_SZ WINRM nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-03-14 c:\windows\Tasks\Clean System Memory.job - c:\windows\system32\CleanMem.exe [2009-04-01 00:01] . 2012-03-14 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-09-01 03:31] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 20:10] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 20:10] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3020317350-4059242635-1465099722-1006Core.job - c:\documents and settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-01 02:56] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3020317350-4059242635-1465099722-1006UA.job - c:\documents and settings\Marie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-01 02:56] . 2012-03-12 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 20:56] . 2012-03-13 c:\windows\Tasks\SmartDefrag_Schedule.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-18 14:35] . 2012-03-14 c:\windows\Tasks\User_Feed_Synchronization-{2D1851C1-0AFD-4ECA-A3E1-2F7797B0C02E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm Trusted Zone: $talisma_url$ TCP: DhcpNameServer = 192.168.2.1 DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Marie\Application Data\Mozilla\Firefox\Profiles\rehysksk.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/index.php?lh=Ac-l99iM_0VJRI-L|http://groups.yahoo.com/group/GreensboroFreecycle/ FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-McAfee.InstantUpdate.Monitor - c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe HKLM-Run-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe SafeBoot-IMFservice SafeBoot-WinDefend . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-15 10:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3020317350-4059242635-1465099722-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll . Completion time: 2012-03-15 10:30:18 ComboFix-quarantined-files.txt 2012-03-15 14:30 ComboFix2.txt 2010-11-23 01:48 ComboFix3.txt 2010-11-20 04:08 ComboFix4.txt 2010-11-20 03:17 ComboFix5.txt 2011-08-31 00:30 . Pre-Run: 115,733,278,720 bytes free Post-Run: 115,843,350,528 bytes free . - - End Of File - - D2EBA289EFACA0B72AAA1E150DB52A9D