ComboFix 11-04-20.03 - Kristen 04/21/2011 16:39:17.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.1291 [GMT 10:00] Running from: c:\users\Kristen\Desktop\george.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 ))))))))))))))))))))))))))))))) . . 2011-04-21 06:44 . 2011-04-21 06:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-21 04:45 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-21 04:31 . 2011-04-21 04:31 -------- d-----w- C:\_OTL 2011-04-21 03:49 . 2011-04-21 03:49 -------- d-----w- c:\users\Kristen\AppData\Local\{D04EE98D-473C-4ABA-9A56-99B82BAD870C} 2011-04-21 02:33 . 2011-04-21 02:33 -------- d-----w- c:\users\Kristen\AppData\Local\{EF0C895D-47BC-4AD4-9C27-240611DB1224} 2011-04-20 00:10 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB50012F-5C35-4765-8A75-403F83C52C32}\mpengine.dll 2011-04-20 00:05 . 2011-04-20 00:06 -------- d-----w- c:\users\Kristen\AppData\Local\{D2A60139-4A1F-42DE-8A11-154E0A64D59D} 2011-04-19 06:50 . 2011-04-19 06:50 -------- d-----w- c:\users\Kristen\AppData\Local\{A9B40FD4-8712-44F8-9644-CF66F34871E3} 2011-04-19 04:39 . 2011-04-19 06:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-04-19 04:39 . 2011-04-19 04:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-07 02:17 . 2011-04-07 02:17 -------- d-----w- c:\users\Kristen\AppData\Roaming\DVDVideoSoft 2011-04-04 08:42 . 2011-04-17 01:20 -------- d-----w- c:\users\Kristen\AppData\Roaming\Windows Live Writer 2011-04-04 08:42 . 2011-04-04 08:43 -------- d-----w- c:\users\Kristen\AppData\Local\Windows Live Writer 2011-04-04 07:37 . 2011-04-04 07:37 -------- d-----w- c:\windows\en 2011-04-04 07:35 . 2010-09-22 14:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-04-04 07:33 . 2011-04-04 07:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-04-04 06:34 . 2011-04-04 22:27 -------- d-----w- c:\program files\Microsoft 2011-04-04 06:34 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-04-04 06:34 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-04-04 06:34 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-04-04 06:33 . 2011-04-04 06:33 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\3e70ded11cbf29204\InstallManager_WLE_WLE.exe 2011-04-04 06:33 . 2011-04-04 06:33 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\36f9e7261cbf29203\MeshBetaRemover.exe 2011-03-29 10:34 . 2011-03-29 10:34 -------- d-----w- C:\bc0d563d27c038cb3fc2eaa579 2011-03-29 10:34 . 2011-03-29 10:34 -------- d-----w- C:\1953de4a71e910cb982a . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-04 07:41 . 2010-06-24 01:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-19 05:33 . 2011-03-09 03:54 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 05:32 . 2011-03-09 03:54 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 05:32 . 2011-03-09 03:54 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-03 05:45 . 2011-02-09 04:02 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-02 08:11 . 2010-10-08 05:28 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 167960] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-10 496184] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-05 67624] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Kristen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Kristen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm FF - ProfilePath - c:\users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\4phcayjv.default\ FF - prefs.js: browser.search.selectedEngine - eBay FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3976) c:\users\Kristen\AppData\Local\FLVService\lib\FLVSrvLib.dll . Completion time: 2011-04-21 16:46:34 ComboFix-quarantined-files.txt 2011-04-21 06:46 ComboFix2.txt 2011-04-19 07:02 ComboFix3.txt 2011-04-19 06:38 . Pre-Run: 121,884,065,792 bytes free Post-Run: 121,838,477,312 bytes free . - - End Of File - - E6AD1B455A18078A56D8AA7710A4054C