ComboFix 11-06-03.04 - Admin 06/03/2011 16:04:25.2.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.776 [GMT -5:00] Running from: c:\documents and settings\Admin\Desktop\comfix.exe.exe AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\comfix.exe c:\comfix.exe\023.dat c:\comfix.exe\023v.dat c:\comfix.exe\023w7.dat c:\comfix.exe\AppDataFile.cfx c:\comfix.exe\AppDataFolder.cfx c:\comfix.exe\appinit.bad c:\comfix.exe\asp.str c:\comfix.exe\Assoc.cmd c:\comfix.exe\ATTRIB.cfxxe c:\comfix.exe\Auto-RC.cmd c:\comfix.exe\av.cmd c:\comfix.exe\av.vbs c:\comfix.exe\AWF.cmd c:\comfix.exe\badclsid.c c:\comfix.exe\Boot-Rk.cmd c:\comfix.exe\Boot.bat c:\comfix.exe\BootDrv.vbs c:\comfix.exe\c.bat c:\comfix.exe\c.mrk c:\comfix.exe\Catch-sub.cmd c:\comfix.exe\catchme.cfxxe c:\comfix.exe\CCS.bat c:\comfix.exe\CF-Script.cmd c:\comfix.exe\CF28819.cfxxe c:\comfix.exe\CHCP.bat c:\comfix.exe\clsid.c c:\comfix.exe\Combobatch.bat c:\comfix.exe\ComboFix-Download.cfxxe c:\comfix.exe\Create.cmd c:\comfix.exe\Creg.dat c:\comfix.exe\CregC.cmd c:\comfix.exe\CregC.dat c:\comfix.exe\CSCRIPT.cfxxe c:\comfix.exe\CSet.cmd c:\comfix.exe\dd.cfxxe c:\comfix.exe\ddsDo.sed c:\comfix.exe\DelClsid.bat c:\comfix.exe\DelClsid64.bat c:\comfix.exe\desktop.ini c:\comfix.exe\DesktopFile.cfx c:\comfix.exe\DisclaimED.dat c:\comfix.exe\DPF.str c:\comfix.exe\DrvRun.vbs c:\comfix.exe\dumphive.cfxxe c:\comfix.exe\embedded.sed c:\comfix.exe\ERDNT.e_e c:\comfix.exe\ERDNTDOS.LOC c:\comfix.exe\ERDNTWIN.LOC c:\comfix.exe\ERUNT.cfxxe c:\comfix.exe\erunt.dat c:\comfix.exe\ERUNT.LOC c:\comfix.exe\Exe.reg c:\comfix.exe\extract.cfxxe c:\comfix.exe\FavoriteFolder.cfx c:\comfix.exe\FavoritesFile.cfx c:\comfix.exe\FD-SV.cmd c:\comfix.exe\ffdefstr.dll c:\comfix.exe\FileKill.cfxxe c:\comfix.exe\files.pif c:\comfix.exe\Fin.dat c:\comfix.exe\FIND3M.bat c:\comfix.exe\FIXLSP.bat c:\comfix.exe\FKMGen.cmd c:\comfix.exe\ForeignWht c:\comfix.exe\GetHive.cmd c:\comfix.exe\grep.cfxxe c:\comfix.exe\gsar.cfxxe c:\comfix.exe\handle.cfxxe c:\comfix.exe\HDPEInfo.cfxxe c:\comfix.exe\hidec.cfxxe c:\comfix.exe\history.bat c:\comfix.exe\hwid.pif c:\comfix.exe\iexplore.exe c:\comfix.exe\image001.gif c:\comfix.exe\Imefile.dat c:\comfix.exe\Install-RC.cmd c:\comfix.exe\katch.cmd c:\comfix.exe\Kill-All.cmd c:\comfix.exe\kmd.dat c:\comfix.exe\Lang.bat c:\comfix.exe\List-B.bat c:\comfix.exe\List-C.bat c:\comfix.exe\List-D.bat c:\comfix.exe\List.bat c:\comfix.exe\lnkread.vbs c:\comfix.exe\LocalAppDataFile.cfx c:\comfix.exe\LocalAppDataFolder.cfx c:\comfix.exe\LocalService.dat c:\comfix.exe\LocalServiceNetworkRestricted.dat c:\comfix.exe\LocalSettingsFile.cfx c:\comfix.exe\LocalSystemNetworkRestricted.dat c:\comfix.exe\mbr.cfxxe c:\comfix.exe\mbr.chk c:\comfix.exe\md5sum.pif c:\comfix.exe\Mirrors c:\comfix.exe\MoveIt.bat c:\comfix.exe\mtee.cfxxe c:\comfix.exe\MtPt00 c:\comfix.exe\mynul.dat c:\comfix.exe\N_\10297 c:\comfix.exe\N_\11009 c:\comfix.exe\N_\12407 c:\comfix.exe\N_\1358 c:\comfix.exe\N_\13815 c:\comfix.exe\N_\14946 c:\comfix.exe\N_\17948 c:\comfix.exe\N_\19858 c:\comfix.exe\N_\23893 c:\comfix.exe\N_\24315 c:\comfix.exe\N_\24418 c:\comfix.exe\N_\26206 c:\comfix.exe\N_\26473 c:\comfix.exe\N_\26718 c:\comfix.exe\N_\27956 c:\comfix.exe\N_\29605 c:\comfix.exe\N_\31093 c:\comfix.exe\N_\4066 c:\comfix.exe\N_\6352 c:\comfix.exe\N_\pingtest c:\comfix.exe\ncmd.com c:\comfix.exe\ND_.bat c:\comfix.exe\ND_64.bat c:\comfix.exe\ndis_combofix.dat c:\comfix.exe\netsvc.bad.dat c:\comfix.exe\netsvc.dat c:\comfix.exe\netsvc.vista.dat c:\comfix.exe\netsvc.xp.dat c:\comfix.exe\NetworkService.dat c:\comfix.exe\NirCmd.cfxxe c:\comfix.exe\NircmdB.exe c:\comfix.exe\NirCmdC.cfxxe c:\comfix.exe\NIRKMD.cfxxe c:\comfix.exe\NlsLanguageDefault c:\comfix.exe\NT-OS.cmd c:\comfix.exe\NULL c:\comfix.exe\OSid.vbs c:\comfix.exe\OsVer c:\comfix.exe\pausep.cfxxe c:\comfix.exe\PersonalFile.cfx c:\comfix.exe\PersonalFolder.cfx c:\comfix.exe\pev.cfxxe c:\comfix.exe\pevb.cfxxe c:\comfix.exe\PING.cfxxe c:\comfix.exe\Policies.dat c:\comfix.exe\powp.dat c:\comfix.exe\Prep.inf c:\comfix.exe\ProfilesFile.cfx c:\comfix.exe\ProfilesFolder.cfx c:\comfix.exe\ProgramsFile.cfx c:\comfix.exe\ProgramsFolder.cfx c:\comfix.exe\Purity.dat c:\comfix.exe\PV.cfxxe c:\comfix.exe\pv.com c:\comfix.exe\rar_sfx.cmd c:\comfix.exe\RCLink.dat c:\comfix.exe\REGDACL.sed c:\comfix.exe\RegDo.sed c:\comfix.exe\region.dat c:\comfix.exe\RegScan.cmd c:\comfix.exe\RegScan64.cmd c:\comfix.exe\Resident.txt c:\comfix.exe\restore_pt.vbs c:\comfix.exe\Rkey.cmd c:\comfix.exe\rmbr.cfxxe c:\comfix.exe\rogues.dat c:\comfix.exe\ROUTE.cfxxe c:\comfix.exe\run2.sed c:\comfix.exe\Rust.str c:\comfix.exe\s0rt.cfxxe c:\comfix.exe\safeboot.dat c:\comfix.exe\safeboot.def.dat c:\comfix.exe\safeboot.def.vista.dat c:\comfix.exe\Safeboot.def.w7.dat c:\comfix.exe\sed.cfxxe c:\comfix.exe\SetEnvmt.bat c:\comfix.exe\setpath.cfxxe c:\comfix.exe\setpath_N.cmd c:\comfix.exe\SF.exe c:\comfix.exe\sfx.cmd c:\comfix.exe\SnapShot.cmd c:\comfix.exe\SRestore.cmd c:\comfix.exe\srizbi.md5 c:\comfix.exe\Start_dat c:\comfix.exe\StartMenuFile.cfx c:\comfix.exe\StartMenuFolder.cfx c:\comfix.exe\StartUpFile.cfx c:\comfix.exe\SuppScan.cmd c:\comfix.exe\svc_wht.dat c:\comfix.exe\SvcDrv.vbs c:\comfix.exe\svchost.dat c:\comfix.exe\svchost.vista.dat c:\comfix.exe\svchost.vista.x64.dat c:\comfix.exe\svchost.w7.dat c:\comfix.exe\svchost.w7.x64.dat c:\comfix.exe\swreg.cfxxe c:\comfix.exe\swsc.cfxxe c:\comfix.exe\swxcacls.cfxxe c:\comfix.exe\system_ini.dat c:\comfix.exe\tail.cfxxe c:\comfix.exe\TemplatesFile.cfx c:\comfix.exe\TemplatesFolder.cfx c:\comfix.exe\toolbar.sed c:\comfix.exe\Update-CF.cmd c:\comfix.exe\VerCF.bat c:\comfix.exe\version.txt c:\comfix.exe\VikPev00 c:\comfix.exe\VInfo c:\comfix.exe\VInfo2 c:\comfix.exe\Vipev.dat c:\comfix.exe\vistaMcode.dat c:\comfix.exe\vistareg.dat c:\comfix.exe\vun.dat c:\comfix.exe\VwinTemp.dacl c:\comfix.exe\w_sock.dll c:\comfix.exe\w2k_sock.dll c:\comfix.exe\w2kreg.dat c:\comfix.exe\w7Mcode.dat c:\comfix.exe\w7reg.dat c:\comfix.exe\Wmi_rem.vbs c:\comfix.exe\XP.mac c:\comfix.exe\xpmcode.dat c:\comfix.exe\xpreg.dat c:\comfix.exe\XPSBoot.reg c:\comfix.exe\zDomain.dat c:\comfix.exe\zhsvc.dat c:\comfix.exe\zip.cfxxe c:\documents and settings\Nutrition City\WINDOWS c:\windows\system32\Cache . . ((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 ))))))))))))))))))))))))))))))) . . 2011-05-30 01:53 . 2011-05-30 01:53 -------- d-----w- c:\documents and settings\Admin\Application Data\BitDefender 2011-05-30 01:52 . 2011-05-30 01:52 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2011-05-30 01:22 . 2011-05-30 01:22 -------- dc----w- C:\RyanZip 2011-05-28 20:09 . 2011-05-28 20:09 11264 ----a-w- c:\windows\DCEBoot.exe 2011-05-28 19:48 . 2011-05-28 20:03 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-05-28 16:37 . 2011-05-30 02:57 21480 ----a-w- c:\windows\system32\mv2.dll 2011-05-28 16:37 . 2011-05-30 02:57 11496 ----a-w- c:\windows\system32\drivers\mv2.sys 2011-05-28 00:09 . 2010-04-22 18:19 149520 ----a-w- c:\windows\system32\drivers\bdfm.sys 2011-05-28 00:07 . 2011-05-28 00:07 -------- d-----w- c:\documents and settings\Nutrition City\Application Data\BitDefender 2011-05-27 23:52 . 2011-05-27 23:52 -------- d-----w- c:\documents and settings\Nutrition City\Application Data\QuickScan 2011-05-27 23:49 . 2011-05-28 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2011-05-27 23:49 . 2011-05-28 00:04 -------- d-----w- c:\program files\Common Files\BitDefender 2011-05-27 23:45 . 2011-03-12 00:45 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys 2011-05-27 23:45 . 2010-05-13 22:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys 2011-05-27 23:45 . 2011-05-30 02:02 73957 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin 2011-05-27 21:21 . 2011-06-03 16:18 74764 ----a-w- c:\windows\cscmondump.bin 2011-05-27 21:19 . 2011-05-27 21:19 2 --shatr- c:\windows\winstart.bat 2011-05-27 21:02 . 2011-05-27 21:02 -------- d-----w- c:\program files\COMODO 2011-05-27 21:02 . 2011-05-27 21:02 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2011-05-26 20:24 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-26 20:24 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-20 02:38 . 2009-12-17 14:15 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll 2011-05-20 00:24 . 2011-05-20 00:24 -------- d-----w- c:\documents and settings\Nutrition City\Local Settings\Application Data\uTorrent 2011-05-19 23:46 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-19 23:46 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-19 23:46 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-19 23:46 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-19 23:46 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-19 23:46 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-19 23:46 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-19 23:46 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-19 20:27 . 2011-05-19 20:27 -------- d-----w- c:\documents and settings\Nutrition City\Local Settings\Application Data\VS Revo Group 2011-05-19 20:27 . 2009-12-30 16:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-05-19 20:27 . 2011-05-19 20:27 -------- d-----w- c:\program files\VS Revo Group 2011-05-19 08:05 . 2011-05-19 08:05 -------- d-----w- c:\program files\Best Uninstall Tool 2011-05-19 05:43 . 2011-05-19 20:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-19 05:24 . 2011-05-19 05:24 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-19 05:21 . 2011-05-19 05:21 -------- d-----w- c:\program files\ScottradeELITE 2011-05-17 21:03 . 2011-05-17 21:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2011-05-14 23:43 . 2011-05-14 23:43 -------- d-----w- c:\program files\Trend Micro 2011-05-07 18:27 . 2011-05-19 04:52 -------- d-----w- C:\RECYCLER(2) 2011-05-07 18:26 . 2011-05-19 04:52 -------- d-----w- c:\program files\Microsoft Security Client(2) . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-21 23:26 . 2010-08-12 05:11 12080 ----a-w- c:\windows\system32\drivers\D7B90406.bin 2011-04-15 21:00 . 2010-01-23 00:47 53248 ----a-w- c:\windows\system32\CSVer.dll 2011-03-24 20:36 . 2011-03-24 20:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2011-03-11 14:10 . 2004-08-11 23:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll 2011-03-07 05:33 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll 2010-07-08 15:37 . 2010-07-08 15:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe 2011-04-14 16:26 . 2011-05-19 23:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-11-06 202016] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "OTL"="c:\documents and settings\Nutrition City\My Documents\Downloads\OTL.exe" [2011-05-26 580096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0defrag_native . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "123:TCP"= 123:TCP:blackhawk "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . S1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [12/9/2010 7:14 AM 66584] S1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [12/9/2010 7:15 AM 33232] S1 MpKsl1b814ff4;MpKsl1b814ff4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl1b814ff4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl1b814ff4.sys [?] S1 MpKsl2785e375;MpKsl2785e375;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl2785e375.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl2785e375.sys [?] S1 MpKsl3f83cdde;MpKsl3f83cdde;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl3f83cdde.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKsl3f83cdde.sys [?] S1 MpKsl4465fa6a;MpKsl4465fa6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl4465fa6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl4465fa6a.sys [?] S1 MpKsl7432cfd4;MpKsl7432cfd4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl7432cfd4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl7432cfd4.sys [?] S1 MpKslb1991a34;MpKslb1991a34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKslb1991a34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BDFED46-8D9A-497D-A581-3AAE28844E29}\MpKslb1991a34.sys [?] S1 MpKsldd30930c;MpKsldd30930c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B947D4C-A575-4EBB-B1F9-B8DE7E0A3C09}\MpKsldd30930c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B947D4C-A575-4EBB-B1F9-B8DE7E0A3C09}\MpKsldd30930c.sys [?] S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [12/9/2010 7:08 AM 305600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 EpsCe;EpsCe;c:\windows\system32\drivers\EpsCe.sys [11/26/2007 6:51 AM 54784] S2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?] S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [10/2/2007 10:08 AM 70016] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/26/2011 3:24 PM 363344] S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [8/27/2010 2:59 PM 1051968] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/26/2011 3:24 PM 20952] S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [5/28/2011 11:37 AM 11496] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/19/2011 3:27 PM 27064] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/24/2010 2:41 PM 10064] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 6:00 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [8/12/2010 12:11 AM 177152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-06-02 c:\windows\Tasks\COMODO Updater.job - c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08] . 2011-06-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-06-10 05:01] . 2011-06-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-21 14:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.0.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://ncmpls.viewnetcam.com/MpegInst.cab DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.253/JpegInst.cab FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\9dr71bp0.default\ FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-03 16:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . Completion time: 2011-06-03 16:15:21 ComboFix-quarantined-files.txt 2011-06-03 21:15 . Pre-Run: 25,072,062,464 bytes free Post-Run: 25,005,809,664 bytes free . - - End Of File - - D2FE1E679E9B7B42AEF01C6B7D835D9C