ComboFix 11-08-17.02 - wholeteam 08/17/2011  18:36:12.3.2 - x86
Running from: c:\users\whoelteam\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ZuneMTPZ32.dll
c:\users\angelatabb\AppData\Roaming\Mozilla\Firefox\Profiles\rtq46vpz.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}
c:\users\angelatabb\AppData\Roaming\Mozilla\Firefox\Profiles\rtq46vpz.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome.manifest
c:\users\angelatabb\AppData\Roaming\Mozilla\Firefox\Profiles\rtq46vpz.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome\xulcache.jar
c:\users\angelatabb\AppData\Roaming\Mozilla\Firefox\Profiles\rtq46vpz.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\defaults\preferences\xulcache.js
c:\users\angelatabb\AppData\Roaming\Mozilla\Firefox\Profiles\rtq46vpz.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\install.rdf
c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Mozilla\Firefox\Profiles\uqkui3n7.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}
c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Mozilla\Firefox\Profiles\uqkui3n7.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome.manifest
c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Mozilla\Firefox\Profiles\uqkui3n7.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome\xulcache.jar
c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Mozilla\Firefox\Profiles\uqkui3n7.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\defaults\preferences\xulcache.js
c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Mozilla\Firefox\Profiles\uqkui3n7.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\install.rdf
c:\users\imani\AppData\Roaming\Mozilla\Firefox\Profiles\ruabv3yg.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}
c:\users\imani\AppData\Roaming\Mozilla\Firefox\Profiles\ruabv3yg.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome.manifest
c:\users\imani\AppData\Roaming\Mozilla\Firefox\Profiles\ruabv3yg.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome\xulcache.jar
c:\users\imani\AppData\Roaming\Mozilla\Firefox\Profiles\ruabv3yg.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\defaults\preferences\xulcache.js
c:\users\imani\AppData\Roaming\Mozilla\Firefox\Profiles\ruabv3yg.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\install.rdf
c:\users\kyle\AppData\Roaming\Mozilla\Firefox\Profiles\8088lu26.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}
c:\users\kyle\AppData\Roaming\Mozilla\Firefox\Profiles\8088lu26.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome.manifest
c:\users\kyle\AppData\Roaming\Mozilla\Firefox\Profiles\8088lu26.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome\xulcache.jar
c:\users\kyle\AppData\Roaming\Mozilla\Firefox\Profiles\8088lu26.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\defaults\preferences\xulcache.js
c:\users\kyle\AppData\Roaming\Mozilla\Firefox\Profiles\8088lu26.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\install.rdf
c:\users\tdbell64\AppData\Roaming\Mozilla\Firefox\Profiles\qma0oohe.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}
c:\users\tdbell64\AppData\Roaming\Mozilla\Firefox\Profiles\qma0oohe.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome.manifest
c:\users\tdbell64\AppData\Roaming\Mozilla\Firefox\Profiles\qma0oohe.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\chrome\xulcache.jar
c:\users\tdbell64\AppData\Roaming\Mozilla\Firefox\Profiles\qma0oohe.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\defaults\preferences\xulcache.js
c:\users\tdbell64\AppData\Roaming\Mozilla\Firefox\Profiles\qma0oohe.default\extensions\{7985fe35-b8d1-43d5-9bc8-cf34e726d63a}\install.rdf
c:\windows\$NtUninstallKB41604$
c:\windows\$NtUninstallKB41604$\3860447270
c:\windows\$NtUninstallKB41604$\3872504746\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB41604$\3872504746\L\xadqgnnk
I:\install.exe
.
c:\windows\System32\autochk.exe . . . is infected!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_e6d1bbaa
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-17 to 2011-08-17  )))))))))))))))))))))))))))))))
.
.
2011-08-17 17:51 . 2011-08-17 17:51	--------	d-----w-	C:\_OTL
2011-08-17 17:43 . 2011-08-17 23:16	58288	----a-w-	c:\windows\system32\rpcnet.dll
2011-08-17 13:09 . 2011-08-17 13:09	--------	d-----w-	C:\_OTM
2011-08-17 13:08 . 2011-08-17 13:08	--------	d-----w-	C:\registrybackup
2011-08-17 03:37 . 2011-08-17 03:37	17408	----a-w-	c:\windows\system32\rpcnetp.dll
2011-08-17 03:37 . 2011-08-17 23:16	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2011-08-17 03:20 . 2011-08-17 03:20	388096	----a-r-	c:\users\whoelteam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-17 03:20 . 2011-08-17 03:20	--------	d-----w-	c:\program files\Trend Micro
2011-08-17 01:01 . 2011-08-17 23:32	23624	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-08-17 01:00 . 2011-08-17 01:06	--------	d-----w-	c:\programdata\Hitman Pro
2011-08-17 01:00 . 2011-08-17 01:00	--------	d-----w-	c:\program files\Hitman Pro 3.5
2011-08-16 21:18 . 2011-03-13 15:42	24376	----a-w-	c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-08-16 20:13 . 2011-08-16 20:13	--------	d-----w-	c:\users\kyle\AppData\Roaming\Malwarebytes
2011-08-16 20:12 . 2011-08-16 20:12	--------	d-----w-	c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Malwarebytes
2011-08-16 17:58 . 2011-08-16 17:58	--------	d-----w-	c:\users\whoelteam\AppData\Roaming\Malwarebytes
2011-08-16 17:58 . 2011-07-06 23:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 17:58 . 2011-07-06 23:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-16 17:58 . 2011-08-16 17:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-16 17:25 . 2011-08-16 17:25	--------	d-----w-	c:\users\whoelteam\AppData\Local\Nero
2011-08-16 05:29 . 2011-08-16 05:29	--------	d-----w-	c:\users\whoelteam\AppData\Local\PackageAware
2011-08-15 19:13 . 2011-08-15 19:13	--------	d-----w-	c:\users\angelatabb\AppData\Local\Windows Live
2011-08-15 19:11 . 2011-08-15 19:11	--------	d-----w-	c:\users\angelatabb\AppData\Roaming\Nero
2011-08-15 18:37 . 2009-03-25 05:25	197680	----a-w-	c:\windows\system32\drivers\Apfiltr.sys
2011-08-15 03:42 . 2011-08-15 03:42	--------	d-----w-	c:\users\whoelteam\AppData\Local\{1978D798-BAC6-45F1-8C74-0A017DB9028D}
2011-08-15 00:09 . 2011-08-15 00:09	--------	d-----w-	c:\windows\Sun
2011-08-14 23:39 . 2011-08-14 23:40	--------	d-----w-	c:\program files\DVDFab 8 Qt
2011-08-14 23:28 . 2011-08-14 23:28	--------	d-----w-	C:\DVDFabDecrypter_Temp
2011-08-14 23:27 . 2011-08-14 23:28	--------	d-----w-	c:\program files\DVDFab Decrypter
2011-08-14 23:22 . 2011-08-14 23:22	--------	d-----w-	c:\program files\Aimersoft
2011-08-14 14:14 . 2011-08-14 14:14	--------	d-----w-	c:\users\Devyn.WHOLETEAM-DELL2\AppData\Local\Apple Computer
2011-08-12 04:01 . 2011-08-12 04:01	--------	d-----w-	c:\users\Devyn.WHOLETEAM-DELL2\AppData\Roaming\Nero
2011-08-11 13:53 . 2011-08-11 13:53	--------	d-----w-	c:\users\whoelteam\AppData\Roaming\Nero
2011-08-11 07:01 . 2011-08-11 07:01	--------	d-----w-	c:\program files\MSXML 4.0
2011-08-11 03:15 . 2011-08-11 03:17	--------	d-----w-	c:\users\imani\AppData\Local\Microsoft Games
2011-08-10 19:01 . 2011-08-10 19:01	--------	d-----w-	c:\users\kyle\AppData\Roaming\Nero
2011-08-10 18:59 . 2011-08-10 18:59	--------	d-----w-	c:\users\imani\AppData\Roaming\Nero
2011-08-10 11:36 . 2011-08-10 11:46	--------	d-----w-	c:\programdata\Nero
2011-08-10 11:35 . 2011-08-10 11:36	--------	d-----w-	c:\program files\Common Files\Nero
2011-08-10 11:35 . 2011-08-10 11:45	--------	d-----w-	c:\program files\Nero
2011-08-10 03:12 . 2009-09-04 21:29	1974616	----a-w-	c:\windows\system32\D3DCompiler_42.dll
2011-08-10 03:11 . 2009-09-04 21:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-08-10 03:11 . 2008-10-15 10:22	4379984	----a-w-	c:\windows\system32\D3DX9_40.dll
2011-08-10 03:11 . 2007-07-19 22:14	3727720	----a-w-	c:\windows\system32\d3dx9_35.dll
2011-08-10 03:10 . 2007-05-16 20:45	3497832	----a-w-	c:\windows\system32\d3dx9_34.dll
2011-08-10 00:02 . 2011-08-10 00:02	--------	d-----w-	c:\users\kyle\AppData\Roaming\ooVoo Details
2011-08-09 13:50 . 2011-08-09 13:50	--------	d-----w-	c:\users\Devyn.WHOLETEAM-DELL2\AppData\Local\Macromedia
2011-08-08 11:51 . 2011-08-08 11:51	--------	d-----w-	c:\users\imani\AppData\Local\Apple
2011-08-01 12:15 . 2011-08-01 12:15	--------	d-----w-	c:\program files\iPod
2011-08-01 12:15 . 2011-08-01 12:17	--------	d-----w-	c:\program files\iTunes
2011-08-01 12:10 . 2011-08-01 12:10	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 16:50 . 2011-04-21 01:39	388096	----a-w-	c:\windows\system32\drivers\csc.sys
2011-07-12 15:20 . 2011-07-12 15:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-06-30 03:39 . 2011-06-18 18:52	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29 . 2011-07-13 11:33	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 05:31	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-04-14 18:01 . 2011-01-03 00:09	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-10-02 4537280]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2004-11-22 307200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-01 474624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-27 217088]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-06-01 273544]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmFlywaveName]
2007-10-05 16:22	283466	----a-w-	c:\windows\system\cmflywav.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"8DDYX0ZBPZ"=c:\users\WHOELT~1\AppData\Local\Temp\Tql.exe
"Steam"="c:\program files\Steam\Steam.exe" -silent
.
R2 0195511313283042mcinstcleanup;McAfee Application Installer Cleanup (0195511313283042);c:\windows\TEMP\019551~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R4 Bomsosr2uwl;Bomsosr2uwl;c:\windows\system32\drivers\compbatt.sys [2009-07-14 19024]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys [2007-03-29 1410240]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-08-17 23624]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
ftpsvc	REG_MULTI_SZ   	ftpsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983123432-918471795-1554061222-1000Core.job
- c:\users\whoelteam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-08 03:49]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1983123432-918471795-1554061222-1000UA.job
- c:\users\whoelteam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-08 03:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\whoelteam\AppData\Roaming\Mozilla\Firefox\Profiles\5iskg2hu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4368)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\rundll32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\No-IP\DUC20.exe
c:\windows\system32\rpcnet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-17  19:38:08 - machine was rebooted
ComboFix-quarantined-files.txt  2011-08-17 23:38
ComboFix2.txt  2011-06-19 07:09
ComboFix3.txt  2011-06-10 23:47
.
Pre-Run: 30,505,807,872 bytes free
Post-Run: 30,241,955,840 bytes free
.
- - End Of File - - 28D9D0187A09EE593981B7AEFEE7A211