ComboFix 11-10-29.03 - Michael Marquez 10/29/2011 9:15.5.2 - x86 Running from: c:\documents and settings\Michael Marquez\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 ))))))))))))))))))))))))))))))) . . 2011-10-29 02:58 . 2011-10-29 02:58 -------- d-----w- c:\program files\ESET 2011-10-29 01:40 . 2011-10-29 01:40 -------- d-----w- c:\windows\LastGood 2011-10-29 01:15 . 2011-10-29 01:36 -------- d-----w- C:\44641ea6831a4e7f6a66e7696f 2011-10-29 00:10 . 2011-10-29 01:13 -------- d-----w- C:\758fcd2317f310fc04b3e026be81 2011-10-28 06:46 . 2011-10-28 06:46 -------- d-----w- c:\documents and settings\Michael Marquez\Local Settings\Application Data\Solid State Networks 2011-10-28 00:45 . 2011-10-28 00:45 -------- d-----w- c:\documents and settings\Michael Marquez\Application Data\ErrorTeck 2011-10-28 00:21 . 2011-10-28 00:21 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2011-10-28 00:21 . 2011-10-29 06:10 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-27 14:48 . 2011-10-27 14:55 -------- d-----w- C:\f5a2cf3e974a3fc72d5145b2cb5f 2011-10-27 08:02 . 2011-10-27 08:33 -------- d-----w- c:\program files\explore.exe 2011-10-26 20:13 . 2011-10-26 20:13 -------- d-----w- c:\program files\BFlixToolbar 2011-10-26 20:12 . 2011-10-26 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2011-10-26 20:12 . 2011-10-26 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2011-10-26 19:55 . 2011-10-29 01:54 -------- d-----w- C:\Temp for boot 2011-10-26 18:59 . 2011-10-26 18:59 -------- d-----w- c:\documents and settings\Michael Marquez\Application Data\NCH Software 2011-10-26 18:59 . 2011-10-26 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2011-10-26 18:59 . 2011-10-28 07:13 -------- d-----w- c:\program files\NCH Software 2011-10-26 17:41 . 2011-10-27 03:01 -------- d-----w- c:\documents and settings\Michael Marquez\Local Settings\Application Data\NPE 2011-10-26 06:35 . 2011-10-26 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-10-26 06:35 . 2011-10-29 04:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-26 06:18 . 2011-10-28 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2011-10-26 03:18 . 2011-10-26 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-10-26 03:18 . 2011-10-26 03:18 -------- d-----w- c:\program files\AVAST Software 2011-10-26 02:36 . 2011-10-26 02:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-26 02:28 . 2011-10-26 02:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-10-26 02:17 . 2011-10-26 04:17 -------- d-----w- c:\program files\AppCleaner 2011-10-23 20:45 . 2011-10-23 20:45 -------- d-----w- c:\windows\PIF 2011-10-16 04:00 . 2011-10-16 04:00 -------- d-----w- c:\program files\Kg 2011-10-13 03:26 . 2011-10-13 03:26 -------- d-----w- C:\N360_BACKUP 2011-10-13 03:04 . 2011-10-13 03:04 -------- d-----w- c:\program files\Windows Sidebar 2011-10-13 02:14 . 2011-08-17 13:49 138496 ------w- c:\windows\system32\dllcache\afd.sys 2011-10-13 01:54 . 2011-10-26 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2011-10-10 04:17 . 2011-10-10 04:17 -------- d-----w- c:\documents and settings\Michael Marquez\Application Data\Windows Search 2011-10-08 18:00 . 2011-10-08 18:00 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-10-05 02:56 . 2011-10-05 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2011-10-04 19:22 . 2011-10-28 00:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-10-04 14:08 . 2011-10-04 14:08 -------- d-----w- c:\documents and settings\Michael Marquez\Local Settings\Application Data\WMTools Downloaded Files 2011-10-04 14:06 . 2011-10-04 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp360 2011-10-01 20:55 . 2011-10-01 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spotmau 2011-10-01 20:47 . 2011-10-04 19:06 -------- d-----w- c:\program files\TuneUp360 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-04 02:39 . 2011-05-25 18:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 17:41 . 2008-04-15 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 17:41 . 2008-04-15 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-17 01:33 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-09-17 01:33 . 2009-10-14 07:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-09-16 00:53 . 2011-08-01 00:57 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2011-09-10 19:08 . 2011-09-10 19:09 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE 2011-09-10 19:08 . 2011-09-10 19:09 65536 ----a-w- c:\windows\system32\wltrynt.dll 2011-09-10 19:08 . 2011-09-10 19:09 2351104 ----a-w- c:\windows\system32\WLTRAY.EXE 2011-09-10 19:08 . 2011-09-10 19:09 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL 2011-09-10 19:08 . 2011-09-10 19:09 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe 2011-09-10 19:08 . 2011-09-10 19:09 457 ----a-w- c:\windows\system32\vcredist_x86.bat 2011-09-10 19:08 . 2011-09-10 19:09 143360 ----a-w- c:\windows\system32\preflib.dll 2011-09-10 19:08 . 2011-09-10 19:09 245760 ----a-w- c:\windows\system32\bcmwlu00.exe 2011-09-10 19:08 . 2011-09-10 19:09 2088960 ----a-w- c:\windows\system32\BCMWLTRY.EXE 2011-09-10 19:08 . 2011-09-10 19:09 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll 2011-09-10 19:08 . 2011-09-10 19:09 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS 2011-09-10 19:08 . 2011-09-10 19:09 5128192 ----a-w- c:\windows\system32\BCMWLCPL.CPL 2011-09-10 19:08 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll 2011-09-10 19:08 . 2011-09-10 19:09 770048 ----a-w- c:\windows\system32\BCMLogon.dll 2011-09-10 19:08 . 2008-05-16 12:00 2699264 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS 2011-09-10 19:08 . 2011-09-10 19:09 761856 ----a-w- c:\windows\system32\bcm1xsup.dll 2011-09-09 09:12 . 2008-04-15 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2010-06-23 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48 . 2010-06-24 12:15 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2010-06-24 12:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 23:48 . 2007-08-14 09:44 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 11:56 . 2010-06-23 12:08 385024 ------w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2010-04-09 17:59 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(9).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(8).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(7).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(16).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(15).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(14).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(13).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(12).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(11).dll 2011-08-01 01:26 . 2008-03-21 18:35 91448 ----a-w- c:\windows\system32\bcmwlcoi(10).dll 2011-08-01 01:25 . 2011-08-01 01:25 9728 ----a-w- c:\windows\system32\yk51x86ver.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2011-10-27_09.06.37 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-29 00:09 . 2011-10-29 00:09 16384 c:\windows\temp\Perflib_Perfdata_518.dat + 2008-04-14 08:10 . 2008-04-14 06:10 57600 c:\windows\system32\drivers\redbook.sys - 2008-04-14 08:10 . 2008-04-14 08:10 57600 c:\windows\system32\drivers\redbook.sys - 2008-04-15 04:00 . 2008-04-15 04:00 42112 c:\windows\system32\drivers\imapi.sys + 2008-04-15 04:00 . 2008-04-14 06:11 42112 c:\windows\system32\drivers\imapi.sys + 2008-04-15 04:00 . 2008-04-14 06:10 36352 c:\windows\system32\drivers\disk.sys - 2008-04-15 04:00 . 2008-04-15 04:00 36352 c:\windows\system32\drivers\disk.sys + 2008-04-15 04:00 . 2008-04-14 06:10 62976 c:\windows\system32\drivers\cdrom.sys - 2008-04-15 04:00 . 2008-04-15 04:00 62976 c:\windows\system32\drivers\cdrom.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2011-09-10 2351104] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2000-01-01 237568] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2000-01-01 495708] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-03 729088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzcyMzY3NzMwLVhPMTArMi1RSVgxKzMtRjEwTTEwRCsxLUxJQysyMi1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzQ0Njk3LUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCszLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQisx&prod=55&ver=10.0.1410" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" -a "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "IDTSysTrayApp"=sttray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Raptr\\raptr.exe"= "c:\\Program Files\\Raptr\\raptr_im.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10726:TCP"= 10726:TCP:*:Disabled:BitComet 10726 TCP "10726:UDP"= 10726:UDP:*:Disabled:BitComet 10726 UDP "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 MpKsl0647bd4e;MpKsl0647bd4e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E80F27D-B3E1-4AD9-8941-0590F48A9A02}\MpKsl0647bd4e.sys [x] R1 MpKsl07e1d97f;MpKsl07e1d97f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E889EA10-211D-40F9-8D79-ADA3B063C1EE}\MpKsl07e1d97f.sys [x] R1 MpKsl1f84a453;MpKsl1f84a453;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2A2CF6A-D9DF-4227-9431-95C06CA33A33}\MpKsl1f84a453.sys [x] R1 MpKsl229d2809;MpKsl229d2809;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DEEEF41-EE34-45C6-BF44-86764EC502EB}\MpKsl229d2809.sys [x] R1 MpKsl3527f3c3;MpKsl3527f3c3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B1CB384-F438-473E-88B1-0A35B4084797}\MpKsl3527f3c3.sys [x] R1 MpKsl42ab91df;MpKsl42ab91df;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8384D50-CC74-4251-A6A8-3C453F104800}\MpKsl42ab91df.sys [x] R1 MpKsl53bcd68d;MpKsl53bcd68d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43468009-3FC9-413C-BF1D-8805A0CD160B}\MpKsl53bcd68d.sys [x] R1 MpKsl56f606be;MpKsl56f606be;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{30CFC95B-FF9A-4979-896A-CAB13D3D6477}\MpKsl56f606be.sys [x] R1 MpKsl5bc1cb88;MpKsl5bc1cb88;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E80F27D-B3E1-4AD9-8941-0590F48A9A02}\MpKsl5bc1cb88.sys [x] R1 MpKsl76d5859b;MpKsl76d5859b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9E333B1-9F64-4A1C-9931-A9A6C5BC43FD}\MpKsl76d5859b.sys [x] R1 MpKslaf0b0482;MpKslaf0b0482;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB3ABFEF-B5A6-4686-8E9D-4597058BC8A7}\MpKslaf0b0482.sys [x] R1 MpKslef3aeaab;MpKslef3aeaab;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5D32327-02F9-4ADA-BCD7-220169DEF80D}\MpKslef3aeaab.sys [x] R2 CachemanService;Cacheman Service; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 mdvauthsrv;HP Connectivity Authentication Service;c:\program files\HPQ\HP Connection Manager 2\bin\mdvauthsrv.exe [2009-02-14 399848] R2 mdvsrv;HP Connection Manager Service;c:\program files\HPQ\HP Connection Manager 2\bin\mdvsrv.exe [2009-02-14 281064] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; [x] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-06 1524544] R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-07-08 318464] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterhp.sys [2009-01-14 5248] R3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnethp.sys [2009-01-14 115200] R3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserhp.sys [2009-01-14 104448] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-09-16 12984] R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-10-28 309320] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x] R3 UCORESYS;UCORESYS;c:\swsetup\SP48673\UCORESYS.SYS [2008-07-24 15432] R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-15 14336] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-01-14 345336] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2000-01-01 113664] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-11-04 51712] S3 esihdrv;esihdrv;c:\docume~1\MICHAE~1\LOCALS~1\Temp\esihdrv.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 15839700 *NewlyCreated* - 88880928 *NewlyCreated* - ESIHDRV *NewlyCreated* - PXTDIPOW *NewlyCreated* - UPDATER_SERVICE_FOR_STARTNOW_TOOLBAR *Deregistered* - 15839700 *Deregistered* - 88880928 *Deregistered* - pxtdipow *Deregistered* - Updater Service for StartNow Toolbar . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254372840-1411603167-3049113832-1006Core.job - c:\documents and settings\Michael Marquez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-16 22:28] . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254372840-1411603167-3049113832-1006UA.job - c:\documents and settings\Michael Marquez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-16 22:28] . 2011-10-26 c:\windows\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 10:31] . . ------- Supplementary Scan ------- . uLocal Page = about:blank mWindow Title = Michael Marquez TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Michael Marquez\Application Data\Mozilla\Firefox\Profiles\slhb5spz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z131&ocid=zdhp&install_date=20111029 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111029&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 600000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 600000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.homepage.dontask - true FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-29 09:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1460) c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(276) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-10-29 09:25:23 ComboFix-quarantined-files.txt 2011-10-29 15:25 ComboFix2.txt 2011-10-28 08:33 ComboFix3.txt 2011-10-28 00:39 ComboFix4.txt 2011-10-27 15:35 ComboFix5.txt 2011-10-29 15:14 . Pre-Run: 63,255,683,072 bytes free Post-Run: 63,236,222,976 bytes free . - - End Of File - - 43E3C9500BEBDF73116313E3590767F5