ComboFix 09-06-28.04 - Valued Customer 06/29/2009 9:23.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3071.1738 [GMT -4:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Valued Customer\Favorites\Online Security Test.url
c:\users\VALUED~1\FAVORI~1\Online Security Test.url
c:\windows\system32\bszip.dll
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-21 21:57 . 2009-06-21 22:03 -------- d-----w- C:\New_in_Town
2009-06-21 21:56 . 2009-06-24 12:02 -------- d-----w- c:\program files\DVD Decrypter
2009-06-21 21:55 . 2009-06-21 21:55 -------- d-----w- c:\progra~2\DVD Shrink
2009-06-19 10:44 . 2009-06-19 11:05 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Winamp
2009-06-19 10:44 . 2009-06-19 10:45 -------- d-----w- c:\program files\Winamp
2009-06-16 14:28 . 2009-06-16 14:28 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Uniblue
2009-06-14 10:04 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 10:04 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 09:58 . 2009-06-14 09:58 -------- d-----w- C:\Yahoo!
2009-06-11 12:48 . 2009-06-11 12:48 -------- d-----w- c:\windows\Sun
2009-06-09 15:23 . 2009-06-09 15:23 -------- d-----w- C:\Converted
2009-06-09 15:19 . 2009-06-09 15:19 -------- d-----w- c:\progra~2\AVS4YOU
2009-06-09 15:19 . 2009-06-09 15:19 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AVS4YOU
2009-06-09 15:02 . 2009-06-09 15:02 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\AccurateRip
2009-06-08 12:09 . 2009-06-09 14:55 -------- d-----w- c:\users\Valued Customer\AppData\Local\Audible
2009-06-07 10:51 . 2009-06-07 10:51 -------- d-----w- c:\progra~2\WindowsSearch
2009-06-06 18:11 . 2009-06-06 18:11 -------- d-----w- c:\users\Valued Customer\AppData\Local\DNA
2009-06-06 18:11 . 2009-06-10 12:30 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\DNA
2009-06-06 18:11 . 2009-06-10 12:14 -------- d-----w- c:\program files\DNA
2009-06-06 18:11 . 2009-06-06 18:11 -------- d-----w- c:\program files\AskBarDis
2009-06-06 15:33 . 2009-06-06 15:33 -------- d-----w- c:\program files\Microsoft Easy Assist
2009-06-06 15:33 . 2009-06-06 15:33 -------- d-----w- c:\progra~2\Applications
2009-06-06 13:03 . 2009-03-08 11:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-06-06 13:03 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-06-06 13:03 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-06-06 13:03 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-06-06 13:03 . 2009-03-08 11:33 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-06 13:03 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-06-06 12:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-06 12:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-06 12:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-06 12:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-06 12:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-06 12:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-06 12:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-06 12:49 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-06 12:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-06 12:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-06 12:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-06 12:48 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-06 12:08 . 2009-06-06 12:08 -------- d-----w- c:\users\Valued Customer\AppData\Local\Microsoft Corporation
2009-06-06 12:03 . 2009-06-06 12:08 -------- d-----w- c:\program files\Microsoft Small Business
2009-06-06 12:01 . 2009-06-06 12:01 -------- d-----w- c:\users\Valued Customer\AppData\Local\Apple
2009-06-06 11:59 . 2009-06-15 07:01 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-06 10:55 . 2009-06-06 11:24 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Yahoo!
2009-06-05 20:48 . 2009-06-06 10:31 -------- d-----w- c:\windows\system32\Tasks(742)
2009-06-05 18:16 . 2009-06-06 11:17 -------- d-----r- c:\program files\Norton Support
2009-06-05 18:14 . 2009-06-05 18:14 -------- d-----w- c:\users\Valued Customer\AppData\Local\Symantec
2009-06-05 11:58 . 2009-06-06 10:47 -------- d-----w- c:\program files\AudioConverter Studio
2009-06-04 10:39 . 2009-06-04 10:39 -------- d-----w- c:\program files\iPod(82)
2009-06-04 10:39 . 2009-06-04 10:40 -------- d-----w- c:\program files\iTunes(83)
2009-06-04 10:36 . 2009-06-05 20:37 -------- d-----w- c:\program files\QuickTime(84)
2009-05-31 00:08 . 2009-05-31 00:08 -------- d-----w- c:\users\Valued Customer\AppData\Local\Yahoo
2009-05-30 23:57 . 2009-05-30 23:57 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Media Player Classic
2009-05-30 23:54 . 2009-06-06 10:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-30 20:16 . 2009-06-09 15:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-30 20:16 . 2009-06-09 15:29 -------- d-----w- c:\program files\AVS4YOU
2009-05-30 20:06 . 2009-06-05 12:24 -------- d-----w- C:\My Music
2009-05-30 20:04 . 2009-05-30 20:04 -------- d-----w- c:\program files\rmconverter.net
2009-05-30 19:50 . 2009-05-30 19:50 -------- d-----w- c:\program files\Free RM to MP3 Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 22:03 . 2008-12-06 00:10 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\RipIt4Me
2009-06-14 10:16 . 2008-08-09 01:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-12 07:15 . 2007-11-28 21:06 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 11:33 . 2008-01-31 19:00 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Hewlett-Packard
2009-06-10 13:11 . 2008-08-09 02:18 -------- d-----w- c:\program files\Quicken
2009-06-10 13:09 . 2008-08-09 02:45 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-06-10 12:09 . 2008-08-09 01:27 -------- d-----w- c:\progra~2\FLEXnet
2009-06-09 15:21 . 2009-05-06 11:16 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\GetRightToGo
2009-06-06 18:00 . 2007-11-28 21:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 16:14 . 2008-08-18 19:24 142584 ----a-w- c:\users\Valued Customer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-06 12:28 . 2009-05-11 13:32 -------- d-----w- c:\program files\iTunes
2009-06-06 12:27 . 2009-05-11 13:32 -------- d-----w- c:\program files\iPod
2009-06-06 12:27 . 2009-05-11 13:27 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 12:26 . 2009-05-11 13:30 -------- d-----w- c:\program files\QuickTime
2009-06-06 12:00 . 2008-08-09 01:15 -------- d-----w- c:\program files\Microsoft.NET
2009-06-06 11:09 . 2008-10-25 10:56 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\uTorrent
2009-06-06 11:09 . 2008-08-12 14:03 -------- d-----w- c:\progra~2\Yahoo!
2009-06-06 11:09 . 2007-11-28 21:11 -------- d-----w- c:\progra~2\WildTangent
2009-06-06 11:09 . 2007-11-28 21:10 -------- d-----w- c:\progra~2\Hewlett-Packard
2009-06-06 11:09 . 2009-03-12 10:27 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters
2009-06-06 11:09 . 2009-05-06 11:37 -------- d-----w- c:\progra~2\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-06 11:09 . 2009-05-11 13:27 -------- d-----w- c:\progra~2\Apple
2009-06-06 11:09 . 2008-11-17 23:30 -------- d-----w- c:\progra~2\WebEx
2009-06-06 10:47 . 2007-11-28 21:14 -------- d-----w- c:\program files\Yahoo!
2009-06-05 20:49 . 2008-10-01 15:14 -------- d-----w- c:\progra~2\Roxio
2009-06-05 20:37 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-05 20:37 . 2007-11-28 21:08 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-06-05 20:36 . 2008-09-16 14:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-27 18:38 . 2009-05-27 18:38 -------- d-----w- c:\program files\Coupons
2009-05-19 15:11 . 2008-10-14 20:46 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Roxio
2009-05-13 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 09:51 . 2009-05-12 09:51 8854 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{5975F510-ACDF-4249-842F-3338630B0A93}\Uninstall_ImgSizer_0F6F6574D468489586834243BFC7E00C.exe
2009-05-12 09:51 . 2009-05-12 09:51 10134 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{5975F510-ACDF-4249-842F-3338630B0A93}\ARPPRODUCTICON.exe
2009-05-12 09:51 . 2008-08-11 02:06 -------- d-----w- c:\program files\Safeguard Properties, Inc
2009-05-11 13:38 . 2009-05-11 13:20 -------- d-----w- c:\program files\Audible
2009-05-11 13:33 . 2009-05-11 13:33 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Apple Computer
2009-05-11 13:33 . 2009-05-11 13:32 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-11 13:32 . 2009-05-11 13:30 -------- d-----w- c:\progra~2\Apple Computer
2009-05-11 13:31 . 2009-05-11 13:31 -------- d-----w- c:\program files\Bonjour
2009-05-11 13:29 . 2009-05-11 13:29 -------- d-----w- c:\program files\Apple Software Update
2009-05-09 17:34 . 2009-05-09 17:34 -------- d-----w- c:\program files\Carbonite
2009-05-09 17:34 . 2009-05-09 17:34 -------- d-----w- c:\progra~2\Carbonite
2009-05-09 05:50 . 2009-06-11 15:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 15:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 11:44 . 2007-11-28 21:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-06 11:38 . 2009-05-06 11:24 -------- d-----w- c:\progra~2\Norton
2009-05-06 11:36 . 2009-05-06 11:36 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 11:36 . 2009-05-06 11:36 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-06 11:36 . 2009-05-06 11:36 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 11:36 . 2009-05-06 11:36 -------- d-----w- c:\program files\Symantec
2009-05-06 11:36 . 2009-05-06 11:37 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-05-06 11:36 . 2009-05-06 11:36 -------- d-----w- c:\program files\Norton 360
2009-05-06 11:36 . 2007-11-28 21:16 -------- d-----w- c:\progra~2\Symantec
2009-05-06 11:36 . 2009-05-06 11:23 -------- d-----w- c:\progra~2\NortonInstaller
2009-05-06 11:24 . 2009-05-06 11:24 -------- d-----w- c:\progra~2\PCSettings
2009-05-06 11:23 . 2009-05-06 11:23 -------- d-----w- c:\program files\NortonInstaller
2009-04-23 12:43 . 2009-06-11 15:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 15:32 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 15:32 2033152 ----a-w- c:\windows\system32\win32k.sys
2007-11-28 20:14 . 2007-11-28 20:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-06-20 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2007-05-19 741376]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-04-29 669840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{52F42859-1EFF-41A5-9846-85C969F40F44}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{41694962-D64E-45A1-A006-D6935581C70E}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A0A5E1B0-39CC-4FFD-AA2E-9E5789D063F8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9568066F-1D66-4CC8-A9C1-F39D914B53F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7338441C-2FE7-4FB9-BECC-106998BA3140}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B112CD49-39BC-42DF-898A-D871697ECE74}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9C29E05B-9C44-47E1-BBD6-EC0C8CFF2EF8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EFCDAF74-D546-4532-A496-B8E7E1526B69}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{23E7F02A-11DB-4CD5-86EA-56881DF06CD8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8468F287-3D50-4072-AC5D-5865036282F7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{12DC940B-6A2B-4FA1-A2FD-2D5F69B414AF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD8951A1-6C3E-4449-9494-4283D699F0FB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{34F8A27C-A519-410E-BC9C-A89E86C37A35}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3AC2BC38-DA54-4F5B-AA0D-78AC36BC37A4}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{52E7C7D5-3413-4D85-B54E-65F814B00407}"= TCP:5060:magicjack
"{8E663135-D563-4BB6-AFC0-CD34BAE86693}"= TCP:5070:magicjack
"{5A20EB60-CA6C-4B34-B237-0A8C22291C11}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6DEC3761-5AA8-4089-A1C0-7D49FD37EE3B}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{61AFD2C3-2DF4-42FE-A181-DA74EEE19CC2}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"{8D3DA220-4784-4F22-B45B-FF881C65E42E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{34D4C75C-D0F9-4819-8DFD-E4940C9BE268}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{15C2EC3D-6D42-4C8D-B530-67A9E69CBD3B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9080AA65-FC50-4DB1-9199-67F6FDA4C103}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AFB2EA8A-1F18-4683-9BDC-D49579F7FF35}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{108923F5-31FE-4CA0-BBFC-4B11CE1C223F}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{103E0106-26C1-48B9-9E38-76B27955515A}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{4464B2DD-000E-492E-88D9-D30C70BD71E6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [5/6/2009 7:36 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [5/6/2009 7:36 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [5/6/2009 7:36 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys [6/23/2009 8:52 PM 292912]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [11/28/2007 5:04 PM 198240]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/6/2009 7:36 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2009 7:43 AM 101936]
R3 HPPLSBULK;HPPLSBULK;c:\windows\System32\drivers\hpplsbulk.sys [2/2/2005 6:29 PM 9344]
R3 HSXHWBS3;HSXHWBS3;c:\windows\System32\drivers\HSXHWBS3.sys [8/18/2008 6:33 PM 206336]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [8/18/2008 6:33 PM 464384]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [5/6/2009 7:36 AM 39984]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [8/18/2008 6:33 PM 156928]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 PM 30312]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
--- Other Services/Drivers In Memory ---
*Deregistered* - CO_Mon
*Deregistered* - SPBBCDrv
*Deregistered* - SYMDNS
*Deregistered* - SYMREDRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{F012DF4A-61F1-4868-881C-B0B00E2BB614}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-PWRISOVM - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: magicjack.com\my
Trusted Zone: safeguardproperties.com\inspi2
Trusted Zone: talk4free.com\reg
DPF: {434A2E00-1F9C-4DD6-ADE5-49923398FAB7} - hxxps://inspi2.safeguardproperties.com/inspi2/downloads/web/ProductChecker.cab
DPF: {756A8C37-B89C-4BB6-97AF-8BC982027DF1} - hxxps://inspi2.safeguardproperties.com/inspi2/downloads/web/imgsizer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 09:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-29 9:28
ComboFix-quarantined-files.txt 2009-06-29 13:28
Pre-Run: 182,559,117,312 bytes free
Post-Run: 182,543,237,120 bytes free
326 --- E O F --- 2009-06-27 10:32
Any help that you can give would be greatly appreciated. Thanks in advance.