ComboFix 11-07-07.05 - topcat 07/07/2011 21:19:11.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.745 [GMT -7:00] Running from: c:\documents and settings\topcat\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator.ARAGORN.002\WINDOWS c:\documents and settings\topcat\Application Data\PriceGong c:\documents and settings\topcat\Application Data\PriceGong\Data\1.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\a.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\b.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\c.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\d.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\e.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\f.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\g.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\h.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\i.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\J.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\k.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\l.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\m.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\mru.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\n.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\o.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\p.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\q.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\r.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\s.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\t.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\u.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\v.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\w.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\x.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\y.xml c:\documents and settings\topcat\Application Data\PriceGong\Data\z.xml c:\documents and settings\topcat\WINDOWS c:\windows\BackUp c:\windows\BackUp\TB041126.DAT c:\windows\system32\Cache c:\windows\system32\dllcache\download c:\windows\system32\dllcache\update.bat c:\windows\System32\hrq.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETWORK -------\Legacy_WINDOWS_MESSENGER . . ((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 ))))))))))))))))))))))))))))))) . . 2011-07-06 04:34 . 2011-07-06 04:34 -------- d--h--w- c:\documents and settings\data\.TemporaryItems 2011-07-02 17:58 . 2011-07-02 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-06-22 02:10 . 2011-06-22 02:10 -------- d-----w- c:\documents and settings\topcat\Application Data\Malwarebytes 2011-06-22 01:52 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 01:52 . 2011-06-22 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-22 01:52 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-18 17:11 . 2011-06-29 17:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-18 17:02 . 2011-07-08 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-06-17 05:28 . 2011-06-27 04:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-06-17 02:55 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-14 04:12 . 2011-06-14 04:12 11861 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2011-06-14 04:11 . 2011-06-14 04:12 -------- d-----w- c:\program files\D-Link AirPlus Xtreme G 2011-06-14 04:11 . 2003-12-19 21:06 351776 ----a-w- c:\windows\system32\drivers\ar52119x.sys 2011-06-14 04:11 . 2003-10-28 17:34 114688 ----a-w- c:\windows\system32\athcfg10.dll 2011-06-14 04:11 . 2003-06-01 03:10 651264 ----a-r- c:\windows\system32\libeay32.dll 2011-06-14 04:11 . 2003-06-01 03:10 450560 ----a-r- c:\windows\system32\AegisE5.dll 2011-06-14 04:11 . 2003-06-01 03:10 327680 ----a-r- c:\windows\system32\AegisE2.dll 2011-06-14 04:11 . 2003-06-01 03:10 147456 ----a-r- c:\windows\system32\ssleay32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-04 17:26 . 2011-05-27 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31 . 2004-06-07 22:19 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2003-03-31 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2008-06-15 02:10 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2003-03-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-14 21:01 . 2011-02-26 20:53 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 21:01 . 2011-02-26 20:53 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-04-14 21:01 . 2011-02-26 20:53 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 21:01 . 2011-02-26 20:53 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 21:01 . 2011-02-26 20:53 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 21:01 . 2011-02-26 20:53 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 21:01 . 2011-02-26 20:53 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 21:01 . 2011-02-26 20:53 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 21:01 . 2011-02-26 20:53 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 21:01 . 2011-02-26 20:53 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 21:01 . 2011-02-26 20:53 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-13 03:23 . 2010-11-18 16:29 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-04-14 21:01 . 2011-02-26 20:53 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2004-08-06 2502656] "Virtual Dimension"="c:\root\Virtual Dimension\VirtualDimension.exe" [2005-07-09 446976] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "SpybotSD TeaTimer"="c:\antispyware\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nForce Tray Options"="sstray.exe" [2003-08-13 73728] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "AtiPTA"="atiptaxx.exe" [2001-09-27 245760] "SMSERIAL"="sm56hlpr.exe" [2003-06-19 548864] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2005-08-07 974848] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-07-18 1028096] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688] "Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] . c:\documents and settings\topcat\Start Menu\Programs\Startup\ BHO Cop.lnk - c:\antispyware\BHOCop\BHOCop.exe [2004-11-18 212992] Dropbox.lnk - c:\documents and settings\topcat\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-3-28 1466384] D-Link AirPlus Xtreme G Configuration Utility.lnk - c:\program files\D-Link AirPlus Xtreme G\AirPlus.exe [2011-6-13 512077] D-Link REG Utility.lnk - c:\program files\D-Link AirPlus Xtreme G\Reg.exe [2011-6-13 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-8-20 184320] SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2004-8-20 598069] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "c:\\Documents and Settings\\topcat\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [8/25/2004 12:34 PM 17792] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [8/19/2004 3:57 PM 89749] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [8/19/2004 3:57 PM 9600] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/26/2011 1:53 PM 84200] R2 CVS;CVSNT;c:\root\cvsnt\cvsservice.exe [12/10/2003 5:22 PM 45056] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/6/2008 9:46 AM 88176] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 1:53 PM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 1:53 PM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/26/2011 1:53 PM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/26/2011 1:53 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/26/2011 1:53 PM 56064] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/26/2011 1:53 PM 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 1:53 PM 88736] S3 Boingo Wireless Engine;Boingo Wireless Engine;c:\program files\Boingo\Boingo Wireless Software\WENGINE2\BWEngine.exe [9/6/2006 5:42 PM 853576] S3 Boingo WMonitor;Boingo WMonitor;c:\program files\Boingo\Boingo Wireless Software\WENGINE2\WMonitor.exe [9/6/2006 5:42 PM 79432] S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\c:\windows\System32\BWNDIS5.SYS --> c:\windows\System32\BWNDIS5.SYS [?] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\tmp\everesthome220\kerneld.wnt --> c:\tmp\everesthome220\kerneld.wnt [?] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 1:53 PM 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/26/2011 1:53 PM 84488] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [8/20/2004 12:21 AM 166720] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-725345543-1003Core.job - c:\documents and settings\topcat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 03:39] . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-583907252-725345543-1003UA.job - c:\documents and settings\topcat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 03:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\topcat\Application Data\Mozilla\Firefox\Profiles\ptdtz2ej.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . BHO-{2F19EFE8-0C72-2C85-7BF0-5087ED84BFED} - c:\windows\System32\tnwjypmg.dll BHO-{8B1DB7BD-0023-058D-7B27-0AC2B95F1792} - c:\windows\System32\iav.dll BHO-{946C8458-6CCB-1163-9AD1-4681E8B55EB5} - c:\windows\System32\hrq.dll BHO-{996C8659-6CCA-1C64-9AA0-30819DB05EB3} - c:\windows\System32\hrq.dll HKCU-Run-System Stats - SystemStats.exe HKCU-Run-Yahoo Update - Yahoo.exe HKCU-Run-McAfee AntiVirus - McAffee.exe HKCU-Run-Tasu - c:\documents and settings\topcat\Application Data\nahh.exe HKLM-Run-System Stats - SystemStats.exe HKLM-Run-Yahoo Update - Yahoo.exe HKLM-Run-NWEReboot - (no file) HKU-Default-RunOnce-Win32 Configuration - mplayer.exe Notify-!SASWinLogon - (no file) Notify-WgaLogon - (no file) AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe AddRemove-Sun Download Manager v1.1 - c:\program files\SDM\Uninstal.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-07 21:33 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Virtual Dimension = c:\root\Virtual Dimension\VirtualDimension.exe????v?8?"??cE~????????$?"?p,??????????????????????`?"???A~??v???????????A~??????????????????"?s??|p?"???????v?????????????p,??`cE~??A~??A~???????????????????????????????????????|??????"???"???B~??v???????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\tmp\everesthome220\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4340) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\documents and settings\topcat\Application Data\Dropbox\bin\DropboxExt.14.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Common Files\Seagate\Schedule2\schedul2.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Apache Group\Apache\Apache.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Apache Group\Apache\Apache.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\root\cvsnt\cvslock.exe c:\windows\System32\inetsrv\inetinfo.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\System32\nvsvc32.exe c:\windows\System32\tcpsvcs.exe c:\windows\System32\snmp.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\system32\rundll32.exe c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\sstray.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Logitech\MouseWare\system\em_exec.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-07-07 21:41:57 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-08 04:41 . Pre-Run: 193,043,435,520 bytes free Post-Run: 192,031,391,744 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - ECB7554A0B175776EFE9C48661194799 . DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Run by topcat at 21:54:23 on 2011-07-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.640 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\antisp~1\spybot~1\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110515172840.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet uRun: [Virtual Dimension] c:\root\virtual dimension\VirtualDimension.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [spybotSD TeaTimer] c:\antispyware\spybot - search & destroy\TeaTimer.exe mRun: [nForce Tray Options] sstray.exe /r mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe mRun: [AtiPTA] atiptaxx.exe mRun: [sMSERIAL] sm56hlpr.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe" mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [inCD] c:\program files\nero\nero 7\incd\InCD.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\bhocop~1.lnk - c:\antispyware\bhocop\BHOCop.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\topcat\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\topcat\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus xtreme g\AirPlus.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~2.lnk - c:\program files\d-link airplus xtreme g\Reg.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\antisp~1\spybot~1\SDHelper.dll Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2D815017-A52E-4748-89BF-0A1D8E792B65} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{60673716-6D42-46D2-829A-36A16785A3C9} : DhcpNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\ FF - component: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\topcat\application data\mozilla\firefox\profiles\ptdtz2ej.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\documents and settings\topcat\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 387480] R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2004-8-25 17792] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-19 89749] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-8-19 9600] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-26 84200] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-26 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-26 141792] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-26 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88736] S2 CVS;CVSNT;c:\root\cvsnt\cvsservice.exe [2003-12-10 45056] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-6 88176] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 271480] S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-26 171168] S3 Boingo Wireless Engine;Boingo Wireless Engine;c:\program files\boingo\boingo wireless software\wengine2\BWEngine.exe [2006-9-6 853576] S3 Boingo WMonitor;Boingo WMonitor;c:\program files\boingo\boingo wireless software\wengine2\WMonitor.exe [2006-9-6 79432] S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\bwndis5.sys --> c:\windows\system32\BWNDIS5.SYS [?] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-26 56064] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\tmp\everesthome220\kerneld.wnt --> c:\tmp\everesthome220\kerneld.wnt [?] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 153280] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 52320] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-26 84488] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2004-8-20 166720] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-3-28 189792] . =============== Created Last 30 ================ . 2011-07-08 04:14:34 -------- d-sha-r- C:\cmdcons 2011-07-08 04:04:42 98816 ----a-w- c:\windows\sed.exe 2011-07-08 04:04:42 518144 ----a-w- c:\windows\SWREG.exe 2011-07-08 04:04:42 256000 ----a-w- c:\windows\PEV.exe 2011-07-08 04:04:42 208896 ----a-w- c:\windows\MBR.exe 2011-07-02 17:58:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-06-22 02:10:37 -------- d-----w- c:\documents and settings\topcat\application data\Malwarebytes 2011-06-22 01:52:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-22 01:52:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-06-22 01:52:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-18 17:11:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-17 02:55:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-14 04:12:07 11861 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2011-06-14 04:11:58 -------- d-----w- c:\program files\D-Link AirPlus Xtreme G 2011-06-14 04:11:43 351776 ----a-w- c:\windows\system32\drivers\ar52119x.sys 2011-06-14 04:11:42 114688 ----a-w- c:\windows\system32\athcfg10.dll 2011-06-14 04:11:41 651264 ----a-r- c:\windows\system32\libeay32.dll 2011-06-14 04:11:41 450560 ----a-r- c:\windows\system32\AegisE5.dll 2011-06-14 04:11:41 327680 ----a-r- c:\windows\system32\AegisE2.dll 2011-06-14 04:11:41 147456 ----a-r- c:\windows\system32\ssleay32.dll . ==================== Find3M ==================== . 2011-07-04 17:26:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-04-13 03:23:39 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . ============= FINISH: 21:55:32.68 ===============