ComboFix 09-12-28.06 - Eric 12/29/2009 10:43:10.2.2 - x86
Microsoft
Windows Vista
Home Basic 6.0.6001.1.1252.1.1033.18.2012.1162 [GMT -8:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
Command switches used :: c:\users\Eric\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\ehohhje.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ehohhje.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kysedsifo
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.
2009-12-29 18:46 . 2009-12-29 18:47 -------- d-----w- c:\users\Eric\AppData\Local\temp
2009-12-29 18:46 . 2009-12-29 18:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-29 18:46 . 2009-12-29 18:46 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2009-12-28 19:27 . 2009-12-28 19:27 -------- d-----w- c:\program files\Trend Micro
2009-12-28 19:09 . 2009-12-28 19:09 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 19:08 . 2009-12-28 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 19:08 . 2009-12-28 19:08 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 19:08 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 02:39 . 2009-12-17 02:39 2157 ----a-w- c:\users\Eric\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-14 02:32 . 2009-12-14 06:49 -------- d-----w- c:\users\Eric\AppData\Roaming\mIRC
2009-12-14 02:32 . 2009-12-14 02:32 -------- d-----w- c:\program files\mIRC
2009-12-08 11:24 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-08 11:06 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-12-08 11:06 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-12-08 11:06 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-12-08 11:06 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-12-08 11:06 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-12-08 11:06 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-12-08 11:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-12-08 11:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-12-08 11:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-12-08 11:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-12-08 11:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-12-08 03:50 . 2009-12-08 03:50 -------- d-----w- c:\program files\Ventrilo
2009-12-08 03:49 . 2009-12-08 03:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-07 17:11 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-07 17:11 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-12-07 17:11 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-12-07 16:49 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-12-07 16:49 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-07 16:49 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-07 16:49 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-07 16:49 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-12-07 16:49 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-12-07 16:49 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-12-07 16:49 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-12-07 16:49 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-12-07 16:49 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-12-07 16:49 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-12-07 16:49 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-12-07 16:47 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-12-07 16:47 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-12-07 16:47 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 16:47 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:46 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-07 16:46 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-07 16:46 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-07 16:46 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-07 16:46 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-07 16:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-12-07 16:46 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-12-07 16:46 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-12-07 16:44 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-12-07 16:43 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-12-07 16:42 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-12-07 16:42 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-12-07 16:42 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-12-07 16:42 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-07 16:42 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-12-07 16:42 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-12-07 16:42 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-12-07 16:42 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-12-06 22:05 . 2009-12-06 22:05 78440 ----a-w- c:\users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 21:51 . 2009-12-10 00:33 -------- d-----w- c:\windows\Debug
2009-12-06 21:37 . 2009-12-06 21:37 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-06 21:33 . 2009-12-06 21:33 -------- d-----w- c:\users\Default\video
2009-12-06 21:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-06 21:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-06 21:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-06 21:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-06 21:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-06 21:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-06 21:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-06 21:23 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-06 21:23 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-06 21:21 . 2009-12-06 21:21 -------- d-----w- c:\windows\system32\RTCOM
2009-12-06 21:12 . 2008-08-19 06:19 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-12-06 21:11 . 2009-12-06 21:11 -------- d-----w- c:\windows\system32\OEM
2009-12-06 21:05 . 2009-12-06 21:05 -------- d-----w- C:\$WINDOWS.~Q
2009-12-06 21:03 . 2009-12-06 21:03 -------- d-----w- C:\$INPLACE.~TR
2009-12-06 20:41 . 2009-12-06 20:41 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2009-12-02 16:21 . 2009-12-03 07:52 65536 ----a-w- c:\windows\IFinst27.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 18:48 . 2009-03-15 05:46 -------- d-----w- c:\program files\Steam
2009-12-29 18:42 . 2009-03-06 02:25 -------- d-----w- c:\users\Eric\AppData\Roaming\.purple
2009-12-29 17:10 . 2009-12-29 17:10 4096 ----a-w- c:\windows\system32\05EC2.tmp
2009-12-29 16:47 . 2009-10-19 03:59 -------- d-----w- c:\users\Eric\AppData\Roaming\vlc
2009-12-28 19:15 . 2009-12-28 19:15 4096 ----a-w- c:\windows\system32\05B1B.tmp
2009-12-28 19:04 . 2009-12-28 19:04 4096 ----a-w- c:\windows\system32\05B0A.tmp
2009-12-28 17:16 . 2009-12-28 17:16 4096 ----a-w- c:\windows\system32\05994.tmp
2009-12-28 17:00 . 2009-12-28 17:00 4096 ----a-w- c:\windows\system32\07898.tmp
2009-12-28 16:51 . 2009-12-28 16:51 4096 ----a-w- c:\windows\system32\07ABA.tmp
2009-12-28 05:34 . 2009-12-28 05:34 4096 ----a-w- c:\windows\system32\09CBB.tmp
2009-12-21 00:00 . 2009-12-21 00:00 4096 ----a-w- c:\windows\system32\09C2F.tmp
2009-12-18 21:55 . 2009-10-25 20:28 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-17 16:48 . 2009-12-17 16:48 4096 ----a-w- c:\windows\system32\0A13D.tmp
2009-12-15 05:55 . 2009-12-15 05:55 4096 ----a-w- c:\windows\system32\09F4A.tmp
2009-12-14 08:43 . 2009-03-16 03:27 -------- d-----w- c:\users\Eric\AppData\Roaming\Ventrilo
2009-12-11 06:36 . 2009-12-11 06:36 4096 ----a-w- c:\windows\system32\099CE.tmp
2009-12-09 08:26 . 2009-12-09 08:26 4096 ----a-w- c:\windows\system32\06A6D.tmp
2009-12-08 11:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 11:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-06 21:32 . 2009-11-09 16:39 -------- d-----w- c:\users\Eric\AppData\Roaming\NeopleLauncherDFO
2009-12-06 21:32 . 2009-09-22 04:03 -------- d-----w- c:\users\Eric\AppData\Roaming\TuneUpMedia
2009-12-06 21:32 . 2009-10-08 02:44 -------- d-----w- c:\users\Eric\AppData\Roaming\Media Player Classic
2009-12-06 21:32 . 2009-11-24 07:32 -------- d-----w- c:\users\Eric\AppData\Roaming\deluge
2009-12-06 21:32 . 2009-11-12 07:05 -------- d-----w- c:\users\Eric\AppData\Roaming\dvdcss
2009-12-06 21:32 . 2009-03-06 02:26 -------- d-----w- c:\users\Eric\AppData\Roaming\gtk-2.0
2009-12-06 21:32 . 2009-08-25 03:07 -------- d-----w- c:\users\Eric\AppData\Roaming\Azureus
2009-12-06 21:32 . 2009-08-22 07:34 -------- d-----w- c:\users\Eric\AppData\Roaming\CyberLink
2009-12-06 21:32 . 2009-08-20 04:18 -------- d-----w- c:\users\Eric\AppData\Roaming\Apple Computer
2009-12-06 21:27 . 2009-09-22 04:03 -------- d-----w- c:\programdata\TuneUpMedia
2009-12-06 21:27 . 2009-08-20 04:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-12-06 21:27 . 2009-11-09 16:09 -------- d-----w- c:\programdata\NexonUS
2009-12-06 21:27 . 2009-11-09 08:11 -------- d-----w- c:\programdata\PMB Files
2009-12-06 21:27 . 2009-02-19 17:01 -------- d-----w- c:\programdata\SupportSoft
2009-12-06 21:27 . 2009-02-19 17:00 -------- d-----w- c:\programdata\Sonic
2009-12-06 21:25 . 2009-11-09 08:09 -------- d-----w- c:\program files\Pando Networks
2009-12-06 21:24 . 2009-10-20 05:05 -------- d-----w- c:\program files\EZGet
2009-12-06 02:29 . 2009-12-06 02:29 4096 ----a-w- c:\windows\system32\0FC86.tmp
2009-12-05 01:50 . 2009-12-05 01:50 4096 ----a-w- c:\windows\system32\0CA80.tmp
2009-12-02 02:37 . 2009-12-02 02:37 4096 ----a-w- c:\windows\system32\08E0C.tmp
2009-11-30 18:45 . 2009-11-30 18:45 4096 ----a-w- c:\windows\system32\09EDD.tmp
2009-11-30 16:17 . 2009-11-30 16:17 4096 ----a-w- c:\windows\system32\0AB2C.tmp
2009-11-30 16:14 . 2009-11-30 16:14 4096 ----a-w- c:\windows\system32\087AB.tmp
2009-11-30 07:20 . 2009-11-30 07:20 4096 ----a-w- c:\windows\system32\09D19.tmp
2009-11-30 04:16 . 2009-11-30 04:16 4096 ----a-w- c:\windows\system32\06AA9.tmp
2009-11-29 03:22 . 2009-11-29 03:22 4096 ----a-w- c:\windows\system32\0778F.tmp
2009-11-29 02:25 . 2009-11-29 02:25 4096 ----a-w- c:\windows\system32\0C122.tmp
2009-11-28 01:30 . 2009-11-28 01:30 4096 ----a-w- c:\windows\system32\07DE5.tmp
2009-11-26 06:10 . 2009-11-26 06:10 4096 ----a-w- c:\windows\system32\08EC7.tmp
2009-11-24 07:24 . 2009-11-24 07:24 4096 ----a-w- c:\windows\system32\0A266.tmp
2009-11-23 01:04 . 2009-11-23 01:04 4096 ----a-w- c:\windows\system32\0CF3F.tmp
2009-11-21 04:56 . 2009-11-21 04:56 4096 ----a-w- c:\windows\system32\0821A.tmp
2009-11-20 19:14 . 2009-11-20 19:14 4096 ----a-w- c:\windows\system32\0F085.tmp
2009-11-20 01:31 . 2009-11-20 01:31 4096 ----a-w- c:\windows\system32\0B309.tmp
2009-11-19 22:19 . 2009-11-19 22:19 4096 ----a-w- c:\windows\system32\022EA.tmp
2009-11-19 03:57 . 2009-11-19 03:57 4096 ----a-w- c:\windows\system32\0BB34.tmp
2009-11-18 01:46 . 2009-11-18 01:46 4096 ----a-w- c:\windows\system32\097FA.tmp
2009-11-17 03:08 . 2009-11-17 03:08 4096 ----a-w- c:\windows\system32\09CAB.tmp
2009-11-16 03:30 . 2009-11-16 03:30 4096 ----a-w- c:\windows\system32\08F82.tmp
2009-11-14 04:44 . 2009-11-14 04:44 4096 ----a-w- c:\windows\system32\05B1A.tmp
2009-11-13 04:14 . 2009-11-13 04:14 4096 ----a-w- c:\windows\system32\07CDD.tmp
2009-11-09 16:09 . 2009-11-09 16:09 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-11-09 16:09 . 2009-11-09 16:09 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-11-09 16:09 . 2009-11-09 16:09 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-11-09 16:09 . 2009-11-09 16:09 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-11-09 16:09 . 2009-11-09 16:09 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-11-09 16:09 . 2009-11-09 16:09 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-11-03 04:42 . 2009-10-03 17:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 13:41 . 2009-09-22 04:00 174 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\restart.bat
2009-10-02 00:25 . 2009-10-02 00:25 10686001 ----a-w- c:\users\Eric\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-02-19 18:32 . 2009-02-19 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-12-29_17.16.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-12-06 21:22 . 2009-12-29 17:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 21:22 . 2009-12-29 18:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-06 21:22 . 2009-12-29 17:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-06 21:22 . 2009-12-29 18:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-06 21:22 . 2009-12-29 17:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 21:22 . 2009-12-29 18:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-19 03:32 . 2009-12-29 18:46 2594 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-12-29 18:47 . 2009-12-29 18:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-29 17:09 . 2009-12-29 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-09 2923192]
"Steam"="c:\program files\steam\steam.exe" [2009-10-25 1217808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/6/2009 1:12 PM 81920]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/24/2009 7:07 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/24/2009 7:07 PM 234888]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [2/19/2009 8:58 AM 27648]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 5:21 PM 46824]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/6/2009 1:13 PM 112128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\xcqc4kti.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Eric\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 10:48
Windows 6.0.6001 Service Pack 1 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-29 10:50:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-29 18:50
ComboFix2.txt 2009-12-29 17:17
Pre-Run: 106,703,138,816 bytes free
Post-Run: 106,328,350,720 bytes free
- - End Of File - - 2FC3C8C75FC3C7CFA112E175A443D149