ComboFix 10-06-05.03 - Erica 06/07/2010 15:41:13.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.284 [GMT -7:00]
Running from: c:documents and settingsEricaDesktopcommy.exe.exe
Command switches used :: c:documents and settingsEricaDesktopCFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.
2010-06-06 18:53 . 2010-06-06 18:54 -------- d-----w- C:commy.exe
2010-06-06 03:34 . 2010-06-06 03:34 -------- d-----w- c:documents and settingsEricaApplication DataMalwarebytes
2010-06-06 03:34 . 2010-04-29 22:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-06-06 03:34 . 2010-06-06 03:34 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-06-06 03:34 . 2010-06-06 03:34 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-06-06 03:34 . 2010-04-29 22:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-06-04 02:32 . 2010-06-04 02:32 -------- d-sh--w- c:documents and settingsLocalServiceIETldCache
2010-06-03 03:41 . 2010-06-03 03:49 -------- d-----w- c:program filesTeaTimer (Spybot - Search & Destroy)
2010-06-03 03:41 . 2010-06-03 03:49 -------- d-----w- c:program filesSDHelper (Spybot - Search & Destroy)
2010-06-03 03:41 . 2010-06-03 03:41 -------- d-----w- c:program filesMisc. Support Library (Spybot - Search & Destroy)
2010-06-03 03:41 . 2010-06-03 03:41 -------- d-----w- c:program filesFile Scanner Library (Spybot - Search & Destroy)
2010-06-03 03:04 . 2010-06-03 03:04 -------- d-----w- c:program filesiLike
2010-06-02 15:36 . 2010-06-02 15:36 -------- d-sh--w- c:documents and settingsNetworkServiceIETldCache
2010-05-10 17:21 . 2010-05-10 17:21 -------- d-----w- c:windowssystem32BWKDLogs
2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:documents and settingsEricaLocal SettingsApplication DataKodakGallery
2010-05-10 17:05 . 2010-05-10 17:05 -------- d-----w- c:program filesCommon FilesKodak
2010-05-10 16:58 . 2010-05-15 22:13 -------- d-----w- c:documents and settingsAll UsersApplication DataKodak
2010-05-10 16:06 . 2010-05-10 16:06 -------- d-----w- c:documents and settingsAll UsersApplication DataFileCure
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 19:13 . 2007-03-05 01:07 -------- d-----w- c:documents and settingsEricaApplication DataSiteAdvisor
2010-06-06 05:20 . 2007-06-14 18:31 20 ---h--w- c:documents and settingsAll UsersApplication DataPKP_DLds.DAT
2010-06-06 05:20 . 2007-06-14 18:36 20 ---h--w- c:documents and settingsAll UsersApplication DataPKP_DLec.DAT
2010-06-06 01:44 . 2007-03-08 20:54 -------- d-----w- c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2010-06-05 20:52 . 2007-03-08 20:54 -------- d-----w- c:program filesSpybot - Search & Destroy
2010-06-05 04:48 . 2007-12-29 18:45 -------- d-----w- c:documents and settingsEricaApplication DataApple Computer
2010-06-03 03:04 . 2009-12-24 16:43 -------- d-----w- c:program filesiTunes
2010-05-01 04:59 . 2009-05-04 16:33 -------- d-----w- c:program filesCitrix
2010-04-28 00:16 . 2010-03-15 23:36 9344 ----a-w- c:windowssystem32driversmfeclnk.sys
2010-04-28 00:16 . 2010-03-15 23:36 95568 ----a-w- c:windowssystem32driversmfeapfk.sys
2010-04-28 00:16 . 2010-03-15 23:36 88480 ----a-w- c:windowssystem32driversmfendisk.sys
2010-04-28 00:16 . 2010-03-15 23:36 83496 ----a-w- c:windowssystem32driversmferkdet.sys
2010-04-28 00:16 . 2010-03-15 23:36 82952 ----a-w- c:windowssystem32driversmfetdi2k.sys
2010-04-28 00:16 . 2010-03-15 23:36 55456 ----a-w- c:windowssystem32driverscfwids.sys
2010-04-28 00:16 . 2010-03-15 23:36 385880 ----a-w- c:windowssystem32driversmfehidk.sys
2010-04-28 00:16 . 2010-03-15 23:36 312616 ----a-w- c:windowssystem32driversmfefirek.sys
2010-04-28 00:16 . 2007-03-05 01:05 51688 ----a-w- c:windowssystem32driversmfebopk.sys
2010-04-28 00:16 . 2007-03-05 01:05 152320 ----a-w- c:windowssystem32driversmfeavfk.sys
2010-04-19 13:11 . 2010-04-19 13:11 -------- d-----w- c:documents and settingsTimApplication DataApple Computer
2010-04-18 13:50 . 2007-06-02 23:15 -------- d-----w- c:documents and settingsEricaApplication DataYahoo!
2010-04-18 13:50 . 2007-05-04 06:24 -------- d-----w- c:documents and settingsAll UsersApplication DataYahoo!
2010-04-14 22:59 . 2010-04-14 22:53 -------- d-----w- c:documents and settingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-14 22:55 . 2010-04-14 22:55 -------- d-----w- c:program filesiPod
2010-04-14 22:55 . 2010-02-05 04:59 -------- d-----w- c:program filesCommon FilesApple
2010-04-14 22:43 . 2004-04-17 18:43 -------- d-----w- c:program filesQuickTime
2010-04-14 22:32 . 2010-04-14 22:32 -------- d-----w- c:program filesBonjour
2010-04-14 22:30 . 2010-04-14 22:30 73000 ----a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 9.1.0.79SetupAdmin.exe
2010-04-14 22:28 . 2010-04-14 22:28 -------- d-----w- c:program filesSafari
2010-04-14 22:25 . 2010-04-14 22:25 79144 ----a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.31.22.7SetupAdmin.exe
2010-03-10 06:15 . 2002-08-29 10:00 420352 ----a-w- c:windowssystem32vbscript.dll
2010-03-10 03:37 . 2010-01-21 01:30 50354 ----a-w- c:documents and settingsEricaApplication DataFacebookuninstall.exe
2006-07-21 12:31 . 2006-07-21 12:31 141728 ----a-w- c:program filesMC
2010-04-28 00:16 . 2010-03-15 23:36 24376 ----a-w- c:program filesmozilla firefoxcomponentsScriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"DellSupport"="c:program filesDellSupportDSAgnt.exe" [2007-03-15 460784]
"ShutterflyStudio"="c:program filesShutterflyStudioBINSFlyStudio.exe" [2008-05-07 2500096]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowsSystem32NvCpl.dll" [2003-11-03 4800512]
"IntelMeM"="c:program filesIntelModem Event MonitorIntelMEM.exe" [2003-09-04 221184]
"dla"="c:windowssystem32dlatfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:windowsSystem32DSentry.exe" [2003-08-13 28672]
"diagent"="c:program filesCreativeSBLiveDiagnosticsdiagent.exe" [2002-04-03 135264]
"UpdReg"="c:windowsUpdReg.EXE" [2000-05-11 90112]
"Dell AIO Printer A960"="c:program filesDell AIO Printer A960dlbfbmgr.exe" [2003-09-21 270336]
"DVDLauncher"="c:program filesCyberLinkPowerDVDDVDLauncher.exe" [2004-07-14 53248]
"PCMService"="c:program filesDellMedia ExperiencePCMService.exe" [2004-07-16 290816]
"UpdateManager"="c:program filesCommon FilesSonicUpdate Managersgtray.exe" [2003-08-19 110592]
"dscactivate"="c:program filesDell Support Centergs_agentcustomdsca.exe" [2007-11-15 16384]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2009-01-18 185896]
"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2010-04-02 1180976]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe" [2010-02-18 177472]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-03-26 142120]
"rrsjeixo"="c:documents and settingsEricaLocal SettingsApplication Datawqokhwwmkdcbechitssd.exe" [BU]
c:documents and settingsTimStart MenuProgramsStartup
PowerReg Scheduler V3.exe [2004-12-30 225280]
c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2008-4-23 29696]
NkbMonitor.exe.lnk - c:documents and settingsEricaMy DocumentsNkbMonitor.exe [2007-6-16 118784]
ymetray.lnk - c:program filesYahoo!Yahoo! Music Jukeboxymetray.exe [2008-2-5 54512]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=""
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\SYSTEM32\LEXPPS.EXE"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\WINDOWS\SYSTEM32\java.exe"=
"c:\Program Files\Real\RealPlayer\realplay.exe"=
"c:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"=
"c:\Program Files\Yahoo!\UPnP\yupnpsrv.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Rhapsody\rhapsody.exe"=
"c:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:windowsSYSTEM32DRIVERSmfetdi2k.sys [3/15/2010 4:36 PM 82952]
R2 Application Updater;Application Updater;c:program filesApplication UpdaterApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 McMPFSvc;McAfee Personal Firewall;"c:program filesCommon FilesMcafeeMcSvcHostMcSvHost.exe" /McCoreSvc [3/15/2010 4:35 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe" /McCoreSvc [3/15/2010 4:35 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [3/15/2010 4:36 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:program filesCommon FilesMcAfeeSystemCoremfevtps.exe [3/15/2010 4:36 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:windowsSYSTEM32DRIVERScfwids.sys [3/15/2010 4:36 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:windowsSYSTEM32DRIVERSmfefirek.sys [3/15/2010 4:36 PM 312616]
R3 mfendiskmp;mfendiskmp;c:windowsSYSTEM32DRIVERSmfendisk.sys [3/15/2010 4:36 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:windowsSYSTEM32DRIVERSmfendisk.sys [3/15/2010 4:36 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:windowsSYSTEM32DRIVERSmferkdet.sys [3/15/2010 4:36 PM 83496]
S3 NUVision;NUVision II Video Service;c:windowsSYSTEM32DRIVERSnuvvid2.sys [10/10/2004 1:01 PM 153760]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://yahoo.com/FF - ProfilePath - c:documents and settingsEricaApplication DataMozillaFirefoxProfilesjv7t3avb.default
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/?.home=ytffFF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=135963&p=FF - plugin: c:documents and settingsEricaApplication DataFacebooknpfbplugin_1_0_0.dll
FF - plugin: c:documents and settingsEricaApplication DataFacebooknpfbplugin_1_0_1.dll
FF - plugin: c:documents and settingsEricaApplication DataFacebooknpfbplugin_1_0_3.dll
FF - plugin: c:program filesJavaj2re1.4.2binNPJPI142.dll
FF - plugin: c:program filesMozilla FirefoxpluginsNPUploader.dll
FF - plugin: c:program filesViewpointViewpoint Experience TechnologynpViewpoint.dll
FF - plugin: c:program filesVirtools3D Life Playernpvirtools.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-07 15:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
ShutterflyStudio = c:program filesShutterflyStudioBINSFlyStudio.exe /trayonly?: /RegServer????????????/keyword????????????MMURIConstraint?!????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????!??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1052)
c:windowssystem32WININET.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2010-06-07 16:03:43
ComboFix-quarantined-files.txt 2010-06-07 23:03
ComboFix2.txt 2010-06-07 02:39
ComboFix3.txt 2010-06-06 20:15
Pre-Run: 3,771,342,848 bytes free
Post-Run: 3,731,988,480 bytes free
- - End Of File - - 3989FA739139C06939F3E58F04D1DFF7