ComboFix 10-07-24.03 - Joe 07/25/2010 14:46:32.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.765 [GMT -5:00]
Running from: c:\documents and settings\Joe\My Documents\commy.exe
AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Joe\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Joe\Application Data\Google\T-Scan
c:\documents and settings\Joe\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Joe\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Joe\Application Data\Google\T-Scan\y.gif
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{3998DB3E-0DAF-4255-A3CE-433E07453DCB}\setup.msi
c:\program files\screensavers.com
c:\program files\screensavers.com\Wallpaper\Lowrider Euro - Topless.jpg
c:\windows\java.exe
c:\windows\MailSwitch.ocx
c:\windows\patch.exe
c:\windows\tempf.txt
.
MBR is infected with the Whistler Bootkit !!
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.
2010-07-22 01:33 . 2010-07-22 03:47 -------- d-----w- c:\documents and settings\Joe\Application Data\FixCleaner
2010-07-18 20:49 . 2010-07-18 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-12 22:43 . 2010-07-12 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 19:44 . 2010-07-09 22:47 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 01:35 . 2010-07-22 01:23 -------- d-----w- c:\program files\FixCleaner
2010-07-18 20:49 . 2010-07-18 20:49 -------- d-----w- c:\program files\Alwil Software
2010-07-16 06:28 . 2006-05-13 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-14 16:08 . 2006-05-13 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-13 23:43 . 2010-02-08 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-12 18:31 . 2010-07-12 18:31 -------- d-----w- c:\program files\ThreatFire
2010-07-12 18:31 . 2010-02-09 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-28 20:57 . 2010-07-18 20:52 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-18 20:52 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:39 . 2010-07-18 21:02 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-28 20:39 . 2010-07-18 21:02 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:38 . 2010-07-18 20:59 188168 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-06-28 20:37 . 2010-07-18 20:59 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-18 21:02 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-18 20:59 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-18 20:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-18 20:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-18 21:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-18 20:59 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 20:10 . 2010-07-18 20:53 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-06-25 21:45 . 2008-05-30 03:31 256 ----a-w- c:\windows\system32\pool.bin
2010-06-25 21:45 . 2003-03-06 05:40 36648 -c--a-w- c:\documents and settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 21:45 . 2008-04-23 02:02 -------- d-----w- c:\documents and settings\Joe\Application Data\Research In Motion
2010-06-24 02:14 . 2010-06-24 02:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2010-06-24 02:14 . 2010-06-24 02:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2010-06-24 02:10 . 2010-06-24 02:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-06-24 01:43 . 2010-06-24 01:35 -------- d-----w- c:\program files\Zune
2010-06-24 01:40 . 2010-06-24 01:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-06-24 01:40 . 2010-06-24 01:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-09 18:36 . 2010-06-09 18:36 -------- d-----w- c:\documents and settings\Joe\Application Data\InstallShield
2010-06-09 18:34 . 2008-05-30 03:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-09 18:28 . 2010-06-09 18:23 -------- d-----w- c:\program files\Roxio
2010-06-09 18:24 . 2008-05-30 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-06-09 18:23 . 2010-06-09 18:23 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-09 17:53 . 2009-11-12 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-06-09 17:53 . 2008-05-30 02:51 -------- d-----w- c:\program files\Research In Motion
2010-06-09 17:39 . 2008-04-23 02:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-04 17:20 . 2006-06-23 17:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2001-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2001-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2003-01-03 14:10 . 2003-01-03 14:10 23357 -c-ha-w- c:\program files\folder.htt
2001-08-18 12:00 . 2001-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2001-08-18 12:00 50688 --sh--w- c:\windows\twain_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"FixCleaner"="c:\program files\FixCleaner\FixCleaner.exe" [2010-06-09 47002968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"QveCtl2Tray"="c:\program files\Philips\PSA2\skin\QveCplSk.EXE" [2002-08-17 901120]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"EPSON Stylus Photo R200 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"EPSON Stylus Photo R200 Series (Copy 2)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-5 108544]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force 2\\Update.exe"=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 PortlUSB;PortlUSB; [x]
R3 zsi_fmw;Stiletto Firmware Recovery;c:\windows\system32\Drivers\zsi_fmw.sys [2007-07-16 34176]
R3 zsi_zap;Stiletto ZAP Recovery Driver;c:\windows\system32\Drivers\zsi_zap.sys [2007-07-16 16896]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-06-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-06-28 119200]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [2002-08-27 365460]
S3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\DRIVERS\QsndEnum.sys [2002-07-18 9600]
S3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [2002-08-21 562560]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
.
Contents of the 'Scheduled Tasks' folder
2010-07-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2010-07-25 c:\windows\Tasks\FixCleaner Scan.job
- c:\program files\FixCleaner\FixCleaner.exe [2010-06-09 12:10]
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-06 18:22]
2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-06 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = wmplayer.exe
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\0yr0b6od.default\
FF - component: c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\0yr0b6od.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\0yr0b6od.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{b23fc8df-1197-495f-b4e7-b6922bbe66bd} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-mferkdk
SafeBoot-mferkdk.sys
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-25 15:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-1767777339-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\program files\ThreatFire\TFWAH.dll
- - - - - - - > 'lsass.exe'(1064)
c:\program files\ThreatFire\TFWAH.dll
- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\pctspk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2010-07-25 16:17:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-25 21:15
Pre-Run: 3,589,636,096 bytes free
Post-Run: 2,939,857,408 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - FF2A1EB76B477D9B8DCED271FE24D722