Log...
ComboFix 12-10-10.02 - Jonathan 10/10/2012 14:33:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4346 [GMT -5:00]
Running from: c:\users\Jonathan\Downloads\ComboFix.exe
Command switches used :: c:\users\Jonathan\Documents\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FrostWire
c:\program files (x86)\FrostWire\App\AppInfo\appicon.ico
c:\program files (x86)\FrostWire\App\AppInfo\appinfo.ini
c:\program files (x86)\FrostWire\App\DefaultData\FrostWire\frostwire.props
c:\program files (x86)\FrostWire\App\DefaultData\FrostWire\installation.props
c:\program files (x86)\FrostWire\App\DefaultData\settings\FrostWirePortableSettings.ini
c:\program files (x86)\FrostWire\App\frostwire\aopalliance.jar
c:\program files (x86)\FrostWire\App\frostwire\clink.jar
c:\program files (x86)\FrostWire\App\frostwire\commons-codec-1.3.jar
c:\program files (x86)\FrostWire\App\frostwire\commons-logging.jar
c:\program files (x86)\FrostWire\App\frostwire\daap.jar
c:\program files (x86)\FrostWire\App\frostwire\EULA.txt
c:\program files (x86)\FrostWire\App\frostwire\forms.jar
c:\program files (x86)\FrostWire\App\frostwire\foxtrot.jar
c:\program files (x86)\FrostWire\App\frostwire\FrostWire.exe
c:\program files (x86)\FrostWire\App\frostwire\FrostWire.ico
c:\program files (x86)\FrostWire\App\frostwire\FrostWire.jar
c:\program files (x86)\FrostWire\App\frostwire\gettext-commons.jar
c:\program files (x86)\FrostWire\App\frostwire\GPL2.txt
c:\program files (x86)\FrostWire\App\frostwire\GPL3.txt
c:\program files (x86)\FrostWire\App\frostwire\gson-1.4.jar
c:\program files (x86)\FrostWire\App\frostwire\guice-1.0.jar
c:\program files (x86)\FrostWire\App\frostwire\hashes
c:\program files (x86)\FrostWire\App\frostwire\httpclient-4.0-alpha3.jar
c:\program files (x86)\FrostWire\App\frostwire\httpclient-4.0.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-4.0-beta2.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-4.0.1.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-nio-4.0-beta2.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-nio-4.0.1.jar
c:\program files (x86)\FrostWire\App\frostwire\httpcore-niossl-4.0-alpha7.jar
c:\program files (x86)\FrostWire\App\frostwire\icu4j.jar
c:\program files (x86)\FrostWire\App\frostwire\inspection.props
c:\program files (x86)\FrostWire\App\frostwire\jaudiotagger.jar
c:\program files (x86)\FrostWire\App\frostwire\jcip-annotations.jar
c:\program files (x86)\FrostWire\App\frostwire\jcraft.jar
c:\program files (x86)\FrostWire\App\frostwire\jdic.dll
c:\program files (x86)\FrostWire\App\frostwire\jdic.jar
c:\program files (x86)\FrostWire\App\frostwire\jdic_stub.jar
c:\program files (x86)\FrostWire\App\frostwire\jflac.jar
c:\program files (x86)\FrostWire\App\frostwire\jl.jar
c:\program files (x86)\FrostWire\App\frostwire\jmdns.jar
c:\program files (x86)\FrostWire\App\frostwire\jogg.jar
c:\program files (x86)\FrostWire\App\frostwire\jorbis.jar
c:\program files (x86)\FrostWire\App\frostwire\jython.jar
c:\program files (x86)\FrostWire\App\frostwire\launch.properties
c:\program files (x86)\FrostWire\App\frostwire\log.txt
c:\program files (x86)\FrostWire\App\frostwire\log4j.jar
c:\program files (x86)\FrostWire\App\frostwire\log4j.properties
c:\program files (x86)\FrostWire\App\frostwire\looks.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-all.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-azureus.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-collection.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-common.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-http.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-io.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-mojito.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-net.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-nio.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-resources.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-rudp.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-security.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-setting.jar
c:\program files (x86)\FrostWire\App\frostwire\lw-statistic.jar
c:\program files (x86)\FrostWire\App\frostwire\messages.jar
c:\program files (x86)\FrostWire\App\frostwire\mp3spi.jar
c:\program files (x86)\FrostWire\App\frostwire\onion-common.jar
c:\program files (x86)\FrostWire\App\frostwire\onion-fec.jar
c:\program files (x86)\FrostWire\App\frostwire\pmf.ico
c:\program files (x86)\FrostWire\App\frostwire\ProgressTabs.jar
c:\program files (x86)\FrostWire\App\frostwire\seenMessages.dat
c:\program files (x86)\FrostWire\App\frostwire\splash.jar
c:\program files (x86)\FrostWire\App\frostwire\SystemUtilities.dll
c:\program files (x86)\FrostWire\App\frostwire\SystemUtilitiesA.dll
c:\program files (x86)\FrostWire\App\frostwire\themes.jar
c:\program files (x86)\FrostWire\App\frostwire\tray.dll
c:\program files (x86)\FrostWire\App\frostwire\tritonus.jar
c:\program files (x86)\FrostWire\App\frostwire\Uninstall.exe
c:\program files (x86)\FrostWire\App\frostwire\vorbisspi.jar
c:\program files (x86)\FrostWire\App\readme.txt
c:\program files (x86)\FrostWire\Data\settings\FrostWire\frostwire.props
c:\program files (x86)\FrostWire\Data\settings\FrostWire\installation.props
c:\program files (x86)\FrostWire\Data\settings\FrostWire\library.dat
c:\program files (x86)\FrostWire\Data\settings\FrostWire\mojito.props
c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme.fwtp
c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme\theme.txt
c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme\version.txt
c:\program files (x86)\FrostWire\Data\settings\FrostWirePortableSettings.ini
c:\program files (x86)\FrostWire\Other\Help\images\donation_button.png
c:\program files (x86)\FrostWire\Other\Help\images\favicon.ico
c:\program files (x86)\FrostWire\Other\Help\images\help_background_footer.png
c:\program files (x86)\FrostWire\Other\Help\images\help_background_header.png
c:\program files (x86)\FrostWire\Other\Help\images\help_logo_top.png
c:\program files (x86)\FrostWire\Other\Source\AppSource.txt
c:\program files (x86)\FrostWire\Other\Source\frostwire logo.ai
c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.ini
c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.jpg
c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.nsi
c:\program files (x86)\FrostWire\Other\Source\License.txt
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller-old.nsi
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller.bmp
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller.nsi
c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstallerLANG_ENGLISH.nsh
c:\program files (x86)\FrostWire\Other\Source\ReadINIStrWithDefault.nsh
c:\program files (x86)\FrostWire\Other\Source\Readme.txt
c:\users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire\FrostWire.lnk
c:\users\Jonathan\Documents\FrostWire
c:\users\Jonathan\Documents\FrostWire\Torrents\Lil' Wayne - How To Love.mp3.torrent
c:\users\Jonathan\Documents\FrostWire\Torrents\Lil Wayne ft.Rick Ross - John (2011 Explicit)@JB59.mp4.torrent
c:\users\Jonathan\Frostwire
c:\users\Jonathan\Frostwire\Lil' Wayne - How To Love.mp3.torrent
c:\users\Jonathan\Music\Frostwire
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 19:38 . 2012-10-10 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 16:41 . 2012-10-10 16:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BEBFB0-3B34-46DD-B880-4BD72B27CBE2}\offreg.dll
2012-10-10 16:08 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BEBFB0-3B34-46DD-B880-4BD72B27CBE2}\mpengine.dll
2012-10-10 15:53 . 2012-10-10 15:53 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-09 18:10 . 2012-10-09 18:10 -------- d-----w- c:\program files (x86)\ESET
2012-10-05 18:03 . 2012-10-05 18:04 -------- d-----w- c:\programdata\HitmanPro
2012-10-05 01:40 . 2012-10-05 01:43 -------- d-----w- c:\users\Jonathan\Tracing
2012-10-04 22:30 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-04 21:02 . 2012-10-04 21:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-04 18:19 . 2012-10-04 18:19 -------- d-----w- C:\FRST
2012-10-04 04:22 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-04 02:44 . 2012-10-04 02:44 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
2012-10-04 02:43 . 2012-10-04 02:43 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 02:43 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-04 02:43 . 2012-10-04 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-04 02:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-04 02:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-04 01:46 . 2012-10-04 01:46 -------- d-----w- c:\users\Jonathan\AppData\Local\Secunia PSI
2012-10-04 01:45 . 2012-10-04 01:45 -------- d-----w- c:\program files (x86)\Secunia
2012-10-04 00:21 . 2012-10-04 00:21 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SUPERAntiSpyware.com
2012-10-04 00:20 . 2012-10-04 00:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-04 00:20 . 2012-10-04 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-04 00:13 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-10-04 00:13 . 2012-10-04 00:15 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-10-04 00:08 . 2012-10-04 00:08 -------- d-----w- c:\users\Jonathan\AppData\Local\Macromedia
2012-10-03 23:55 . 2012-10-03 23:55 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2012-10-03 23:41 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-03 23:41 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-03 23:41 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-03 23:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-10-03 23:41 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 23:41 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-03 23:41 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-03 22:50 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-03 22:35 . 2012-10-03 22:35 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-03 22:28 . 2012-10-03 23:29 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 22:23 . 2012-10-03 22:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-03 22:23 . 2012-10-03 22:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-03 22:22 . 2012-10-03 22:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-03 22:22 . 2012-10-03 22:22 -------- d-----w- c:\program files (x86)\Java
2012-10-03 22:00 . 2012-10-03 22:00 -------- d-----w- c:\users\Jonathan\AppData\Local\Mozilla
2012-10-03 22:00 . 2012-10-03 22:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-03 21:42 . 2012-10-03 21:42 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 23:29 . 2011-06-13 20:14 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 22:22 . 2011-07-09 18:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-18 02:29 . 2011-05-31 04:25 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-27 20:51 . 2012-07-27 20:51 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-07-27 20:51 . 2012-07-27 20:51 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-07-18 18:15 . 2012-08-24 08:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 19:55 . 2010-10-14 03:28 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-07-17 19:52 . 2010-10-14 03:28 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-07-17 19:52 . 2011-05-20 18:23 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-17 19:51 . 2011-05-20 18:23 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-07-17 19:51 . 2010-10-14 03:28 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-07-17 19:50 . 2010-10-14 03:28 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-17 19:49 . 2010-10-14 03:28 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-07-17 19:48 . 2010-10-14 03:28 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-07-17 19:48 . 2010-10-14 03:28 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-07-16 12:30 . 2012-07-16 12:30 4024320 ----a-w- c:\program files (x86)\GUT67B1.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 21:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 250288]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 23:29]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 20:17]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 20:17]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D10AB58E-75A9-4575-B9C4-BC677D6061AC}\653405962716475637: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\xf9im9nl.default\
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\01\1b\16-(R"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-10 14:40:03
ComboFix-quarantined-files.txt 2012-10-10 19:40
ComboFix2.txt 2012-10-07 23:55
.
Pre-Run: 570,574,077,952 bytes free
Post-Run: 570,426,544,128 bytes free
.
- - End Of File - - BA723B039C0489C8C22C7EA78830F8D2