ComboFix 09-12-03.04 - Matt 12/03/2009 20:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.303 [GMT -5:00]
Running from: c:\documents and settings\Matt\My Documents\Downloads\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Matt\Application Data\AntiVirus Plus
c:\documents and settings\Matt\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll
c:\documents and settings\Matt\Application Data\avp.ico
c:\documents and settings\Peggy\Start Menu\Programs\Startup\scandisk.lnk
C:\ntldrs
c:\program files\AntiMalware
c:\program files\AntiMalware\malw.db
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\_000002_.tmp.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000004_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\talogevi.dll
c:\windows\system32\vevinaho.dll
c:\windows\system32\vuverisa.dll
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wopoliro.dll
c:\windows\system32\zesifimi.exe
c:\windows\system32\zubayoro.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\blkrlsrt.job
c:\windows\Tasks\uqzimtmv.job
c:\windows\Tasks\ynlodooz.job
----- BITS: Possible infected sites -----
hxxp://82.98.231.102
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 )))))))))))))))))))))))))))))))
.
2009-12-04 01:38 . 2009-12-04 01:38 -------- d-----w- c:\windows\LastGood
2009-12-04 01:32 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-04 01:32 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-03 01:58 . 2009-12-03 01:58 -------- d-----w- C:\!KillBox
2009-11-28 02:58 . 2009-11-28 02:58 127325 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\uninstall.exe
2009-11-28 02:57 . 2009-11-28 02:58 1408800 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-11-28 01:57 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 01:57 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 04:02 . 2009-11-28 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-27 00:53 . 2009-11-28 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 02:07 . 2009-11-25 02:07 -------- d-----w- c:\program files\ESET
2009-11-24 01:55 . 2009-11-24 01:55 -------- d-----w- C:\0f71991bc57f4de6ded29cdc5c51f475
2009-11-22 14:20 . 2009-11-22 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-11-18 03:57 . 2009-11-29 01:12 120 ----a-w- c:\windows\Dwubetunu.dat
2009-11-18 03:02 . 2009-11-18 03:02 -------- d-----w- C:\qrnt
2009-11-18 02:51 . 2009-11-18 02:51 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Conduit
2009-11-18 02:51 . 2009-11-18 02:51 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\IObitCom
2009-11-18 02:51 . 2009-11-18 02:51 -------- d-----w- c:\program files\Conduit
2009-11-18 02:51 . 2009-12-02 02:43 -------- d-----w- c:\program files\IObitCom
2009-11-18 02:51 . 2009-12-02 02:31 -------- d-----w- c:\documents and settings\Matt\Application Data\IObit
2009-11-18 02:51 . 2009-11-22 14:20 -------- d-----w- c:\program files\IObit
2009-11-18 02:51 . 2009-11-04 21:49 635664 ----a-w- c:\documents and settings\Matt\Application Data\IObit\Common\TB_Helper.exe
2009-11-14 18:08 . 2009-11-15 02:56 -------- d-----w- c:\documents and settings\Matt\Application Data\gfsdg
2009-11-14 18:06 . 2009-12-03 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-12 03:00 . 2009-11-18 03:05 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\rwcsyg
2009-11-10 23:26 . 2009-11-22 15:28 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\bexxmu
2009-11-10 19:45 . 2009-12-01 19:00 0 ----a-w- c:\windows\Ivepivoqulicake.bin
2009-11-10 19:39 . 2009-11-22 15:28 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\suoqhx
2009-11-10 19:07 . 2009-11-10 19:07 -------- d-----w- C:\found.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-04 01:15 . 2007-03-14 17:48 -------- d-----w- c:\program files\Dl_cats
2009-12-02 02:43 . 2008-02-02 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-12-01 19:07 . 2009-10-14 00:32 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-12-01 19:07 . 2009-10-14 00:32 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-12-01 19:07 . 2008-10-11 17:29 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-12-01 19:07 . 2008-10-11 17:29 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-12-01 19:07 . 2008-10-11 17:29 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-12-01 19:07 . 2008-10-11 17:29 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-11-28 03:16 . 2008-05-11 01:39 -------- d-----w- c:\documents and settings\Matt\Application Data\Move Networks
2009-11-28 02:58 . 2009-06-24 01:42 316520 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-11-28 02:58 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-23 01:40 . 2009-11-23 01:39 142 ----a-w- c:\documents and settings\Matt\Application Data\wklnhst.dat
2009-10-14 00:32 . 2009-06-17 22:22 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-09-11 14:03 . 2004-08-10 18:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-09-24 21:21 . 2007-01-04 02:24 88 --sh--r- c:\windows\system32\D6AB5AF0EE.sys
2009-08-28 01:14 . 2009-08-28 01:14 3 --sha-w- c:\windows\system32\fokitape.dll
2009-08-27 00:41 . 2009-08-27 00:41 3 --sha-w- c:\windows\system32\hedafatu.dll
2009-08-14 18:08 . 2009-08-14 18:08 314368 --sha-w- c:\windows\system32\hosezuba.exe
2009-08-24 19:08 . 2009-08-24 19:08 3 --sha-w- c:\windows\system32\jonefede.dll
2008-09-24 21:22 . 2008-04-30 23:43 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-12 00:59 . 2009-08-12 00:59 984064 --sha-w- c:\windows\system32\mupewevo.exe
2009-08-25 18:10 . 2009-08-25 18:10 3 --sha-w- c:\windows\system32\tazofehu.dll
2009-08-25 18:10 . 2009-08-25 18:10 3 --sha-w- c:\windows\system32\vizaratu.dll
2009-08-17 03:08 . 2009-08-17 03:08 87040 --sha-w- c:\windows\system32\vovuhinu.exe
.
------- Sigcheck -------
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-01 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-01 230664]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-10-11 14088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\FwW3dz4sg.exe" [2009-11-28 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IObit\\IObit Security 360\\is360srv.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware\\PPCtlPriv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 2:01 AM 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 2:02 AM 13696]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704]
.
Contents of the 'Scheduled Tasks' folder
2009-10-08 c:\windows\Tasks\CAAntiSpywareScan_Daily as Matt at 2 56 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]
2009-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 21:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\qcobffu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/Default.aspx
FF - plugin: c:\documents and settings\Matt\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\np_gp.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPBeatSP.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\Npra32.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npswf32.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)
Notify-WgaLogon - (no file)
SafeBoot-WebrootSpySweeperService
SafeBoot-WRConsumerService
AddRemove-Total Internet DPT - c:\progra~1\LocalNet\UNPLUGIN.DLL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-12-03 20:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,ca,00,19,09,4a,fd,46,9a,fa,cd,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,ca,00,19,09,4a,fd,46,9a,fa,cd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
- - - - - - - > 'explorer.exe'(3424)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
.
**************************************************************************
.
Completion time: 2009-12-03 20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-04 01:46
Pre-Run: 95,313,104,896 bytes free
Post-Run: 95,342,952,448 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - DA1D9223AB788E4981765190C37CBCFF
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:36 PM, on 12/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\FwW3dz4sg.exe" /runcleanupscript
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish...fishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1224878044156
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.winkflash...geUploader4.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 5180 bytes
No other pop ups or immediate problems regarding the PC as of now.