ComboFix 10-03-08.02 - Administrator 03/09/2010 8:20.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.2380 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Local Settings\Application Data\{B167E254-846A-4EF7-9091-74217F8314A9} c:\documents and settings\Administrator\Local Settings\Application Data\{B167E254-846A-4EF7-9091-74217F8314A9}\chrome.manifest c:\documents and settings\Administrator\Local Settings\Application Data\{B167E254-846A-4EF7-9091-74217F8314A9}\chrome\content\_cfg.js c:\documents and settings\Administrator\Local Settings\Application Data\{B167E254-846A-4EF7-9091-74217F8314A9}\chrome\content\overlay.xul c:\documents and settings\Administrator\Local Settings\Application Data\{B167E254-846A-4EF7-9091-74217F8314A9}\install.rdf C:\Thumbs.db c:\windows\system32\Thumbs.db c:\windows\system32\twain_32.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 ))))))))))))))))))))))))))))))) . 2010-03-05 13:47 . 2010-03-05 13:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-02-28 23:43 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-02-28 23:43 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-02-28 23:43 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-02-28 23:42 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-02-26 19:01 . 2010-02-26 19:01 -------- d-----w- c:\program files\Common Files\Skype 2010-02-25 22:51 . 2010-02-25 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-22 02:09 . 2010-03-03 12:45 -------- d-----w- C:\DigitalPhotoFrame 2010-02-19 13:58 . 2010-02-19 13:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-02-18 05:29 . 2010-02-18 05:29 -------- d-----w- c:\program files\SyncToy 2.1 2010-02-18 05:28 . 2010-02-18 05:28 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-02-14 15:04 . 2010-02-14 15:04 -------- d-----w- c:\program files\Common Files\Apple 2010-02-14 15:04 . 2010-02-14 15:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple 2010-02-14 15:04 . 2010-02-14 15:04 -------- d-----w- c:\program files\Apple Software Update 2010-02-14 15:04 . 2010-02-14 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-09 13:33 . 2007-02-13 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus 2010-03-09 13:32 . 2009-11-04 14:37 256 ----a-w- c:\windows\system32\pool.bin 2010-03-09 13:28 . 2008-04-03 01:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-03-09 13:28 . 2008-05-30 20:14 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-03-09 10:01 . 2009-12-15 02:50 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat 2010-03-09 05:34 . 2009-04-26 05:02 -------- d-----w- c:\program files\LogMeIn 2010-03-08 12:05 . 2007-12-03 00:44 -------- d-----w- c:\program files\Common Files\Skyscape 2010-03-05 13:47 . 2008-04-24 00:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-05 13:47 . 2007-12-27 20:20 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-05 13:47 . 2008-04-24 00:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-05 13:47 . 2008-04-24 00:26 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-02-28 06:55 . 2009-08-13 19:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2010-02-28 05:03 . 2009-08-13 20:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2010-02-25 22:51 . 2007-02-13 04:13 -------- d-----w- c:\program files\Common Files\Java 2010-02-25 22:50 . 2007-02-13 04:14 -------- d-----w- c:\program files\Java 2010-02-22 00:13 . 2009-11-17 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-02-14 15:06 . 2007-02-12 16:35 -------- d-----w- c:\program files\QuickTime 2010-02-14 15:05 . 2007-02-12 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-02-04 00:48 . 2009-08-13 19:50 -------- d-----r- c:\program files\Skype 2010-02-04 00:42 . 2008-04-03 00:59 -------- d-----w- c:\program files\Common Files\LogiShrd 2010-02-04 00:38 . 2008-10-20 01:51 -------- d-----w- c:\program files\Logitech 2010-02-03 13:52 . 2010-01-15 11:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Juniper Networks 2010-02-02 23:22 . 2010-02-02 23:23 81920 ----a-w- c:\windows\system32\emfxp.dll 2010-02-02 23:22 . 2010-02-02 23:23 49152 ----a-w- c:\windows\system32\unpdf.exe 2010-01-24 04:49 . 2008-02-13 03:26 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-15 11:07 . 2010-01-15 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks 2010-01-14 05:43 . 2009-12-16 22:52 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-01-14 05:34 . 2007-02-12 16:22 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-14 05:07 . 2010-01-14 05:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-14 05:07 . 2010-01-14 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-14 05:07 . 2010-01-14 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-14 05:05 . 2010-01-14 05:05 -------- d-----w- c:\program files\ERUNT 2010-01-13 14:11 . 2010-01-13 14:11 -------- d-----w- c:\program files\TrendMicro 2010-01-13 13:22 . 2010-01-13 03:46 120 ----a-w- c:\windows\Mnemukimupewuku.dat 2010-01-13 05:50 . 2010-01-13 03:46 0 ----a-w- c:\windows\Xyileregucoru.bin 2010-01-07 21:07 . 2010-01-14 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2010-01-14 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2007-08-09 17:08 . 2007-05-25 03:27 8784 ------w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 17:10 . 2007-05-25 03:27 245408 ------w- c:\program files\mozilla firefox\plugins\unicows.dll . ------- Sigcheck ------- [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 18:40 . 28277538AE850468806449D9E678E1F5 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-13 65536] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-02-13 500561] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2009-12-18 624056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Azureus.lnk - c:\program files\Azureus\Azureus.exe [2007-1-13 199616] Eudora.lnk - c:\program files\Qualcomm\Eudora\Eudora.exe [2008-1-8 2658304] Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2007-2-11 910296] Palm Desktop.lnk - c:\program files\palmOne\Palm.exe [2005-1-5 614400] Windows Explorer.lnk - c:\windows\explorer.exe [2004-8-4 1033728] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184] eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-7-25 629248] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-05 13:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 00:29 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/23/2008 7:26 PM 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/23/2008 7:26 PM 216200] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/23/2008 7:26 PM 242696] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/8/2009 11:32 PM 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/8/2009 11:32 PM 234888] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/5/2010 8:47 AM 916760] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/5/2010 8:47 AM 308064] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/23/2007 11:21 PM 47640] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [6/23/2007 11:21 PM 12192] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-03-01 c:\windows\Tasks\Defrag C.job - c:\windows\system32\defrag.exe [2004-08-04 00:12] 2010-03-09 c:\windows\Tasks\Defrag D.job - c:\windows\system32\defrag.exe [2004-08-04 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: turbotax.com TCP: {95C06D76-7F4E-4E6C-9037-01CE3572888B} = 208.67.222.222,208.67.220.220 DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amtvz2w4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amtvz2w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amtvz2w4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amtvz2w4.default\extensions\genipublisher@geni.com\platform\WINNT_x86-msvc\plugins\npgenipublisher.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\amtvz2w4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . . ------- File Associations ------- . inifile="c:\program files\Notpad\Notpad.exe" "%1" txtfile="c:\program files\Notpad\Notpad.exe" "%1" . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-09 08:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1292428093-1788223648-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(888) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll - - - - - - - > 'explorer.exe'(9632) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\AVG\AVG9\avgam.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\LxrJD31s.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\stsystra.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2010-03-09 08:42:46 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-09 13:42 Pre-Run: 13,070,880,768 bytes free Post-Run: 13,111,115,776 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6FC902D25AAB04621DF75FDABFFC2A39