It seems it's gone. it found what happened and deleted it! thanks!!
but I'll still post this, just in case.
ComboFix 09-07-20.05 - Administrator 2009-07-21 18:49.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.629 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\mar164\Application Data\02000000586ce33fC.manifest
c:\documents and settings\mar164\Application Data\02000000586ce33fO.manifest
c:\documents and settings\mar164\Application Data\02000000586ce33fP.manifest
c:\documents and settings\mar164\Application Data\02000000586ce33fR.manifest
c:\documents and settings\mar164\Application Data\02000000586ce33fS.manifest
c:\windows\system32\aeffjgws.ini
c:\windows\system32\bhfgyjyg.ini
c:\windows\system32\BIillUvw.ini
c:\windows\system32\BIillUvw.ini2
c:\windows\system32\CdgOoUvw.ini
c:\windows\system32\CdgOoUvw.ini2
c:\windows\system32\CfNXIkkj.ini
c:\windows\system32\CfNXIkkj.ini2
c:\windows\system32\dMlRutwa.ini
c:\windows\system32\dMlRutwa.ini2
c:\windows\system32\drivers\geyekrvrrnkuuk.sys
c:\windows\system32\drivers\UACcpiaptlbrpodgwatx.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ffNUxyxx.ini
c:\windows\system32\ffNUxyxx.ini2
c:\windows\system32\fodwgvxu.ini
c:\windows\system32\fumdmqef.ini
c:\windows\system32\gcbglfnv.ini
c:\windows\system32\gfphijml.ini
c:\windows\system32\GPYFPXyb.ini
c:\windows\system32\GPYFPXyb.ini2
c:\windows\system32\ifklnsee.ini
c:\windows\system32\iuwtfnbl.ini
c:\windows\system32\kmgeoegq.ini
c:\windows\system32\LmTENqru.ini
c:\windows\system32\LmTENqru.ini2
c:\windows\system32\mcjxqnwg.ini
c:\windows\system32\mTuvDcdd.ini
c:\windows\system32\mTuvDcdd.ini2
c:\windows\system32\Process.exe
c:\windows\system32\QrBbJkkj.ini
c:\windows\system32\QrBbJkkj.ini2
c:\windows\system32\rtENWGgh.ini
c:\windows\system32\rtENWGgh.ini2
c:\windows\system32\SrchSTS.exe
c:\windows\system32\srjkadqt.ini
c:\windows\system32\tmp.reg
c:\windows\system32\UACamtnqvmcjw.log
c:\windows\system32\UACgmkbfoaxtonwwfawp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiwmlgyqweavskejva.dll
c:\windows\system32\UACkcetjsqkamqfqhmgy.dll
c:\windows\system32\UACpiewbsiwgsibqwmdb.dll
c:\windows\system32\UACspqrcvnliqhohaqbr.dat
c:\windows\system32\UACxdpasckvfidlkybae.db
c:\windows\system32\UACxmxibittunsklgrno.dll
c:\windows\system32\uDcddccf.ini
c:\windows\system32\uDcddccf.ini2
c:\windows\system32\utEfNqss.ini
c:\windows\system32\utEfNqss.ini2
c:\windows\system32\xjtepaqs.ini
c:\windows\system32\yujtidaq.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-21 15:08 . 2009-07-21 15:08 -------- dc----w- c:\program files\NCSoft
2009-07-21 15:08 . 2009-07-21 15:08 -------- dc----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-07-21 14:42 . 2009-07-21 15:08 -------- dc----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-07-19 02:21 . 2009-07-19 02:21 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Applications
2009-07-18 00:41 . 2009-07-18 01:53 -------- dc----w- C:\Spybot - Search & Destroy
2009-07-18 00:37 . 2009-07-21 21:02 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-07-11 22:43 . 2009-07-11 22:43 -------- dc----w- c:\documents and settings\jcrusso\Application Data\Xfire
2009-07-11 22:42 . 2009-07-12 01:35 -------- dc----w- c:\documents and settings\jcrusso\Application Data\U3
2009-07-10 14:10 . 2009-07-10 14:10 -------- dc----w- c:\documents and settings\Administrator\Application Data\Xfire
2009-07-08 21:37 . 2009-07-08 21:37 -------- dc----w- c:\documents and settings\mar164\Application Data\Xfire
2009-07-08 21:01 . 2009-07-08 21:01 -------- dc----w- c:\documents and settings\mar164\Application Data\Printer Info Cache
2009-06-26 01:02 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-26 01:02 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-06-26 01:02 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-26 01:02 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-26 01:02 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-26 01:02 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-26 01:01 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-26 01:01 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-25 01:04 . 2009-06-25 01:04 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-06-25 00:53 . 2009-06-25 00:53 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-25 00:53 . 2009-06-25 00:53 -------- dc----w- c:\program files\iTunes
2009-06-25 00:48 . 2009-06-25 00:49 -------- dc----w- c:\program files\QuickTime
2009-06-25 00:44 . 2009-06-05 15:42 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 18:05 . 2008-06-02 19:49 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-21 15:53 . 2008-11-18 13:25 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 15:34 . 2009-02-08 00:07 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 15:09 . 2006-01-26 23:04 -------- dc----w- c:\program files\Google
2009-07-21 15:08 . 2005-11-20 00:24 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-07-21 14:50 . 2009-03-01 22:54 -------- dc----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-21 04:42 . 2007-08-20 14:32 1324 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-07-21 03:26 . 2005-11-20 00:24 -------- dc----w- c:\program files\ATI Technologies
2009-07-21 03:23 . 2008-05-07 20:16 -------- dc----w- c:\documents and settings\mar164\Application Data\ATI
2009-07-21 03:23 . 2008-05-07 05:42 -------- dc----w- c:\documents and settings\jcrusso\Application Data\ATI
2009-07-21 03:23 . 2008-06-02 18:57 -------- dc----w- c:\documents and settings\Administrator\Application Data\ATI
2009-07-21 03:23 . 2008-05-12 23:57 -------- dc----w- c:\documents and settings\brunette27\Application Data\ATI
2009-07-19 02:18 . 2008-01-12 20:28 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-19 00:16 . 2009-03-02 22:08 -------- dc----w- c:\program files\Windows Live Safety Center
2009-07-18 21:13 . 2009-02-07 21:43 -------- dc----w- c:\program files\Windows Live Safety CenterRebootActions
2009-07-17 17:22 . 2008-02-29 11:52 -------- dc----w- c:\documents and settings\Administrator\Application Data\U3
2009-07-17 05:38 . 2006-01-16 22:37 -------- dc----w- c:\program files\Symantec AntiVirus
2009-07-16 19:05 . 2008-02-29 11:44 -------- dc----w- c:\documents and settings\mar164\Application Data\U3
2009-07-14 00:20 . 2006-08-13 01:04 -------- dc----w- c:\documents and settings\mar164\Application Data\LimeWire
2009-07-02 18:51 . 2006-04-10 00:12 -------- dc----w- c:\documents and settings\mar164\Application Data\Apple Computer
2009-06-29 17:29 . 2008-01-21 20:54 -------- dc----w- c:\documents and settings\mar164\Application Data\Ventrilo
2009-06-25 01:04 . 2008-12-12 01:48 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-25 01:03 . 2008-03-08 16:16 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-06-25 00:53 . 2006-04-09 23:35 -------- dc----w- c:\program files\iPod
2009-06-25 00:53 . 2008-03-08 16:16 -------- dc----w- c:\program files\Common Files\Apple
2009-06-16 14:55 . 2004-08-11 23:00 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-11 23:00 82432 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-05 15:42 . 2008-03-08 16:16 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 18:11 . 2008-08-27 19:17 -------- dc----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-06-03 19:27 . 2004-08-11 23:00 1290752 -c--a-w- c:\windows\system32\quartz.dll
2009-05-13 03:42 . 2006-01-30 14:28 60648 -c--a-w- c:\documents and settings\jcrusso\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 23:51 . 2003-02-21 10:42 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2009-05-07 15:44 . 2004-08-11 23:00 344064 -c--a-w- c:\windows\system32\localspl.dll
2009-05-03 22:15 . 2006-02-04 17:40 60648 -c--a-w- c:\documents and settings\brunette27\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 04:56 . 2004-08-11 23:00 827392 -c--a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-11 23:00 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-28 04:41 . 2008-02-26 03:12 442368 -c--a-w- c:\windows\system32\ATIDEMGX.dll
2009-04-28 04:32 . 2008-02-26 02:19 290816 -c--a-w- c:\windows\system32\atiok3x2.dll
2009-04-28 03:55 . 2008-02-26 02:29 49664 -c--a-w- c:\windows\system32\amdpcom32.dll
2009-04-28 03:50 . 2008-06-03 02:28 126976 -c--a-w- c:\windows\system32\atiadlxx.dll
2009-04-28 01:58 . 2009-04-28 01:58 45056 -c--a-w- c:\windows\system32\aticalrt.dll
2009-04-28 01:58 . 2009-04-28 01:58 45056 -c--a-w- c:\windows\system32\aticalcl.dll
2009-04-28 01:56 . 2009-04-28 01:56 3227648 -c--a-w- c:\windows\system32\aticaldd.dll
2009-04-28 01:20 . 2008-03-30 16:08 593920 -c----w- c:\windows\system32\ati2sgag.exe
2006-07-29 02:51 . 2006-07-29 02:51 4387 -c--a-w- c:\program files\Common.zip
2006-01-16 22:38 . 2006-01-16 22:38 4248 -c--a-w- c:\program files\setuplog.txt
2009-06-13 17:43 . 2009-02-01 01:34 134648 -c--a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-10 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
c:\documents and settings\brunette27\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-1-19 157000]
c:\documents and settings\jcrusso\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-1-19 157000]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^mlrusso^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\mlrusso\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEUpdate
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2007-12-26 15172]
R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-12-07 10240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-07-17 101936]
S2 gupdate1c98f0e22051aa6;Google Update Service (gupdate1c98f0e22051aa6);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2008-12-26 251264]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PlayNC Launcher - (no file)
.
------- Supplementary Scan -------
.
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\g26ir95a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-21 19:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-07-21 19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-21 23:09
ComboFix2.txt 2008-07-31 23:02
ComboFix3.txt 2008-07-26 00:47
Pre-Run: 22,792,757,248 bytes free
Post-Run: 23,204,438,016 bytes free
321 --- E O F --- 2009-07-15 07:04