ComboFix 10-06-10.06 - Ben 14/06/2010 18:52:52.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2961 [GMT 1:00]
Running from: c:\documents and settings\Ben\Desktop\George.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\docume~1\Ben\LOCALS~1\Temp\asbp2poa.sys"
"c:\program files\AVG\AVG9\avgemc.exe"
"c:\program files\AVG\AVG9\avgwdsvc.exe"
"c:\program files\Lavasoft\Ad-Aware\aawservice.exe"
"c:\windows\system32\1054p.exe srv"
"c:\windows\system32\12520437m.exe srv"
"c:\windows\System32\Drivers\avgldx86.sys"
"c:\windows\System32\Drivers\avgmfx86.sys"
"c:\windows\System32\Drivers\avgtdix.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AVG
c:\program files\AVG\AVG9\cfgall\falsealarm.cfg
.
((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.
2010-06-14 07:15 . 2010-06-14 07:19 -------- d-----w- c:\documents and settings\Ben\Application Data\QuickScan
2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\program files\ESET
2010-06-13 16:14 . 2010-06-14 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\PCHealth
2010-06-11 18:20 . 2010-06-11 18:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-11 05:02 . 2010-06-11 05:02 -------- d-----w- C:\_OTL
2010-06-10 18:10 . 2010-05-21 13:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 18:04 . 2010-06-10 18:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-10 17:34 . 2010-06-10 17:34 -------- d-----w- c:\program files\ERUNT
2010-06-09 19:11 . 2010-06-09 19:12 -------- d-----w- C:\Rooter$
2010-06-09 07:08 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-30 10:59 . 2010-06-13 21:14 -------- d-----w- c:\documents and settings\Ben\Application Data\Bioshock
2010-05-28 18:54 . 2010-06-13 13:52 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Spotify
2010-05-28 18:54 . 2010-06-13 13:47 -------- d-----w- c:\documents and settings\Ben\Application Data\Spotify
2010-05-28 18:53 . 2010-05-28 18:53 -------- d-----w- c:\program files\Spotify
2010-05-15 19:15 . 2010-05-15 19:15 28672 ----a-w- c:\windows\system32\qttask.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 18:01 . 2008-02-29 23:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-13 16:15 . 2010-06-13 16:14 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-13 09:10 . 2007-08-26 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-13 07:44 . 2008-11-12 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-12 21:37 . 2008-12-27 10:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 17:46 . 2008-12-27 10:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-11 17:46 . 2009-01-10 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 08:44 . 2007-04-19 06:45 -------- d-----w- c:\documents and settings\Ben\Application Data\U3
2010-06-05 08:14 . 2010-02-21 15:50 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-03 20:36 . 2007-04-03 17:58 -------- d-----w- c:\documents and settings\Ben\Application Data\Digidesign
2010-06-03 20:27 . 2007-04-06 09:17 32 ----a-w- c:\windows\msocreg32.dat
2010-05-31 15:34 . 2010-06-14 07:15 702120 ----a-w- c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 15:34 . 2010-06-14 07:15 868456 ----a-w- c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-29 08:33 . 2009-02-10 18:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 18:54 . 2010-05-28 18:54 655360 ----a-w- c:\documents and settings\Ben\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-28 18:54 . 2010-05-28 18:54 282624 ----a-w- c:\documents and settings\Ben\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-28 18:54 . 2010-05-28 18:54 208896 ----a-w- c:\documents and settings\Ben\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-15 19:27 . 2010-04-13 07:09 -------- d-----w- c:\program files\QuickTime
2010-05-06 10:41 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2005-08-16 03:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 12:46 . 2007-12-29 10:20 23 ----a-w- c:\windows\popcinfot.dat
2010-04-29 14:39 . 2009-02-10 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-02-10 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2005-08-16 03:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-02 12:37 . 2010-01-29 23:03 50354 ----a-w- c:\documents and settings\Ben\Application Data\Facebook\uninstall.exe
2010-03-20 07:57 . 2010-03-20 07:57 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-20 07:57 . 2010-03-20 07:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-20 07:57 . 2010-03-20 07:57 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-20 07:57 . 2010-03-20 07:57 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-20 07:57 . 2010-03-20 07:57 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-20 07:57 . 2010-03-20 07:57 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-20 07:56 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-19 22:33 . 2006-04-05 20:59 66472 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-20 22:00 . 2006-05-20 22:00 251 ----a-w- c:\program files\wt3d.ini
2006-04-05 21:02 . 2006-04-05 20:59 56 --sh--r- c:\windows\system32\C60B96B314.sys
2009-07-27 06:52 . 2009-07-27 06:52 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="c:\fraps\FRAPS.EXE" [2009-01-03 1031848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2005-01-12 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2005-01-12 16384]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1161414575\ee\AOLSoftware.exe" [2006-11-17 50736]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-13 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 3096576]
"Gainward"="c:\windows\TBPanel.exe" [2007-11-15 2189864]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-20 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-3 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave4"=Digi32.dll
"MIDI3"=diomidi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLink Pro\\Engine.exe"=
"c:\\Program Files\\VideoLink Pro\\SMListenEngine.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161414575\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benjg\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161414575\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\the longest journey\\game.exe"=
"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\the secret of monkey island special edition\\MISE.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\runaway a road adventure\\Runaway.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\max payne 2 the fall of max payne\\maxpayne2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benjg\\half-life\\hl.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [05/04/2007 19:22 16384]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/02/2007 20:45 646392]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [05/04/2007 19:21 11776]
S2 gupdate1c98e3ca9da9028;Google Update Service (gupdate1c98e3ca9da9028);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2009 01:39 133104]
S3 BCUMXMIDI;BCUMXMIDI;c:\windows\system32\drivers\bumxmidi.sys [03/05/2009 09:19 22752]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [16/04/2006 01:44 223232]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [05/04/2007 19:21 109056]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 00:54 10664]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [05/04/2007 19:21 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [05/04/2007 19:21 15232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/08/2008 19:58 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/08/2008 19:58 8320]
.
Contents of the 'Scheduled Tasks' folder
2010-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-12 16:43]
2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 00:39]
2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 00:39]
2010-06-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]
2010-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3843634061-819627678-391793244-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
2010-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3843634061-819627678-391793244-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: bitdefender.com
Trusted Zone: bitdefender.com\quickscan
Trusted Zone: internet
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Ben\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Ben\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\mukgun5k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-14 19:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x84D531E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e8dcb8
\Driver\atapi -> sfsync02.sys @ 0xb8338d60
\Driver\iaStor -> sfsync02.sys @ 0xb8338d60
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3843634061-819627678-391793244-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,21,6a,ae,fc,8e,9a,03,44,69,f5,8f,3f,5d,37,68,db,5c,84,39,a6,5d,37,
e2,91,fa,83,33,4b,ed,ba,1f,11,d5,70,06,66,b3,4a,30,04,5a,50,9b,29,df,2a,92,\
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37
[HKEY_USERS\S-1-5-21-3843634061-819627678-391793244-1005\Software\SecuROM\License information*]
"datasecu"=hex:80,56,6a,65,0d,6c,8d,a5,5e,e1,e8,76,c6,f1,b0,a3,f2,bb,05,58,6e,
23,ba,17,ba,1f,dd,91,77,a6,13,e5,a4,60,32,61,a8,20,1f,25,15,16,44,54,14,f3,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\common files\aol\1161414575\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2010-06-14 19:07:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-14 18:07
ComboFix2.txt 2010-06-13 14:11
ComboFix3.txt 2010-06-13 08:34
ComboFix4.txt 2010-06-11 19:43
ComboFix5.txt 2010-06-14 17:43
Pre-Run: 82,996,830,208 bytes free
Post-Run: 82,982,436,864 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E3EAB45C377C85BFA9353454B384687E