ComboFix 10-02-16.03 - Cattie 02/18/2010 3:51.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1560 [GMT -6:00]
Running from: c:\documents and settings\Cattie\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100218-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\jJ4j5yXbb.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\k0O4l6.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\k0P27.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\mbMkA7ya.jpg
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\41.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\helpers32.dll
c:\windows\system32\smss32.exe
c:\windows\system32\warnings.html
c:\windows\system32\winlogon32.exe
c:\windows\Tasks\mejlqfiv.job
----- BITS: Possible infected sites -----
hxxp://77.74.48.111
hxxp://82.98.235.29
.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.
2010-02-18 09:43 . 2010-02-18 09:43 1496576 ----a-w- c:\windows\system32\ES15.exe
2010-02-14 08:00 . 2010-02-14 08:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-14 08:00 . 2010-02-14 08:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-02-11 06:20 . 2010-02-11 06:20 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\Mozilla
2010-02-05 18:15 . 2010-02-05 18:15 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\Blizzard Entertainment
2010-02-05 18:11 . 2010-02-05 18:11 -------- d-----w- c:\program files\Common Files\Stardock
2010-02-05 18:11 . 2010-02-05 18:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{41E8B74B-0559-4DF7-9B4B-5A5D5058F042}
2010-02-05 18:11 . 2009-10-22 19:37 3195360 -c--a-w- c:\documents and settings\All Users\Application Data\{41E8B74B-0559-4DF7-9B4B-5A5D5058F042}\MyColors.exe
2010-02-05 18:11 . 2010-02-05 18:11 -------- d-----w- c:\program files\Stardock
2010-02-05 18:11 . 2010-02-05 18:11 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\PackageAware
2010-02-05 18:02 . 2010-02-05 18:02 -------- d-sh--w- c:\documents and settings\Cattie\IECompatCache
2010-02-05 18:01 . 2010-02-05 18:01 -------- d-sh--w- c:\documents and settings\Cattie\PrivacIE
2010-02-05 17:59 . 2010-02-18 09:56 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\Deployment
2010-02-02 07:44 . 2010-02-02 07:45 -------- d-----w- c:\windows\system32\NtmsData
2010-01-29 16:19 . 2010-01-29 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\documents and settings\Cattie\Saved Games
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2010-01-27 05:36 . 2010-02-16 17:51 -------- d-----w- c:\program files\att games
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-01-26 21:17 . 2010-01-26 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-25 12:14 . 2010-01-25 12:14 -------- d-----w- c:\program files\Turbo Tax Audit Support Center
2010-01-25 12:02 . 2010-01-25 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2010-01-25 12:01 . 2010-01-25 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-25 12:00 . 2010-01-25 12:03 137397 ----a-w- c:\windows\HPHins15.dat
2010-01-25 12:00 . 2007-08-28 21:16 2828 ------w- c:\windows\hphmdl15.dat
2010-01-25 11:55 . 2010-01-25 12:35 -------- d-----w- c:\temp\FixEngine
2010-01-25 11:55 . 2010-01-25 11:55 -------- d-----w- C:\temp
2010-01-23 07:49 . 2010-01-23 22:04 -------- d-----w- c:\program files\World of Warcraft Public Test
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 09:27 . 2010-01-16 05:59 384384 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-17 14:14 . 2009-07-01 05:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 18:52 . 2009-03-28 08:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-14 07:20 . 2010-02-14 07:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-14 07:20 . 2010-02-11 06:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-13 19:17 . 2009-10-11 05:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 06:24 . 2010-02-11 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-11 06:24 . 2010-02-11 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-05 22:22 . 2010-01-16 00:28 -------- d-----w- c:\program files\World of Warcraft
2010-02-05 17:59 . 2010-02-04 16:03 61152 ----a-w- c:\documents and settings\Cattie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 16:03 . 2010-02-04 16:03 -------- d-----w- c:\documents and settings\Cattie\Application Data\Malwarebytes
2010-02-01 00:49 . 2009-09-28 09:08 61152 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 12:02 . 2008-07-12 19:23 -------- d-----w- c:\program files\HP
2010-01-25 12:01 . 2008-07-12 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-23 08:05 . 2010-01-15 17:55 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-19 01:09 . 2010-01-19 01:09 -------- d-----w- c:\program files\Ventrilo
2010-01-19 01:08 . 2010-01-19 01:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 06:00 . 2010-01-16 05:57 -------- d-----w- c:\program files\Google
2010-01-16 02:45 . 2010-01-16 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-01-15 22:00 . 2009-03-27 10:26 -------- d-----w- c:\program files\Electronic Arts
2010-01-15 17:50 . 2010-01-15 17:50 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 17:32 . 2010-01-15 17:32 -------- d-----w- c:\program files\Alwil Software
2010-01-15 17:27 . 2010-01-15 17:23 -------- d-----w- c:\program files\2Wire
2010-01-15 17:25 . 2008-04-23 21:27 -------- d-----w- c:\program files\Yahoo!
2010-01-15 17:25 . 2008-04-23 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-15 00:53 . 2010-01-12 05:49 -------- d-----w- c:\program files\Crystalize
2010-01-15 00:53 . 2009-10-21 19:08 -------- d-----w- c:\program files\Selectsoft
2010-01-12 05:16 . 2010-01-12 05:16 -------- d-----w- c:\program files\Common Files\Nova Development
2010-01-12 05:15 . 2010-01-12 05:15 -------- d-----w- c:\program files\Nova Development
2010-01-09 05:49 . 2008-06-19 16:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2010-01-09 04:52 . 2009-08-18 18:32 -------- d-----w- c:\program files\BFG
2010-01-09 04:23 . 2009-09-28 13:59 -------- d-----w- c:\program files\Perfect World Entertainment
2010-01-09 04:07 . 2009-07-11 20:31 815648 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-09 04:07 . 2009-07-11 20:31 53468 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-09 04:07 . 2009-07-11 20:31 45312544 -csha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-09 04:07 . 2009-07-11 20:31 389228 -csha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-09 04:07 . 2009-09-28 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Verizon
2010-01-07 22:07 . 2009-10-11 05:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-10-11 05:24 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 23:23 . 2009-10-27 23:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-31 16:50 . 2004-08-10 17:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-10 17:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 03:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 17:51 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 17:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 17:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2010-01-15 17:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2010-01-15 17:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2010-01-15 17:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2010-01-15 17:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2010-01-15 17:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2010-01-15 17:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2010-01-15 17:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2010-01-15 17:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2010-01-15 17:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2004-08-10 17:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
1601-01-01 00:03 . 1601-01-01 00:03 62464 --sha-w- c:\windows\system32\fiwolega.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-23 98304]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
c:\documents and settings\Cattie\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-5 0]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-06-09 15:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 -c--a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 -c--a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 -c--a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-04-23 21:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 -c--a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 16:34 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"57991:TCP"= 57991:TCP:Pando Media Booster
"57991:UDP"= 57991:UDP:Pando Media Booster
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/15/2010 11:32 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/15/2010 11:32 AM 20560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
2010-02-14 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://www.google.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {44EFEC5D-1C0D-466E-AD76-C26DAC4AB301} = 83.149.115.157,4.2.2.1,192.168.1.254
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Cattie\Application Data\Mozilla\Firefox\Profiles\3hnzx6be.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
HKCU-Run-Security essentials 2010 - c:\program files\Securityessentials2010\SE2010.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
MSConfigStartUp-AntiSpyware Service - c:\docume~1\CATTIE~1\LOCALS~1\Temp\mrxbewlfp.exe
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1208986487\EE\AOLHostManager.exe
MSConfigStartUp-pebjqirm - c:\documents and settings\Cattie Bullard\Local Settings\Application Data\yevshm\jcymsftav.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\VSP\VerizonServicepoint.exe
MSConfigStartUp-Windows System Recover! - c:\docume~1\CATTIE~1\LOCALS~1\Temp\smss.exe
MSConfigStartUp-Zboard - c:\program files\Ideazon\ZEngine\Zboard.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 03:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\Stardock\MyColors\fastload.dll
- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
.
**************************************************************************
.
Completion time: 2010-02-18 04:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-18 10:00
ComboFix2.txt 2009-10-11 03:57
ComboFix3.txt 2009-10-11 02:17
Pre-Run: 110,098,255,872 bytes free
Post-Run: 110,075,699,200 bytes free
Current=6 Default=6 Failed=5 LastKnownGood=2 Sets=1,2,5,6
- - End Of File - - 292DE6CF452E0B4DB072A2366E088A97