ComboFix 10-07-06.02 - Compaq_Owner 06/07/2010 22:34:48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2238.1708 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://nexdef.mlb.com.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-03 08:24 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-03 00:05 . 2010-07-03 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-07-03 00:05 . 2010-07-03 08:13 -------- d-----w- c:\program files\McAfee Security Scan
2010-07-02 17:52 . 2010-07-02 17:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-02 17:52 . 2010-07-02 17:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-06-30 19:54 . 2010-07-03 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-27 20:57 . 2010-06-27 20:58 -------- d-----w- c:\program files\QuickTime
2010-06-27 20:56 . 2010-06-27 20:56 -------- d-----w- c:\program files\Common Files\Apple
2010-06-27 20:56 . 2010-06-27 20:56 -------- d-----w- c:\program files\Apple Software Update
2010-06-27 20:56 . 2010-06-27 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-27 06:33 . 2010-06-27 06:33 -------- d-----w- C:\_OTL
2010-06-23 22:12 . 2010-06-23 22:12 -------- d-----w- c:\program files\Safer Networking
2010-06-23 22:08 . 2010-06-23 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-23 22:08 . 2010-06-23 22:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 20:16 . 2010-06-18 20:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Uniblue
2010-06-18 20:16 . 2010-06-18 20:16 -------- d-----w- c:\program files\Uniblue
2010-06-16 07:28 . 2010-06-16 07:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-13 09:01 . 2001-08-17 17:52 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2010-06-13 09:01 . 2001-08-17 17:52 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2010-06-13 09:01 . 2001-08-17 17:52 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys
2010-06-13 09:01 . 2001-08-17 17:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-06-13 09:01 . 2001-08-17 17:52 40320 ----a-w- c:\windows\system32\dllcache\ql1080.sys
2010-06-13 09:01 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2010-06-13 09:01 . 2001-08-17 17:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-06-13 09:01 . 2001-08-17 17:28 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-06-13 09:01 . 2001-08-17 17:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2010-06-13 09:01 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-06-13 09:01 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-06-13 09:01 . 2001-08-18 02:36 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2010-06-13 08:59 . 2001-08-17 16:11 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-06-13 08:58 . 2001-08-17 16:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-06-13 08:57 . 2001-08-17 18:56 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2010-06-13 08:56 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-06-13 08:55 . 2001-08-18 02:36 58880 ----a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-06-13 08:54 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-06-13 08:53 . 2001-08-17 17:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-06-13 08:52 . 2008-04-14 00:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-06-13 08:51 . 2001-08-17 18:07 25952 ----a-w- c:\windows\system32\dllcache\hpn.sys
2010-06-13 08:50 . 2001-08-17 18:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2010-06-13 08:49 . 2004-08-04 02:32 137088 ----a-w- c:\windows\system32\dllcache\essm2e.sys
2010-06-13 08:48 . 2001-08-17 16:10 69692 ----a-w- c:\windows\system32\dllcache\el575nd5.sys
2010-06-13 08:47 . 2001-08-17 16:13 103044 ----a-w- c:\windows\system32\dllcache\digidxb.sys
2010-06-13 08:46 . 2001-08-17 16:11 60970 ----a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
2010-06-13 08:45 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-06-13 08:44 . 2001-08-17 16:49 49920 ----a-w- c:\windows\system32\dllcache\atirtcap.sys
2010-06-13 08:43 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-11 19:10 . 2010-06-11 19:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-11 17:36 . 2010-06-11 17:36 -------- d-----w- c:\program files\Trend Micro
2010-06-10 22:30 . 2010-07-03 00:05 -------- d-----w- c:\documents and settings\Compaq_Owner\.autobahn
2010-06-10 22:30 . 2010-06-30 19:50 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Autobahn
2010-06-09 04:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 04:51 . 2010-07-07 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 04:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 01:59 . 2010-06-09 04:45 0 ----a-w- c:\windows\system32\acctresk.sys
2010-06-08 19:41 . 2010-06-11 14:40 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-08 14:11 . 2010-06-09 18:44 1864203 --sha-w- c:\windows\system32\aaaamonq.sys
2010-06-08 13:38 . 2010-06-08 13:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-06-08 13:37 . 2010-06-08 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-07 22:14 . 2010-06-13 04:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\SmartBuy
2010-06-07 22:12 . 2010-06-24 01:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FA5316EFBC18DC4D4D2BBB4FA3AA0657
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 02:54 . 2010-04-21 13:17 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-05 00:31 . 2009-09-20 06:10 -------- d-----w- c:\program files\AVG
2010-07-05 00:30 . 2009-09-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-02 05:41 . 2009-12-02 09:54 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\dBpoweramp
2010-07-02 05:37 . 2009-11-28 05:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AccurateRip
2010-07-01 17:52 . 2010-07-04 01:20 1496064 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 17:51 . 2010-07-04 01:20 43008 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 17:51 . 2010-07-04 01:20 338944 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 17:51 . 2010-07-04 01:20 346112 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-27 20:57 . 2005-08-26 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-23 22:16 . 2008-04-12 16:20 -------- d-----w- c:\program files\Lavasoft
2010-06-23 22:16 . 2008-04-12 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-23 07:37 . 2010-03-06 04:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IObit
2010-06-19 16:29 . 2008-09-08 00:21 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ZoomBrowser EX
2010-06-19 16:29 . 2008-03-29 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-06-18 20:15 . 2010-03-06 04:17 -------- d-----w- c:\program files\IObit
2010-06-12 01:29 . 2010-06-12 01:29 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-10 19:49 . 2009-02-14 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-08 06:36 . 2010-06-08 06:36 4 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\dhxiuw.dat
2010-06-07 22:15 . 2010-06-07 22:15 32768 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{26F43274-40E5-49a5-9EFB-227A3AED39F9}\components\SmartBuyFF.dll
2010-06-07 05:36 . 2005-10-02 23:32 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2010-06-07 02:11 . 2005-08-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-06 08:12 . 2008-09-14 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-08 20:06 . 2005-08-26 22:27 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 05:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 05:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 08:05 . 2010-04-17 08:05 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-17 08:05 . 2010-04-17 08:05 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-17 08:05 . 2010-04-17 08:05 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-17 08:05 . 2010-04-17 08:05 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-17 08:05 . 2010-04-17 08:05 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-17 08:05 . 2010-04-17 08:05 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-17 08:05 . 2010-04-17 08:05 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-6-10 797184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-03-19 13:06 2046816 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 19:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-25 22:34 245760 -c--a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-26 11:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-17 07:59 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\TVersity\\Media Server\\web\\admin\\TVersity.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [04/01/2010 7:39 AM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/09/2009 2:11 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/09/2009 2:11 AM 108552]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 1:00 AM 14336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/09/2009 2:10 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/09/2009 2:10 AM 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2010 9:12 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 8:49 AM 227232]
S3 PCD5SRVC;PCD5SRVC - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [09/05/2005 8:20 PM 20224]
S3 Rio8Drv;Rio800 driver;c:\windows\system32\drivers\Rio8Drv.sys [04/08/2004 8:00 AM 12032]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [04/01/2010 7:38 AM 359624]
S4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [23/06/2010 3:47 AM 312152]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [25/07/2008 5:22 PM 93320]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [25/11/2009 5:20 AM 91392]
S4 PS3 Media Server;PS3 Media Server;"c:\program files\PS3 Media Server\win32\service\wrapper.exe" -s "c:\program files\PS3 Media Server\win32\service\wrapper.conf" --> c:\program files\PS3 Media Server\win32\service\wrapper.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-23 14:47]
2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:47]
2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:47]
2010-07-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2833429476-1472080745-2276778836-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2833429476-1472080745-2276778836-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.msn.comuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page =
hxxp://www.msn.comDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{26F43274-40E5-49a5-9EFB-227A3AED39F9}\components\SmartBuyFF.dll
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zom8ah60.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ESPN BottomLine - c:\program files\ESPN\BottomLine\bline.exe
MSConfigStartUp-Google Update - c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-06 22:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,3e,2c,25,45,bb,82,4f,8d,ef,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,3e,2c,25,45,bb,82,4f,8d,ef,b9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wudfhost.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\IObit\IObit Security 360\is360.exe
.
**************************************************************************
.
Completion time: 2010-07-06 23:02:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 03:02
ComboFix2.txt 2010-06-28 06:15
ComboFix3.txt 2010-06-24 02:14
Pre-Run: 6,380,257,280 bytes free
Post-Run: 6,519,816,192 bytes free
- - End Of File - - 6C8F131AA3CE2D5A187B3F9CFE52FAF5