ComboFix 10-07-06.05 - Bryant 07/08/2010 16:48:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2763 [GMT -4:00]
Running from: c:\documents and settings\Bryant\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Bryant\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100708-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\Lkohozido.bin"
"c:\windows\Vsarexexivuxeru.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bryant\Local Settings\Application Data\sxflsqgfw
c:\windows\Lkohozido.bin
c:\windows\Vsarexexivuxeru.dat
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.
2010-07-07 21:38 . 2010-07-07 21:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-07 21:26 . 2010-07-07 21:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-07 21:24 . 2010-07-07 21:24 -------- d-----w- c:\documents and settings\Bryant\Local Settings\Application Data\Sunbelt Software
2010-07-07 17:57 . 2010-07-07 17:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-23 02:08 . 2010-06-23 02:08 -------- d-----w- c:\program files\iPod
2010-06-23 02:08 . 2010-06-23 02:09 -------- d-----w- c:\program files\iTunes
2010-06-23 02:06 . 2010-06-23 02:06 -------- d-----w- c:\program files\Bonjour
2010-06-17 00:52 . 2010-06-17 00:52 -------- d-----w- c:\documents and settings\Bryant\Application Data\HorizonWimba
2010-06-11 18:59 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 04:16 . 2008-07-15 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-08 01:01 . 2009-09-08 22:12 -------- d-----w- c:\documents and settings\Bryant\Application Data\vlc
2010-07-07 20:03 . 2009-02-13 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-07 17:57 . 2008-07-18 16:21 -------- d-----w- c:\program files\Common Files\Java
2010-07-07 17:57 . 2010-07-07 17:57 503808 ----a-w- c:\documents and settings\Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-798b2181-n\msvcp71.dll
2010-07-07 17:57 . 2010-07-07 17:57 499712 ----a-w- c:\documents and settings\Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-798b2181-n\jmc.dll
2010-07-07 17:57 . 2010-07-07 17:57 348160 ----a-w- c:\documents and settings\Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-798b2181-n\msvcr71.dll
2010-07-07 17:57 . 2010-07-07 17:57 61440 ----a-w- c:\documents and settings\Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4f34cb75-n\decora-sse.dll
2010-07-07 17:57 . 2010-07-07 17:57 12800 ----a-w- c:\documents and settings\Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4f34cb75-n\decora-d3d.dll
2010-07-07 17:28 . 2008-07-18 16:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-06 21:00 . 2008-07-19 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 11:27 . 2008-12-07 22:49 -------- d-----w- c:\documents and settings\Bryant\Application Data\uTorrent
2010-06-23 02:08 . 2008-07-13 19:36 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 02:03 . 2010-06-23 02:03 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-17 00:52 . 2010-06-17 00:52 6815744 ----a-w- c:\documents and settings\Bryant\Application Data\HorizonWimba\JSecureDoor\horizonmedia_2.1.13\data\horizonmedia.exe
2010-06-17 00:52 . 2010-06-17 00:52 632656 ----a-w- c:\documents and settings\Bryant\Application Data\HorizonWimba\JSecureDoor\horizonmedia_2.1.13\data\msvcr80.dll
2010-06-17 00:52 . 2010-06-17 00:52 554832 ----a-w- c:\documents and settings\Bryant\Application Data\HorizonWimba\JSecureDoor\horizonmedia_2.1.13\data\msvcp80.dll
2010-06-17 00:52 . 2010-06-17 00:52 479232 ----a-w- c:\documents and settings\Bryant\Application Data\HorizonWimba\JSecureDoor\horizonmedia_2.1.13\data\msvcm80.dll
2010-06-17 00:52 . 2010-06-17 00:52 16008 ----a-w- c:\documents and settings\Bryant\Application Data\HorizonWimba\JSecureDoor\horizonmedia_2.1.13\data\wimbasecproxy-high.exe
2010-06-17 00:52 . 2010-06-17 00:52 11776 ----a-w- c:\documents and settings\Bryant\Application Data\HorizonWimba\JSecureDoor\horizonmedia_2.1.13\data\wimbasecproxy-low.exe
2010-06-16 23:42 . 2008-12-07 22:49 -------- d-----w- c:\program files\uTorrent
2010-06-12 07:08 . 2008-07-31 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-11 10:59 . 2009-02-26 13:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 05:31 . 2010-06-06 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-24 21:42 . 2010-05-24 21:42 -------- d-----w- c:\documents and settings\Bryant\Application Data\Office Genuine Advantage
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-11 18:40 . 2008-10-20 16:44 -------- d-----w- c:\documents and settings\Bryant\Application Data\Canon
2010-05-10 13:00 . 2009-02-13 04:24 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2008-07-19 17:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-07-19 17:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 01:47 . 2008-07-13 20:14 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47 . 2009-03-19 05:16 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2008-07-13 19:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-13 04:05 . 2009-09-13 04:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2009-09-13 04:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2009-09-13 04:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2009-09-13 04:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2009-09-13 04:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2009-09-13 04:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2009-09-13 04:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2009-09-13 04:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2009-08-14 18:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2009-09-13 04:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-07-13 20:14 . 2008-07-13 20:14 88 --sh--r- c:\windows\system32\86EF7B0E6A.sys
.
(((((((((((((((((((((((((((((
SnapShot@2010-07-08_03.23.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 20:58 . 2010-07-08 20:58 16384 c:\windows\Temp\Perflib_Perfdata_610.dat
+ 2010-07-08 20:58 . 2010-07-08 20:58 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-7-13 221247]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-17 01:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 22:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]
2009-02-16 09:35 1358384 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 16:00 200767 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 21:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 21:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-12-12 22:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2009-09-01 23:23 818688 ----a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-07-13 02:34 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17569:TCP"= 17569:TCP:BitComet 17569 TCP
"17569:UDP"= 17569:UDP:BitComet 17569 UDP
"25763:TCP"= 25763:TCP:BitComet 25763 TCP
"25763:UDP"= 25763:UDP:BitComet 25763 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/13/2008 12:01 AM 114768]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/13/2008 12:01 AM 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/19/2008 1:41 PM 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/19/2008 1:41 PM 20952]
S2 gupdate1c98d93e411528;Google Update Service (gupdate1c98d93e411528);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2009 12:25 AM 133104]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/9/2009 8:29 AM 17408]
S3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [8/13/2009 1:48 PM 712704]
.
Contents of the 'Scheduled Tasks' folder
2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 20:03]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 04:25]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 04:25]
2010-07-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
2010-07-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-18 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://highlands.view.usg.edu/webct/logonDisplay.dowebct?insId=21505011&glcid=URN:X-WEBCT-VISTA-V1:031fca43-a818-5d85-016b-ced8ff0653aa&insName=Georgia%20Highlands%20CollegeuSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comFF - ProfilePath - c:\documents and settings\Bryant\Application Data\Mozilla\Firefox\Profiles\babwym9j.Bryant\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Bryant\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Bryant\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\Bryant\Application Data\Mozilla\Firefox\Profiles\babwym9j.Bryant\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-08 16:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(712)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-08 17:05:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 21:05
Pre-Run: 24,649,293,824 bytes free
Post-Run: 24,621,076,480 bytes free
- - End Of File - - 53AA9340DE181CB4284AB7E119B4EFF1