ComboFix 10-08-29.04 - Owner 08/30/2010 15:19:04.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.204 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\atapi.sys --> c:\Windows\System32\Drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.
2010-08-25 15:09 . 2010-08-25 15:09 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-20 21:23 . 2010-08-20 21:23 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-19 19:37 . 2008-06-17 21:56 45688 ----a-r- c:\windows\system32\drivers\generic.sys
2010-08-19 19:37 . 2008-06-17 21:56 20600 ----a-r- c:\windows\system32\drivers\DM150Drv.sys
2010-08-19 19:35 . 2010-08-19 19:35 -------- d-----w- c:\program files\Pitney Bowes
2010-08-19 19:34 . 2010-08-19 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Pitney Bowes
2010-08-19 19:33 . 2010-08-19 19:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{7387B7C8-A3C3-4A2D-87B1-C5691A71AFC3}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 14:37 . 2005-10-27 20:27 -------- d-----w- c:\program files\Google
2010-08-10 18:07 . 2005-10-15 15:36 728 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-08-09 13:16 . 2010-08-09 13:16 19266856 ----a-w- c:\documents and settings\Owner\Application Data\Memeo\AutoBackupPro\temp\7494_me_abpro_en-US_setup.exe
2010-08-06 17:40 . 2010-08-06 17:40 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2e48710d-n\msvcp71.dll
2010-08-06 17:40 . 2010-08-06 17:40 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2e48710d-n\jmc.dll
2010-08-06 17:40 . 2010-08-06 17:40 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2e48710d-n\msvcr71.dll
2010-08-06 17:40 . 2010-08-06 17:40 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21d65a45-n\decora-sse.dll
2010-08-06 17:40 . 2010-08-06 17:40 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21d65a45-n\decora-d3d.dll
2010-07-23 19:53 . 2010-07-23 19:53 -------- d-----w- c:\program files\7-Zip
2010-07-22 19:09 . 2003-01-03 13:49 -------- d-----w- c:\program files\Ahead
2010-07-21 16:03 . 2010-07-21 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2010-07-16 21:15 . 2010-07-16 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2010-07-16 21:08 . 2010-07-16 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Memeo
2010-07-16 21:08 . 2010-07-16 21:07 -------- d-----w- c:\program files\Memeo
2010-07-16 21:07 . 2010-07-16 21:07 -------- d-----w- c:\program files\Common Files\Memeo
2010-07-14 15:34 . 2010-02-11 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-14 08:32 . 2010-07-12 15:19 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-13 15:54 . 2010-07-13 15:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2010-07-13 15:18 . 2005-05-23 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 15:00 . 2010-07-13 15:00 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-07-13 15:00 . 2010-07-13 15:00 22 --sha-w- c:\documents and settings\Owner\Application Data\Sys6925.Config Collection.sys
2010-07-13 15:00 . 2010-07-13 15:00 22 --sha-w- c:\documents and settings\Owner\Application Data\Sys6925.Config Collection.sys
2010-07-13 13:22 . 2004-10-07 13:29 121216 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-12 17:49 . 2005-10-10 18:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-12 15:51 . 2010-07-12 15:51 -------- d-----w- c:\program files\MSBuild
2010-07-12 15:51 . 2010-07-12 15:51 -------- d-----w- c:\program files\Reference Assemblies
2010-07-12 15:20 . 2010-07-12 15:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2010-07-12 14:52 . 2010-07-12 14:52 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-17336408-n\msvcp71.dll
2010-07-12 14:52 . 2010-07-12 14:52 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-17336408-n\jmc.dll
2010-07-12 14:52 . 2010-07-12 14:52 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-17336408-n\msvcr71.dll
2010-07-12 14:52 . 2003-01-03 13:44 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 14:52 . 2010-07-12 14:52 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29f31e9f-n\decora-sse.dll
2010-07-12 14:52 . 2010-07-12 14:52 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29f31e9f-n\decora-d3d.dll
2010-07-12 14:52 . 2010-07-12 14:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 14:52 . 2010-07-12 14:52 -------- d-----w- c:\program files\Java
2010-06-30 12:31 . 2003-01-03 11:41 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-01-03 11:42 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-01-03 11:41 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-01-03 11:41 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-01-03 12:54 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-24 14:37 . 2010-08-24 14:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2003-03-31 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"WD Button Manager"="WDBtnMgr.exe" [2005-07-01 331776]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\brandon\Programs\quick\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinVNC"="c:\program files\iTivity\bin\rfbd.exe" [2005-03-25 274432]
"iTivityODConnector"="c:\program files\iTivity\bin\connector_od.exe" [2006-11-13 299008]
"tridiavnc"="c:\program files\iTivity\bin\rfbd.exe" [2005-03-25 274432]
"iTivityODController"="c:\program files\iTivity\bin\processor_od.exe" [2006-11-13 237568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Memeo Backup Pro"="c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-04-09 136416]
"PC Meter Connect"="c:\program files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe" [2010-05-05 3760128]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\brandon\Programs\Picasa\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-24 10872]
Cenlpdstatus.exe [2002-9-9 102400]
FTP Utility.lnk - c:\program files\KONICA MINOLTA\FTP Utility\KMFtp.exe [2004-10-27 102400]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cenlpdstatus.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cenlpdstatus.exe
backup=c:\windows\pss\Cenlpdstatus.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-05-18 02:30 543232 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2003-09-19 17:09 36864 ----a-w- c:\windows\ShowWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\MSACCESS.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7303:UDP"= 7303:UDP:Control Center UDP Port
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/27/2005 3:31 PM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/27/2005 3:31 PM 5248]
R2 CenLPD;CenLPD;c:\program files\Century\TinyTERM\NetUtils\CenLPD.exe [10/7/2004 8:07 AM 102400]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [4/9/2010 4:19 PM 25824]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [11/17/2004 3:56 PM 23200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9d4c2231e140c;Google Update Service (gupdate1c9d4c2231e140c);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2009 1:30 PM 133104]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter Driver;c:\windows\system32\drivers\AON325.sys [2/21/2003 4:25 PM 46976]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [8/19/2010 2:37 PM 20600]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/24/2010 9:37 AM 30192]
S3 iTivityODConnector;iTivity Live Support Connector Direct;c:\program files\iTivity\bin\connector_od.exe [4/6/2010 12:34 PM 299008]
S3 iTivityODConnectToIASConnector;iTivity Live Support Connector To IAS;c:\program files\iTivity\bin\connector_od.exe [4/6/2010 12:34 PM 299008]
S3 iTivityODController;iTivity Live Support Controller;c:\program files\iTivity\bin\processor_od.exe [4/6/2010 12:34 PM 237568]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [11/17/2004 4:26 PM 15104]
S3 TridiaFTPServer;TridiaFTP Server;c:\program files\iTivity\bin\ftpd.exe [4/6/2010 12:34 PM 528448]
S3 tridiavnc;Tridia Screen Server;c:\program files\iTivity\bin\rfbd.exe [4/6/2010 12:34 PM 274432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 22:27]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:30]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:30]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026034599-3939155063-2809091464-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 14:56]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1026034599-3939155063-2809091464-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 14:56]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://login.yahoo.com/config/login?.page=p1&.partner=&.intl=us&.done=http%3a%2f%2fmy.yahoo.com%2findex.html&.src=myuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext =
hxxp://www.google.com/uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{b234a570-7d2e-11d4-a4bd-0010a4c73bd0} - c:\program files\eBots\\eBzLjtPrn.exe
TCP: {4BD4F3EB-5658-4F24-A7A3-EF9FC566C4B1} = 151.164.11.201,151.164.1.8
TCP: {FF51B570-A98E-4D22-82B9-C9F63504606E} = 151.164.11.201,151.164.1.8
DPF: Web-Based Email Tools -
hxxp://email.secureserver.net/Download.CABDPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} -
hxxp://scpwnb.ops.placeware.com/etc/place/NOVEMBER/SCNpws-b2/5.1.7.413/lib/quicksilver.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4yu3lx9.default\
FF - prefs.js: browser.startup.homepage -
hxxp://login.yahoo.com/config/login?.page=p1&.partner=&.intl=us&.done=http%3a%2f%2fmy.yahoo.com%2findex.html&.src=myFF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e4yu3lx9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\brandon\Programs\Divx\DivX Content Uploader\npUpload.dll
FF - plugin: c:\brandon\Programs\Divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\brandon\Programs\Divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\brandon\Programs\Picasa\Picasa2\npPicasa2.dll
FF - plugin: c:\brandon\Programs\Picasa\Picasa2\npPicasa3.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin2.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin3.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin4.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin5.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin6.dll
FF - plugin: c:\brandon\Programs\quick\Plugins\npqtplugin7.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-30 15:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84C3CE68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7416cb8
\Driver\atapi -> 0x84c3ce68
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf72c2bb0
PacketIndicateHandler -> NDIS.sys @ 0xf72cfa21
SendHandler -> NDIS.sys @ 0xf72ad87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 60 !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AC0FFDC-D68A-4D5F-75BF0D842EDCB137}\{3647E330-7B13-5DC9-623E15C2DE512604}\{FDA52484-33A0-4DF1-40A7FB2F70E68E7D}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\progra~1\Dantz\RETROS~1\wdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\WDBtnMgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Memeo\AutoBackupPro\MemeoBackup.exe
c:\program files\Memeo\AutoBackupPro\MemeoUpdater.exe
.
**************************************************************************
.
Completion time: 2010-08-30 15:53:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 20:53
ComboFix2.txt 2010-07-23 19:22
ComboFix3.txt 2010-07-20 19:52
ComboFix4.txt 2010-07-20 12:35
ComboFix5.txt 2010-08-30 20:00
Pre-Run: 79,893,188,608 bytes free
Post-Run: 80,223,899,648 bytes free
- - End Of File - - 8D366651D0A5FD3C511AF0BA6F008886