ComboFix 10-07-30.01 - Francisco Lee 07/31/2010 19:44:58.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -4:00]
Running from: c:\documents and settings\Francisco Lee\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Francisco Lee\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\termsrv.dll --> c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_fyopctqy
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 01:26 . 2010-07-31 01:26 -------- d-----w- C:\found.004
2010-07-24 15:49 . 2010-07-24 15:49 54632 ----a-w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 15:35 . 2010-07-24 15:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-24 15:23 . 2010-07-24 15:23 -------- d-----w- C:\found.003
2010-07-23 14:10 . 2010-07-23 14:10 -------- d-----w- C:\found.002
2010-07-23 04:55 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-23 04:55 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-23 04:55 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-23 04:55 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\program files\Avira
2010-07-23 04:55 . 2010-07-23 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-22 18:09 . 2010-07-22 18:09 -------- d-----w- C:\found.001
2010-07-22 14:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 14:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 14:58 . 2010-07-22 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 00:45 . 2010-07-22 00:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-22 00:29 . 2010-07-22 00:29 -------- d-----w- C:\found.000
2010-07-20 23:16 . 2010-07-20 23:16 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\80549D4BAC8408491A18543EEB42DDBD
2010-07-16 21:20 . 2010-07-16 21:20 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity
2010-07-16 07:00 . 2010-07-16 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-15 05:39 . 2010-07-15 05:41 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\ooVoo Details
2010-07-15 05:29 . 2010-07-15 05:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-15 05:29 . 2010-07-31 00:46 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\skypePM
2010-07-15 05:24 . 2010-07-31 02:11 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Skype
2010-07-15 05:22 . 2010-07-15 05:22 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 05:22 . 2010-07-15 05:23 -------- d-----r- c:\program files\Skype
2010-07-15 05:21 . 2010-07-15 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Temp
2010-07-15 05:07 . 2010-07-15 05:08 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google
2010-07-15 04:50 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-15 04:50 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-07-15 04:50 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-07-15 04:50 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-07-15 04:50 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-15 04:50 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-07-15 04:49 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-15 04:49 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-07-15 04:49 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-07-15 04:48 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-15 04:48 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-15 04:28 . 2007-02-03 14:32 1939360 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-15 04:28 . 2007-02-03 14:29 264992 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-15 04:28 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-07-15 04:28 . 2007-02-03 14:32 527136 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-15 04:28 . 2007-02-03 14:32 215840 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-15 04:28 . 2007-02-03 14:30 1507232 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-07-15 04:28 . 2007-02-03 13:01 13398 ----a-w- c:\windows\system32\Repository.reg
2010-07-15 04:28 . 2007-02-03 14:33 22560 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-15 04:28 . 2007-02-03 14:32 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-07-15 04:28 . 2007-02-03 14:29 129824 ----a-w- c:\windows\system32\lvci1051.dll
2010-07-15 04:26 . 2010-07-15 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-15 04:26 . 2010-07-15 04:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-15 04:21 . 2010-07-15 04:26 -------- d-----w- c:\program files\Logitech
2010-07-15 03:46 . 2010-07-15 03:46 -------- d-----w- c:\documents and settings\Francisco Lee\Local Settings\Application Data\LogiShrd
2010-07-15 03:45 . 2010-07-15 03:45 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Leadertech
2010-07-15 03:41 . 2010-07-15 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-15 03:23 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-15 03:23 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-14 11:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 23:57 . 2009-03-23 16:38 117760 ----a-w- c:\documents and settings\Francisco Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-25 22:31 . 2010-07-15 04:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-22 15:00 . 2009-03-07 03:22 -------- d-----w- c:\documents and settings\Francisco Lee\Application Data\Malwarebytes
2010-07-22 00:44 . 2007-03-29 06:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 18:07 . 2010-03-09 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 18:06 . 2010-03-09 04:10 -------- d-----w- c:\program files\SpywareBlaster
2010-07-15 04:30 . 2010-07-15 04:30 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-07-15 04:29 . 2010-07-15 04:29 10134 ----a-r- c:\documents and settings\Francisco Lee\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-07-15 04:27 . 2006-06-05 19:35 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-14 14:31 . 2006-06-05 18:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-11 08:46 . 2008-08-18 12:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-24 05:41 . 2010-05-24 05:41 503808 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcp71.dll
2010-05-24 05:41 . 2010-05-24 05:41 499712 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\jmc.dll
2010-05-24 05:41 . 2010-05-24 05:41 348160 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d605c38-n\msvcr71.dll
2010-05-24 05:41 . 2010-05-24 05:41 61440 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-sse.dll
2010-05-24 05:41 . 2010-05-24 05:41 12800 ----a-w- c:\documents and settings\Francisco Lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39e02bdd-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-15 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-12 3067904]
"nwiz"="nwiz.exe" [2004-03-12 753664]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Francisco Lee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/30/2007 4:40 PM 646392]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 8:23 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 8:23 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 8:23 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100730.001\IDSXpx86.sys [7/31/2010 7:39 PM 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 8:22 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 11:42 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/30/2010 7:35 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/23/2010 12:55 AM 135336]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/12/2010 9:01 PM 14424]
.
Contents of the 'Scheduled Tasks' folder
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003Core.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]
2010-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-117609710-1801674531-1003UA.job
- c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-15 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.vt.edu/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\documents and settings\All Users\Start Menu\Programs\absoƖute Poker\absoƖute Poker.lnk
FF - ProfilePath - c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\Firefox\Profiles\e59ng5xf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Francisco Lee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Francisco Lee\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-31 19:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8737F7B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf789af28
\Driver\ACPI -> ACPI.sys @ 0xf76fbcb8
\Driver\atapi -> atapi.sys @ 0xf7672b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf752cbb0
PacketIndicateHandler -> NDIS.sys @ 0xf751ba0d
SendHandler -> NDIS.sys @ 0xf752fb40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"=""c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,f8,99,60,9b,06,87,47,b3,fa,bc,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1244)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(5484)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\bcmntray.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-07-31 20:04:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 00:04
ComboFix2.txt 2010-07-31 02:13
Pre-Run: 12,806,123,520 bytes free
Post-Run: 12,790,206,464 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FD21E53BB1EF5667B5A00897E4AC8B8C