ComboFix 10-08-14.02 - chris manley 08/15/2010 1:01.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2674 [GMT -7:00]
Running from: h:\documents and settings\chris manley\Desktop\zzz.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of h:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 06:38 . 2010-08-15 06:38 19024 ----a-w- h:\documents and settings\chris user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-15 06:38 . 2010-08-15 06:39 -------- d-----w- h:\documents and settings\chris user\Application Data\DAoC Portal
2010-08-15 00:23 . 2010-08-15 00:23 -------- d-----w- h:\documents and settings\LocalService\Application Data\McAfee
2010-08-14 00:07 . 2010-08-14 15:39 -------- d-----w- h:\windows\system32\NtmsData
2010-08-14 00:07 . 2010-08-14 00:07 -------- d-----w- h:\documents and settings\chris manley\Application Data\Avira
2010-08-13 23:53 . 2010-08-14 00:03 60936 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2010-08-13 23:53 . 2010-08-14 00:03 124784 ----a-w- h:\windows\system32\drivers\avipbb.sys
2010-08-13 23:53 . 2010-08-13 23:42 22360 ----a-w- h:\windows\system32\drivers\avgntmgr.sys
2010-08-13 23:53 . 2010-08-13 23:42 45416 ----a-w- h:\windows\system32\drivers\avgntdd.sys
2010-08-13 23:53 . 2010-08-13 23:53 -------- d-----w- h:\program files\Avira
2010-08-13 23:40 . 2010-08-13 23:40 27591840 ----a-w- h:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-10 23:07 . 2010-08-10 23:07 -------- d-----w- h:\documents and settings\All Users\Application Data\McAfee
2010-08-07 17:27 . 2010-08-07 17:29 -------- d-----w- h:\documents and settings\NetworkService\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 06:35 . 2010-08-15 06:35 -------- d-----w- h:\documents and settings\chris user\Application Data\Creative
2010-08-15 06:11 . 2008-08-24 01:07 -------- d-----w- h:\documents and settings\chris manley\Application Data\DAoC Portal
2010-08-15 00:34 . 2009-01-04 04:12 -------- d-----w- h:\documents and settings\All Users\Application Data\Google Updater
2010-08-13 23:53 . 2008-08-26 00:59 -------- d-----w- h:\documents and settings\All Users\Application Data\Avira
.
((((((((((((((((((((((((((((( SnapShot@2010-03-09_18.00.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 h:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 h:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 h:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 h:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-12 04:54 . 2009-07-12 04:54 65536 h:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 49152 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 61440 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 57344 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 65536 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 45056 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 04:32 . 2009-07-12 04:32 40960 h:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 09:07 . 2009-07-12 09:07 57856 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 09:19 . 2009-07-12 09:19 69632 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 03:41 . 2009-07-12 03:41 97280 h:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-04-27 21:20 . 2010-04-27 21:20 16384 h:\windows\Temp\Perflib_Perfdata_5b0.dat
+ 2004-08-10 12:00 . 2010-03-23 23:58 67574 h:\windows\system32\perfc009.dat
- 2004-08-10 12:00 . 2010-02-21 05:37 67574 h:\windows\system32\perfc009.dat
+ 2008-08-24 20:46 . 2010-03-06 21:44 84507 h:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-08-13 23:53 . 2010-08-13 23:42 28520 h:\windows\system32\drivers\ssmdrv.sys
+ 2008-12-16 06:25 . 2010-01-08 00:07 38224 h:\windows\system32\drivers\mbamswissarmy.sys
+ 2008-12-16 06:25 . 2010-01-08 00:07 19160 h:\windows\system32\drivers\mbam.sys
+ 2010-04-20 05:57 . 2010-04-20 05:57 49664 h:\windows\Installer\c7a230e.msi
+ 2010-03-18 06:56 . 2010-03-18 06:56 22528 h:\windows\Installer\158c7ce7.msi
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-04-12 23:06 . 2010-04-12 23:06 25214 h:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\ARPPRODUCTICON.exe
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 h:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 h:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 h:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 h:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 h:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 h:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 h:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2004-08-10 12:00 . 2010-03-23 23:58 433126 h:\windows\system32\perfh009.dat
- 2004-08-10 12:00 . 2010-02-21 05:37 433126 h:\windows\system32\perfh009.dat
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 h:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2010-03-01 19:59 . 2009-10-11 12:17 149280 h:\windows\system32\javaws.exe
+ 2010-03-01 19:59 . 2009-10-11 12:17 145184 h:\windows\system32\javaw.exe
+ 2010-03-01 19:59 . 2009-10-11 12:17 145184 h:\windows\system32\java.exe
+ 2008-12-12 03:30 . 2009-10-11 12:17 411368 h:\windows\system32\deploytk.dll
+ 2010-04-14 21:41 . 2010-04-14 21:42 262144 h:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-08-13 23:43 . 2010-08-13 23:43 228352 h:\windows\Installer\8399c.msi
+ 2010-03-06 21:43 . 2010-03-06 21:43 424960 h:\windows\Installer\63fcd7.msi
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 h:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 h:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1093120 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 04:46 . 2009-07-12 04:46 1105920 h:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-04-12 23:06 . 2010-04-12 23:06 1235968 h:\windows\Installer\89a2872.msi
+ 2010-04-20 05:57 . 2010-04-20 05:57 15710720 h:\windows\Installer\c7a2315.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="h:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="h:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Disc Detector"="h:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"UpdReg"="h:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTStartup"="h:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NeroFilterCheck"="h:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avgnt"="h:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-14 282792]
h:\documents and settings\chris manley\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
h:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - h:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\age of empires\\Copy of Age Of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\age of empires\\Copy of Age Of Empires II\\empires2.exe"=
"c:\\Games\\Steam\\SteamApps\\cblip\\condition zero\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\LimeWire\\LimeWire.exe"=
"h:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"h:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"h:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Games\\Steam\\SteamApps\\common\\unreal tournament\\System\\UnrealTournament.exe"=
"c:\\Games\\SecondLife\\SLVoice.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Games\\Call of Duty\\CoDMP.exe"=
"h:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;h:\program files\Avira\AntiVir Desktop\avmailc.exe [8/13/2010 4:53 PM 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;h:\program files\Avira\AntiVir Desktop\sched.exe [8/13/2010 4:53 PM 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;h:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/13/2010 4:53 PM 405672]
R3 L6DP;L6DP;h:\windows\system32\drivers\l6dp.sys [9/29/2006 9:05 AM 29312]
R3 sbext;Sound Blaster Extigy Audio Driver;h:\windows\system32\drivers\sbext.sys [8/23/2008 5:29 PM 1152916]
S2 gupdate1c988b7520d0ef0;Google Update Service (gupdate1c988b7520d0ef0);h:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 5:02 PM 133104]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);h:\windows\system32\drivers\GPWADrv.sys [9/29/2006 9:01 AM 472832]
S3 L6PODLV;PODxt Live Service;h:\windows\system32\drivers\L6PODLV.sys [9/29/2006 9:01 AM 472832]
S3 L6TPortB;Service - Line 6 TonePort UX2;h:\windows\system32\drivers\L6TPortB.sys [9/29/2006 9:01 AM 472832]
.
Contents of the 'Scheduled Tasks' folder
2010-08-07 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-08-15 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 21:47]
2010-08-15 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 00:02]
2010-08-15 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 00:02]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
LSP: h:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www9.yoog.com/search.php?q=FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL -
hxxp://www9.yoog.com/search.php?q=FF - plugin: h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: h:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL -
hxxp://www9.yoog.com/search.php?q=FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl -
hxxp://www9.yoog.com/search.php?q=FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueh:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-asam - h:\documents and settings\chris manley\Local Settings\Application Data\asam.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-15 01:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = h:\program files\Creative\ShareDLL\CtNotify.exe?X???^???????????????E?@?Disc Detector?A????? ?A?@ ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?? ??????~?B~??????????@???????????????????B?????? ???????????????????`??????r?B
CTStartup = h:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\?????????`??????C@?\???\??????s????\??????s\????&3?A??s?&3??C@?x???`|?w\?????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-823518204-651377827-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,34,bb,6f,1c,09,e6,24,51,7d,32,48,4f,5f,7a,07,ba,2c,08,cb,93,b8,e5,
4f,28,e5,42,47,74,13,b1,c6,ec,c9,24,9c,a8,94,9b,19,09,79,ca,55,0e,15,9c,98,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(732)
h:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2444)
h:\program files\Avira\AntiVir Desktop\avsda.dll
h:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(392)
h:\program files\Avira\AntiVir Desktop\avsda.dll
h:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-08-15 01:07:40
ComboFix-quarantined-files.txt 2010-08-15 08:07
ComboFix2.txt 2010-03-09 18:04
Pre-Run: 83,741,343,744 bytes free
Post-Run: 83,932,528,640 bytes free
- - End Of File - - B58DA9F99B41111E80C26C5E9F691057