ComboFix 10-08-15.01 - Pete 16/08/2010 0:40.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2760 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\driVERs\lxrsh.sys . . . . failed to delete
----- BITS: Possible infected sites -----
hxxp://lp2.patch.station.sony.com:7000.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_lxrsh
-------\Service_lxrsh
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 23:46 . 2010-08-15 23:50 -------- d-----w- c:\users\Pete\AppData\Local\temp
2010-08-15 14:47 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 14:47 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 14:44 . 2010-08-15 14:44 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 14:44 . 2010-08-15 14:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-15 14:44 . 2010-08-15 14:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-12 14:54 . 2010-08-12 14:54 -------- d-----w- c:\program files\Common Files\Pearson VUE Common
2010-08-11 12:53 . 2010-08-11 12:53 -------- d-----w- c:\programdata\SupportSoft
2010-08-11 12:52 . 2010-08-11 12:52 -------- d-----w- c:\program files\O2
2010-08-11 12:50 . 2010-08-11 12:50 -------- d-----w- c:\program files\O2_Installer
2010-08-11 12:31 . 2010-08-11 12:31 -------- d-----w- c:\users\Pete\AppData\Local\SupportSoft
2010-08-11 12:30 . 2010-08-11 12:30 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-08-06 18:03 . 2010-08-06 18:03 -------- d-----w- c:\program files\Lame for Audacity
2010-08-06 18:00 . 2010-08-08 16:07 -------- d-----w- c:\users\Pete\AppData\Roaming\Audacity
2010-08-06 17:59 . 2010-08-06 18:00 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-01 20:53 . 2010-08-01 20:53 -------- d-----w- c:\users\Pete\.thumbnails
2010-07-29 15:59 . 2010-07-29 15:59 -------- d-----w- c:\users\Pete\AppData\Local\skpijauqk
2010-07-27 15:44 . 2010-07-27 15:44 -------- d-----w- c:\users\Pete\AppData\Local\kqshxlwqv
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 23:53 . 2008-09-24 14:28 -------- d-----w- c:\programdata\Kontiki
2010-08-15 23:51 . 2010-05-26 16:29 34805 ----a-w- c:\programdata\nvModes.dat
2010-08-15 23:28 . 2010-05-14 18:23 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-15 20:39 . 2008-09-12 12:55 -------- d-----w- c:\program files\Steam
2010-08-15 14:45 . 2010-08-15 14:45 139152 ----a-w- c:\users\Pete\AppData\Roaming\PnkBstrK.sys
2010-08-15 14:45 . 2010-08-15 14:45 139152 ----a-w- c:\users\Pete\AppData\Roaming\PnkBstrK.sys
2010-08-15 12:34 . 2009-02-08 22:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-15 12:34 . 2009-02-08 22:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-13 06:34 . 2008-09-14 11:20 -------- d-----w- c:\users\Pete\AppData\Roaming\OpenOffice.org2
2010-08-13 06:33 . 2008-09-14 11:21 1 ----a-w- c:\users\Pete\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 16:27 . 2008-09-12 13:26 -------- d-----w- c:\users\Pete\AppData\Roaming\Skype
2010-08-11 16:05 . 2008-09-12 18:45 -------- d-----w- c:\users\Pete\AppData\Roaming\skypePM
2010-08-06 15:42 . 2008-09-12 12:55 -------- d-----w- c:\program files\Common Files\Steam
2010-08-06 11:43 . 2010-05-05 21:22 -------- d-----w- c:\users\Pete\AppData\Roaming\QuickScan
2010-08-01 20:53 . 2009-01-26 17:38 -------- d-----w- c:\users\Pete\AppData\Roaming\gtk-2.0
2010-07-29 17:22 . 2010-05-14 18:24 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 17:22 . 2010-05-14 18:24 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-16 21:49 . 2009-06-30 19:34 -------- d-----w- c:\users\Pete\AppData\Roaming\uTorrent
2010-07-16 21:48 . 2010-07-16 21:48 388096 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-16 21:48 . 2010-07-16 21:48 -------- d-----w- c:\program files\Trend Micro
2010-07-15 16:41 . 2008-09-12 12:43 -------- d-----w- c:\programdata\Skype
2010-06-29 15:47 . 2010-08-11 16:58 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-11 16:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-21 13:37 . 2010-08-11 16:58 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-20 19:58 . 2008-10-12 22:23 -------- d-----w- c:\users\Pete\AppData\Roaming\dvdcss
2010-06-20 14:44 . 2010-06-20 14:44 -------- d-----w- c:\users\Pete\AppData\Roaming\HandBrake
2010-06-20 14:44 . 2010-06-20 14:44 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-06-20 14:44 . 2010-06-20 14:44 -------- d-----w- c:\program files\Handbrake
2010-06-20 14:06 . 2008-10-25 14:41 -------- d-----w- c:\users\Pete\AppData\Roaming\Apple Computer
2010-06-20 14:05 . 2008-10-08 12:44 -------- d-----w- c:\programdata\Apple
2010-06-20 13:53 . 2010-06-20 13:52 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-20 13:53 . 2010-06-20 13:52 -------- d-----w- c:\program files\iTunes
2010-06-20 13:52 . 2010-06-20 13:52 -------- d-----w- c:\program files\iPod
2010-06-20 13:52 . 2008-10-08 12:45 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 13:52 . 2008-10-08 12:45 -------- d-----w- c:\programdata\Apple Computer
2010-06-20 13:51 . 2010-06-20 13:51 -------- d-----w- c:\program files\QuickTime
2010-06-20 13:49 . 2010-06-20 13:49 -------- d-----w- c:\program files\Apple Software Update
2010-06-20 13:48 . 2008-10-25 14:40 -------- d-----w- c:\program files\Bonjour
2010-06-18 17:31 . 2010-08-11 16:58 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 16:58 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 16:58 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 19:22 . 2010-06-17 19:21 -------- d-----w- c:\programdata\NovoSun Technology
2010-06-17 19:21 . 2010-06-17 19:21 -------- d-----w- c:\program files\NovoSun Technology
2010-06-17 19:08 . 2010-06-17 19:06 -------- d-----w- c:\programdata\vhp
2010-06-17 19:07 . 2010-06-17 19:07 -------- d-----w- c:\programdata\vh_arm
2010-06-17 19:06 . 2008-09-12 10:55 680 ----a-w- c:\users\Pete\AppData\Local\d3d9caps.dat
2010-06-17 18:43 . 2010-06-17 18:43 133648 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-17 18:43 . 2010-06-17 18:43 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-16 16:04 . 2010-08-11 16:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-11 16:16 . 2010-08-11 16:58 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-11 16:58 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-11 16:58 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 16:58 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 17:39 . 2010-05-14 20:14 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-05-27 20:08 . 2010-08-11 16:58 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 07:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 07:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-03 08:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-05 21:57 . 2010-05-05 21:57 2 --shatr- c:\windows\winstart.bat
2009-06-01 22:05 . 2009-06-01 22:05 8 --sh--r- c:\windows\System32\02F1B0C055.sys
2010-03-12 14:44 . 2009-06-01 21:46 2672 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-08-12 21741864]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Malwarebytes Anti-Malware (reboot)"="c:\users\Pete\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"LoadWatcher"=Test
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"4oD"="c:\program files\Kontiki\KHost.exe" -all
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Skytel"=Skytel.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RtHDVCpl"=RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,24,3c,21,82,ad,ca,01
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R1 vsmcyyhf;vsmcyyhf;c:\windows\system32\drivers\vsmcyyhf.sys [x]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [x]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7E30.tmp [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\DRIVERS\Navcar.sys [2006-09-18 30329]
R3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2009-03-04 202016]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-04-27 47104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - LXRSH
*Deregistered* - lxrsh
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-08-15 c:\windows\Tasks\User_Feed_Synchronization-{6F8F7FF8-D362-4AA2-8352-89EA4F09A64E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\o0oepl13.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.co.ukFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\o0oepl13.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\o0oepl13.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-16 00:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7E30.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\lxrsh]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2194419042-3711577458-1307208439-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*p*4*\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1392)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\libaprutil_tsvn.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2010-08-16 00:57:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 23:57
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 118,029,721,600 bytes free
- - End Of File - - 7C0E6E28F85B02CB1AB875C2407D4DC9