ComboFix 10-02-02.02 - Cheng 02/02/2010 18:04:47.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.536 [GMT -6:00]
Running from: c:\documents and settings\Cheng\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cheng\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\ibmtools\utils\bak
c:\ibmtools\utils\bak\ibmprc.exe
c:\program files\ATI Technologies\ATI Control Panel\bak
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\IBM\Messages By IBM\bak
c:\program files\IBM\Messages By IBM\bak\ibmmessages.exe
c:\program files\IBM\Updater\bak
c:\program files\IBM\Updater\bak\ucstartup.exe
c:\program files\Intel\Wireless\Bin\bak
c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe
c:\program files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
c:\program files\ThinkPad\ConnectUtilities\bak
c:\program files\ThinkPad\ConnectUtilities\bak\bak\QCTray.exe
c:\program files\ThinkPad\ConnectUtilities\bak\DISKCNW
c:\program files\ThinkPad\ConnectUtilities\bak\DISKCNW.ID
c:\program files\ThinkPad\ConnectUtilities\bak\DISKCNW.VER
c:\program files\ThinkPad\ConnectUtilities\bak\MerlinC201.dll
c:\program files\ThinkPad\ConnectUtilities\bak\QcAthExt.dll
c:\program files\ThinkPad\ConnectUtilities\bak\QCMurPI.dll
c:\program files\ThinkPad\ConnectUtilities\bak\QCON.DLL
c:\program files\ThinkPad\ConnectUtilities\bak\QCSebPI.dll
c:\program files\ThinkPad\ConnectUtilities\bak\QCWIZARD.EXE
c:\program files\ThinkPad\ConnectUtilities\bak\QCWLIcon.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\bak
c:\program files\ThinkPad\PkgMgr\HOTKEY\bak\TPHKMGR.exe
c:\program files\ThinkPad\Utilities\bak
c:\program files\ThinkPad\Utilities\bak\EzEjMnAp.Exe
c:\program files\ThinkPad\Utilities\bak\TpKmapAp.exe
c:\windows\system32\bak
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\dla\bak
c:\windows\system32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.
2010-01-27 07:50 . 2010-01-27 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-27 07:47 . 2010-01-27 07:47 -------- d-----w- c:\program files\Bonjour
2010-01-25 07:22 . 2010-01-25 07:22 -------- d-----w- c:\documents and settings\Cheng\Application Data\DivX
2010-01-25 06:28 . 2010-01-25 06:28 128 ----a-w- c:\documents and settings\Cheng\Local Settings\Application Data\fusioncache.dat
2010-01-22 14:14 . 2010-01-22 14:16 -------- dc-h--w- c:\windows\ie8
2010-01-22 04:03 . 2010-01-22 04:03 -------- d-----w- c:\windows\Sun
2010-01-22 00:44 . 2010-01-22 00:44 -------- d-----w- c:\documents and settings\Cheng\Application Data\AdobeUM
2010-01-22 00:20 . 2010-01-22 00:20 0 ----a-w- c:\windows\system32\drivers\{4DFA3219-0FFE-4ACA-AA10-0CE83C3BC60B}.sys
2010-01-21 17:51 . 2010-01-21 17:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-21 08:59 . 2010-01-21 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-21 08:32 . 2010-01-21 08:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 08:31 . 2010-01-21 08:31 -------- d-----w- c:\program files\Java
2010-01-21 02:25 . 2010-01-21 02:25 -------- d-----w- c:\documents and settings\Cheng\Local Settings\Application Data\Symantec
2010-01-21 02:17 . 2010-01-21 02:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-21 02:17 . 2010-01-21 02:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-21 02:12 . 2010-01-21 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-21 02:12 . 2010-01-21 02:17 -------- d-----w- c:\program files\Symantec
2010-01-18 04:33 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-18 04:15 . 2010-01-21 08:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-01-18 04:14 . 2010-01-21 01:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 04:36 . 2008-04-08 17:09 -------- d-----w- c:\documents and settings\Cheng\Application Data\uTorrent
2010-01-28 01:20 . 2005-08-25 02:10 -------- d-----w- c:\documents and settings\Cheng\Application Data\Apple Computer
2010-01-28 01:16 . 2008-09-21 00:11 26224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 01:14 . 2005-08-10 05:13 -------- d-----w- c:\program files\QuickTime
2010-01-27 07:52 . 2007-04-04 05:20 -------- d-----w- c:\program files\iTunes
2010-01-27 07:51 . 2005-08-25 02:08 -------- d-----w- c:\program files\iPod
2010-01-27 07:51 . 2008-09-11 02:13 -------- d-----w- c:\program files\Common Files\Apple
2010-01-27 07:44 . 2008-10-24 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-27 07:34 . 2008-11-09 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-27 05:24 . 2005-06-02 01:01 -------- d-----w- c:\program files\mIRC
2010-01-22 03:22 . 2005-05-27 17:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 02:24 . 2005-05-04 15:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-21 02:17 . 2010-01-21 02:17 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-21 02:17 . 2010-01-21 02:17 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-20 05:31 . 2005-06-12 05:47 -------- d-----w- c:\program files\DivX
2010-01-14 04:20 . 2005-05-04 15:41 -------- d-----w- c:\program files\InstallShield Installation Information
2010-01-14 04:16 . 2009-09-24 02:46 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-13 02:52 . 2009-03-27 05:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 22:07 . 2009-03-27 05:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-03-27 05:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 1980-01-01 07:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-12 23:07 . 2009-11-12 23:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2005-05-11 20:28 . 2005-06-20 05:04 41573 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-05-11 20:28 . 2005-06-20 05:04 48223 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-05-11 20:28 . 2005-06-20 05:04 159335 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-05-18 19:59 . 2004-02-04 20:29 61440 c:\program files\AIM\bak\aim.exe
2005-05-18 19:59 . 2004-02-04 20:29 61440 c:\program files\AIM\aim.exe
2004-08-13 23:17 . 2005-03-23 22:34 58992 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
2009-10-01 20:14 . 2009-10-01 20:14 115560 c:\program files\Common Files\Symantec Shared\ccApp.exe
2007-03-15 00:05 . 2007-03-15 00:05 257088 c:\program files\iTunes\bak\iTunesHelper.exe
2009-11-12 22:33 . 2009-11-12 22:33 141600 c:\program files\iTunes\iTunesHelper.exe
2007-02-16 15:54 . 2007-02-16 15:54 282624 c:\program files\QuickTime\bak\qttask.exe
2009-11-11 05:08 . 2009-11-11 05:08 417792 c:\program files\QuickTime\QTTask.exe
2004-12-20 18:41 . 2004-12-20 18:41 33792 c:\program files\Winamp\bak\winampa.exe
2004-12-16 10:41 . 2004-12-16 10:41 90112 c:\qoobox\Quarantine\C\IBMTOOLS\utils\bak\ibmprc.exe.vir
2005-05-04 15:46 . 2004-12-12 04:00 344064 c:\qoobox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe.vir
2004-08-06 09:10 . 2004-08-06 09:10 442368 c:\qoobox\Quarantine\C\Program Files\IBM\Messages By IBM\bak\ibmmessages.exe.vir
2004-07-14 23:34 . 2004-07-14 23:34 36864 c:\qoobox\Quarantine\C\Program Files\IBM\Updater\bak\ucstartup.exe.vir
2007-02-21 16:17 . 2007-02-21 16:17 970752 c:\qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe.vir
2007-02-21 16:19 . 2007-02-21 16:19 819200 c:\qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe.vir
2007-10-01 06:37 . 2005-03-18 10:07 12 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\DISKCNW.ID.vir
2007-10-01 06:37 . 2005-03-18 10:07 9 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\DISKCNW.VER.vir
2007-10-01 06:37 . 2005-03-18 10:07 12 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\DISKCNW.vir
2007-10-01 23:31 . 2005-03-18 10:07 167936 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\MerlinC201.dll.vir
2007-10-01 06:37 . 2005-03-18 10:07 32768 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\QcAthExt.dll.vir
2007-10-01 06:37 . 2005-03-18 10:07 151552 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\QCMurPI.dll.vir
2007-10-01 23:29 . 2005-03-18 10:07 1138688 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\QCON.DLL.vir
2007-10-01 06:37 . 2005-03-18 10:07 131072 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\QCSebPI.dll.vir
2007-10-01 06:37 . 2005-03-18 10:07 3072000 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\QCWIZARD.EXE.vir
2005-05-04 16:01 . 2005-03-18 10:07 86016 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\QCWLIcon.exe.vir
2005-05-04 16:01 . 2005-03-18 10:07 745472 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\bak\QCTray.exe.vir
2005-05-04 16:01 . 2005-03-18 10:07 745472 c:\qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\bak\bak\QCTray.exe.vir
1980-01-01 07:00 . 2005-03-04 00:10 94208 c:\qoobox\Quarantine\C\Program Files\ThinkPad\PkgMgr\HOTKEY\bak\TPHKMGR.exe.vir
2005-05-04 15:45 . 2004-11-24 09:10 212992 c:\qoobox\Quarantine\C\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe.vir
2005-05-04 15:41 . 2004-02-05 01:39 897024 c:\qoobox\Quarantine\C\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe.vir
1980-01-01 07:00 . 2004-08-04 12:00 15360 c:\qoobox\Quarantine\C\WINDOWS\system32\bak\ctfmon.exe.vir
2005-05-04 15:53 . 2004-09-02 08:05 127035 c:\qoobox\Quarantine\C\WINDOWS\system32\dla\bak\tfswctrl.exe.vir
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2004-02-04 61440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-01 115560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-02-04 20:29 61440 ----a-w- c:\program files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2004-02-28 17:12 144896 ----a-w- c:\progra~1\AIM\DeadAIM.ocm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2004-12-21 08:00 135168 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCTRAY]
c:\progra~1\ThinkPad\CONNEC~1\bak\QCTray.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLICON]
c:\progra~1\ThinkPad\CONNEC~1\QCWLIcon.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_Start]
c:\program files\IBM\Updater\\ucstartup.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
c:\program files\Winamp\winampa.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19833:TCP"= 19833:TCP:*:Disabled:BitComet 19833 TCP
"19833:UDP"= 19833:UDP:*:Disabled:BitComet 19833 UDP
R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [12/16/2004 2:03 AM 6912]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [5/4/2005 9:42 AM 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/20/2010 8:36 PM 102448]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [5/4/2005 9:42 AM 6016]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 {4DFA3219-0FFE-4ACA-AA10-0CE83C3BC60B};{4DFA3219-0FFE-4ACA-AA10-0CE83C3BC60B};c:\windows\system32\drivers\{4DFA3219-0FFE-4ACA-AA10-0CE83C3BC60B}.sys [1/21/2010 6:20 PM 0]
S1 2715DqgmF;2715DqgmF;\??\c:\windows\system32\drivers\2715DqgmF.sys --> c:\windows\system32\drivers\2715DqgmF.sys [?]
S1 aswSP;avast! Self Protection; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/1/2009 2:14 PM 23888]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [5/4/2005 10:01 AM 12288]
S4 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe --> c:\program files\SpywareDetector\SDMainService.exe [?]
S4 SDService;SDService;c:\program files\SpywareDetector\SDService.exe --> c:\program files\SpywareDetector\SDService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2007-10-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-05-04 08:00]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Cheng\Application Data\Mozilla\Firefox\Profiles\w3n2b5p1.Default User\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-?????????
SafeBoot-???
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-02 18:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,5d,af,38,0a,96,f3,4f,b3,13,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,5d,af,38,0a,96,f3,4f,b3,13,9e,\
[HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Minimal\
MmCaXtÔá¤ï(‡¤ß3‡]
@="Driver"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Network\
MmCaXtÔá¤ï(‡¤ß3‡]
@="Driver"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\
MmCaXtÔá¤ï(‡¤ß3‡]
"ImagePath"=expand:"\\??\\c:\\WINDOWS\\system32\\drivers\\\05?????????.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-02 18:31:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-03 00:31
ComboFix2.txt 2010-02-02 05:01
Pre-Run: 1,845,682,176 bytes free
Post-Run: 1,932,386,304 bytes free
- - End Of File - - B3424D887793669B682A8088FAA69D87