Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log


  • This topic is locked This topic is locked
2 replies to this topic

#1 MISSYJ29

MISSYJ29

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 22 July 2010 - 06:55 PM

ComboFix 10-07-22.01 - Melissa 07/22/2010 14:49:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.825 [GMT -7:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\DFSR
c:\system volume information\DFSR\Config\DfsrMachineConfig.XML
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 22:06 . 2010-07-22 22:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-22 22:06 . 2010-07-22 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-22 22:06 . 2010-07-22 22:06 -------- d-----w- c:\users\CARL\AppData\Local\temp
2010-07-22 22:06 . 2010-07-22 22:11 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2010-07-19 19:29 . 2010-07-19 19:29 -------- d-----w- c:\users\CARL\AppData\Roaming\Apple Computer
2010-07-17 06:56 . 2010-07-17 06:56 -------- d-----w- c:\users\Melissa\AppData\Roaming\Apple Computer
2010-07-15 01:49 . 2010-07-15 01:51 -------- d-----w- c:\program files\QuickTime
2010-07-01 00:27 . 2010-07-01 00:27 -------- d-----w- c:\users\CARL\AppData\Local\Apple
2010-06-29 21:30 . 2010-06-29 21:30 700420 ----a-w- c:\users\CARL\AppData\Roaming\NCH Software\Program Files\Meo\uninst.exe
2010-06-29 21:30 . 2010-06-29 21:30 334520 ----a-w- c:\users\CARL\AppData\Roaming\NCH Software\Program Files\Meo\meosetup_v2.01.exe
2010-06-29 21:30 . 2010-06-29 21:30 700420 ----a-w- c:\users\CARL\AppData\Roaming\NCH Software\Program Files\Meo\meo.exe
2010-06-28 20:56 . 2010-06-28 20:56 -------- d-----w- C:\9eb8d9bb4aea09ff3091b4a2e54a6f
2010-06-27 09:23 . 2010-06-27 09:23 -------- d-----w- c:\users\CARL\AppData\Local\Microsoft Games
2010-06-26 21:55 . 2010-06-26 21:55 50354 ----a-w- c:\users\CARL\AppData\Roaming\Facebook\uninstall.exe
2010-06-26 21:55 . 2010-06-26 21:55 -------- d-----w- c:\users\CARL\AppData\Roaming\Facebook
2010-06-26 15:32 . 2010-06-26 15:32 -------- d-----w- c:\users\CARL\AppData\Local\CrashDumps
2010-06-26 15:12 . 2010-06-26 15:12 -------- d-----w- c:\users\CARL\AppData\Local\Symantec
2010-06-26 15:10 . 2010-06-26 15:10 -------- d-----w- c:\users\Guest\AppData\Local\Symantec
2010-06-23 20:58 . 2010-05-25 23:38 813936 ----a-r- c:\programdata\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.2.2\coFFFw\components\coFFFw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 21:41 . 2010-02-17 19:20 1356 ----a-w- c:\users\Melissa\AppData\Local\d3d9caps.dat
2010-07-22 04:49 . 2010-02-04 14:56 425303 ----a-w- c:\programdata\nvModes.dat
2010-07-19 20:25 . 2007-12-06 05:18 -------- d-----w- c:\program files\Java
2010-07-19 20:22 . 2010-04-25 14:33 -------- d-----w- c:\users\CARL\AppData\Roaming\vlc
2010-07-17 07:55 . 2010-02-03 11:51 -------- d-----w- c:\users\Melissa\AppData\Roaming\vlc
2010-07-15 01:49 . 2010-02-28 04:14 -------- d-----w- c:\programdata\Apple Computer
2010-07-11 20:10 . 2010-05-13 18:00 -------- d-----w- c:\program files\Pandora Recovery
2010-07-06 21:30 . 2010-03-17 23:10 -------- d-----w- c:\programdata\NCH Software
2010-07-05 18:33 . 2010-02-03 03:54 -------- d-----w- c:\users\Melissa\AppData\Roaming\Hewlett-Packard
2010-06-29 21:30 . 2010-05-05 16:05 -------- d-----w- c:\users\CARL\AppData\Roaming\NCH Software
2010-06-28 12:04 . 2010-04-25 13:26 -------- d-----w- c:\users\CARL\AppData\Roaming\Hewlett-Packard
2010-06-28 07:02 . 2007-12-06 05:02 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-27 23:44 . 2007-12-06 04:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-26 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-26 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-26 15:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-26 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 15:42 . 2010-06-26 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-06-26 15:41 . 2010-06-26 15:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-06-26 15:40 . 2010-06-26 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-06-26 15:31 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-26 15:31 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-25 02:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-23 20:53 . 2010-04-24 20:03 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-23 20:53 . 2010-04-24 20:03 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-23 20:53 . 2010-04-24 20:03 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-23 20:53 . 2007-12-06 03:12 -------- d-----w- c:\program files\Symantec
2010-06-22 23:22 . 2007-12-06 04:24 -------- d-----w- c:\program files\Microsoft Works
2010-06-18 23:52 . 2010-02-17 11:23 -------- d-----w- c:\users\Melissa\AppData\Roaming\CyberLink
2010-06-18 23:14 . 2010-04-29 14:34 -------- d-----w- c:\users\CARL\AppData\Roaming\CyberLink
2010-06-18 15:15 . 2010-06-18 15:15 -------- d-----w- c:\users\CARL\AppData\Roaming\PeerNetworking
2010-06-18 07:35 . 2010-06-18 07:35 -------- d-----w- c:\programdata\UAB
2010-06-18 07:34 . 2010-06-18 07:34 -------- d-----w- c:\programdata\Driver Whiz
2010-06-18 07:32 . 2010-06-18 07:32 -------- d-----w- c:\program files\Driver Whiz
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\CARL\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-09 10:17 . 2007-12-06 04:46 -------- d-----w- c:\programdata\Microsoft Help
2010-06-04 01:28 . 2010-05-05 17:42 -------- d-----w- c:\program files\Lx_cats
2010-05-26 22:24 . 2010-05-17 18:09 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 20:49 . 2010-03-17 23:09 -------- d--h--w- c:\program files\NCH Software
2010-05-26 20:49 . 2010-03-17 23:09 -------- d-----w- c:\users\Melissa\AppData\Roaming\NCH Software
2010-05-24 11:38 . 2010-05-24 11:38 -------- d-----w- c:\users\CARL\AppData\Roaming\HPAppData
2010-05-21 21:14 . 2010-02-04 04:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 14:34 . 2010-05-13 14:31 23089 ----a-w- c:\windows\hpqins15.dat
2010-05-06 04:01 . 2010-04-25 17:51 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-05-05 11:38 . 2010-05-05 11:38 680 ----a-w- c:\users\CARL\AppData\Local\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDown.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-02-22 19:05 2353176 ----a-w- c:\program files\Download_Energy\tbDown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDown.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDown.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-06 1006264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\users\CARL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-23 00:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 01:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 22:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 03:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2010-03-17 23:10 913412 ---ha-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-02-08 00:29 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1296693852-2360766034-3323350453-1002]
"EnableNotificationsRef"=dword:00000001

R2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys [2008-12-16 516480]
R3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys [2008-06-28 11648]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R4 EyelineService;Eyeline Video System;c:\program files\NCH Software\Eyeline\eyeline.exe [2010-03-17 675844]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [2010-05-22 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100720.001\IDSvix86.sys [2010-05-28 344112]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-04 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\HPCeeScheduleForCARL.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-06 19:58]

2010-07-05 c:\windows\Tasks\HPCeeScheduleForMelissa.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-06 19:58]

2010-07-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Melissa.job
- c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-05-25 05:34]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{E41C3E87-6B23-4388-9EC0-4BE77F3421BF}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\y91t8fgr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\programdata\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.2.2\coFFFw\components\coFFFw.dll
FF - component: c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\y91t8fgr.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\FFExternalAlert.dll
FF - component: c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\y91t8fgr.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 15:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NOF]
"ImagePath"="\"c:\program files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\2.0.0.71\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-22 15:16:48
ComboFix-quarantined-files.txt 2010-07-22 22:16

Pre-Run: 39,484,452,864 bytes free
Post-Run: 39,640,326,144 bytes free

- - End Of File - - DDE28184BFC587D383E0FF4D08344275


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:34 PM

Posted 30 July 2010 - 05:09 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:34 PM

Posted 03 August 2010 - 06:17 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users