Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Mar 15th, 2010  |  syntax: None  |  size: 21.47 KB  |  views: 212  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
This paste has a previous version, view the difference. Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. ComboFix 10-03-14.01 - goran07 15.03.2010  11:14:20.4.2 - x86
  2. Microsoft Windows XP Professional  5.1.2600.3.1250.385.1033.18.3070.2599 [GMT 1:00]
  3. Running from: c:\documents and settings\goran07\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\goran07\Desktop\CFScript.txt
  5. AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  6.  * Resident AV is active
  7.  
  8. .
  9. The following files were disabled during the run:
  10. c:\windows\TEMP\logishrd\LVPrcInj01.dll
  11.  
  12.  
  13. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  14. .
  15.  
  16. c:\windows\TEMP\logishrd\LVPrcInj01.dll
  17. c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete
  18.  
  19. .
  20. --------------- FCopy ---------------
  21.  
  22. c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\atapi.sys
  23. .
  24. (((((((((((((((((((((((((   Files Created from 2010-02-15 to 2010-03-15  )))))))))))))))))))))))))))))))
  25. .
  26.  
  27. 2010-03-14 14:50 . 2010-03-14 14:50     --------        d-----w-        C:\_OTL
  28. 2010-03-13 07:22 . 2010-03-14 15:53     517840  ----a-w-        c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
  29. 2010-03-12 12:59 . 2010-03-12 12:59     36864   ----a-w-        c:\documents and settings\goran07\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
  30. 2010-03-12 12:58 . 2010-03-12 12:58     --------        d-----w-        c:\documents and settings\All Users\Application Data\FLEXnet
  31. 2010-03-12 12:49 . 2010-03-12 12:49     --------        d-----w-        c:\program files\Common Files\Macrovision Shared
  32. 2010-03-12 12:47 . 2010-03-12 12:59     --------        d-----w-        c:\documents and settings\goran07\Application Data\Autodesk
  33. 2010-03-12 12:47 . 2010-03-12 12:50     --------        d-----w-        c:\program files\Common Files\Autodesk Shared
  34. 2010-03-12 12:47 . 2010-03-12 12:50     --------        d-----w-        c:\program files\AutoCAD 2010
  35. 2010-03-12 12:47 . 2010-03-12 12:47     --------        d-----w-        c:\documents and settings\goran07\Local Settings\Application Data\Autodesk
  36. 2010-03-12 12:47 . 2010-03-12 12:47     --------        d-----w-        c:\documents and settings\All Users\Application Data\Autodesk
  37. 2010-03-09 08:19 . 2010-03-09 08:40     --------        d-----w-        c:\program files\PhotoScape
  38. 2010-03-08 18:16 . 2010-03-08 18:16     --------        d-----w-        c:\program files\FastStone Image Viewer
  39. 2010-02-23 09:37 . 2010-02-23 09:37     --------        d-----w-        c:\program files\Lavalys
  40. 2010-02-22 18:28 . 2010-02-22 18:28     --------        d-----w-        c:\documents and settings\All Users\Application Data\NVIDIA Corporation
  41. 2010-02-22 18:28 . 2010-02-22 18:28     --------        d-----w-        c:\program files\NVIDIA Corporation
  42. 2010-02-22 18:27 . 2010-01-12 04:03     61440   ----a-w-        c:\windows\system32\OpenCL.dll
  43. 2010-02-22 18:27 . 2010-01-12 04:03     4077672 ----a-w-        c:\windows\system32\nvcuvenc.dll
  44. 2010-02-22 18:27 . 2010-01-12 04:03     2259560 ----a-w-        c:\windows\system32\nvcuvid.dll
  45. 2010-02-22 18:27 . 2010-01-12 04:03     2283526 ----a-w-        c:\windows\system32\nvdata.bin
  46. 2010-02-22 18:27 . 2010-01-12 04:03     11632640        ----a-w-        c:\windows\system32\nvcompiler.dll
  47. 2010-02-22 18:27 . 2010-02-22 18:27     --------        d-----w-        C:\NVIDIA
  48. 2010-02-22 16:51 . 2010-02-22 18:35     --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
  49. 2010-02-22 16:36 . 2010-02-23 07:37     --------        d-----w-        c:\program files\Common Files\BioWare
  50. 2010-02-22 16:30 . 2010-02-22 17:39     --------        d-----w-        c:\program files\DAEMON Tools Lite
  51. 2010-02-14 13:02 . 2010-02-17 10:13     --------        d-----w-        c:\program files\Call of Duty
  52. 2010-02-14 12:23 . 2010-02-22 16:31     --------        d-----w-        c:\program files\DAEMON Tools Toolbar
  53. 2010-02-14 12:23 . 2010-02-14 12:23     691696  ----a-w-        c:\windows\system32\drivers\sptd.sys
  54. 2010-02-14 12:22 . 2010-02-14 12:36     --------        d-----w-        c:\documents and settings\goran07\Application Data\DAEMON Tools Lite
  55. 2010-02-14 12:20 . 2010-02-14 12:22     --------        d-----w-        c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
  56. 2010-02-14 11:45 . 2010-02-14 11:45     --------        d-----w-        c:\documents and settings\goran07\Application Data\DAEMON Tools Pro
  57.  
  58. .
  59. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  60. .
  61. 2010-03-12 12:57 . 2009-04-09 20:18     116904  ----a-w-        c:\documents and settings\goran07\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  62. 2010-03-08 18:59 . 2009-11-29 16:28     --------        d-----w-        c:\program files\Windows Live Safety Center
  63. 2010-03-08 18:11 . 2009-04-15 17:46     --------        d-----w-        c:\program files\Google
  64. 2010-03-08 18:02 . 2009-05-09 17:38     --------        d-----w-        c:\documents and settings\goran07\Application Data\FastStone
  65. 2010-02-24 15:36 . 2009-04-10 18:09     --------        d--h--w-        c:\program files\InstallShield Installation Information
  66. 2010-02-22 18:28 . 2009-10-25 14:22     --------        d-----w-        c:\program files\AGEIA Technologies
  67. 2010-02-12 08:56 . 2010-02-12 08:54     --------        d-----w-        c:\program files\3D Driving-School
  68. 2010-02-10 19:26 . 2010-02-10 19:26     --------        d-----w-        c:\program files\Room Arranger
  69. 2010-02-10 16:54 . 2010-02-10 16:54     --------        d-----w-        c:\program files\Mobi3D DEMO
  70. 2010-02-10 16:54 . 2009-04-22 19:30     737280  ----a-w-        c:\windows\iun6002.exe
  71. 2010-02-10 11:17 . 2009-04-15 18:20     --------        d-----w-        c:\program files\Common Files\Adobe
  72. 2010-02-09 18:41 . 2010-02-09 18:41     --------        d-----w-        c:\documents and settings\goran07\Application Data\Apple Computer
  73. 2010-02-09 17:31 . 2010-02-09 17:30     --------        d-----w-        c:\program files\QuickTime
  74. 2010-02-09 17:30 . 2010-02-09 17:30     --------        d-----w-        c:\documents and settings\All Users\Application Data\Apple Computer
  75. 2010-02-09 17:30 . 2010-02-09 17:30     --------        d-----w-        c:\program files\Common Files\Apple
  76. 2010-02-09 17:30 . 2010-02-09 17:30     --------        d-----w-        c:\program files\Apple Software Update
  77. 2010-02-09 17:30 . 2010-02-09 17:30     --------        d-----w-        c:\documents and settings\All Users\Application Data\Apple
  78. 2010-02-07 20:44 . 2010-02-07 20:33     --------        d-----w-        c:\documents and settings\goran07\Application Data\foobar2000
  79. 2010-02-07 20:38 . 2010-02-07 20:38     --------        d-----w-        c:\program files\MP4 Player
  80. 2010-02-07 20:33 . 2010-02-07 20:33     --------        d-----w-        c:\program files\foobar2000
  81. 2010-02-02 19:41 . 2009-05-04 19:50     --------        d-----w-        c:\program files\K-Lite Codec Pack
  82. 2010-02-02 18:13 . 2010-02-02 18:13     --------        d-----w-        c:\program files\ESET
  83. 2010-02-01 20:03 . 2010-02-01 20:03     --------        d-----w-        c:\program files\SPCA1528
  84. 2010-01-30 12:05 . 2009-08-20 13:45     --------        d-----w-        c:\program files\AIMP2
  85. 2010-01-29 20:27 . 2010-01-29 20:27     71168   ----a-w-        c:\windows\WinLibrary.EXE
  86. 2010-01-29 20:27 . 2010-01-29 20:27     560030  ----a-w-        c:\windows\Winfuntion.exe
  87. 2010-01-29 08:31 . 2009-08-20 13:46     --------        d-----w-        c:\documents and settings\goran07\Application Data\AIMP
  88. 2010-01-15 18:19 . 2009-07-02 18:53     --------        d-----w-        c:\program files\Opera
  89. 2010-01-12 04:03 . 2009-04-10 18:39     592488  ----a-w-        c:\windows\system32\nvudisp.exe
  90. 2010-01-12 04:03 . 2009-04-10 18:38     14458880        ----a-w-        c:\windows\system32\nvoglnt.dll
  91. 2010-01-12 04:03 . 2009-04-10 18:38     4104192 ----a-w-        c:\windows\system32\nvcuda.dll
  92. 2010-01-12 04:03 . 2009-04-10 18:38     182888  ----a-w-        c:\windows\system32\nvcodins.dll
  93. 2010-01-12 04:03 . 2009-04-10 18:38     182888  ----a-w-        c:\windows\system32\nvcod.dll
  94. 2010-01-12 04:03 . 2009-04-10 18:38     1081344 ----a-w-        c:\windows\system32\nvapi.dll
  95. 2010-01-12 04:03 . 2009-04-09 20:15     6359168 ----a-w-        c:\windows\system32\nv4_disp.dll
  96. 2010-01-12 04:03 . 2009-04-09 20:14     10276768        ----a-w-        c:\windows\system32\drivers\nv4_mini.sys
  97. 2010-01-11 21:17 . 2010-01-11 21:17     278120  ----a-w-        c:\windows\system32\nvmccs.dll
  98. 2010-01-11 21:17 . 2010-01-11 21:17     154216  ----a-w-        c:\windows\system32\nvsvc32.exe
  99. 2010-01-11 21:17 . 2010-01-11 21:17     145000  ----a-w-        c:\windows\system32\nvcolor.exe
  100. 2010-01-11 21:17 . 2010-01-11 21:17     13666408        ----a-w-        c:\windows\system32\nvcpl.dll
  101. 2010-01-11 21:17 . 2010-01-11 21:17     110696  ----a-w-        c:\windows\system32\nvmctray.dll
  102. 2010-01-11 21:17 . 2010-01-11 21:17     81920   ----a-w-        c:\windows\system32\nvwddi.dll
  103. 2010-01-01 20:27 . 2010-01-01 20:27     40      ---ha-w-        c:\windows\system32\ezsidmv.dat
  104. 2009-12-22 18:39 . 2009-12-22 18:39     922112  ------w-        c:\windows\system32\imapi2fs.dll
  105. 2009-12-22 18:39 . 2009-12-22 18:39     426496  ------w-        c:\windows\system32\imapi2.dll
  106. .
  107.  
  108. (((((((((((((((((((((((((((((   SnapShot@2010-03-14_19.07.11   )))))))))))))))))))))))))))))))))))))))))
  109. .
  110. + 2010-03-15 10:18 . 2010-03-15 10:18   16384              c:\windows\temp\Perflib_Perfdata_1d0.dat
  111. .
  112. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  113. .
  114. .
  115. *Note* empty entries & legit default entries are not shown
  116. REGEDIT4
  117.  
  118. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  119. "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]
  120. "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
  121.  
  122. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  123. "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
  124. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
  125. "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
  126. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
  127. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
  128. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
  129. "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
  130. "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
  131.  
  132. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  133. @="Driver"
  134.  
  135. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  136. "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
  137. "ctfmon.exe"=c:\windows\system32\ctfmon.exe
  138. "RGSC"=e:\g t a instalacija\Rockstar Games Social Club\RGSCLauncher.exe /silent
  139. "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
  140. "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
  141.  
  142. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  143. "H2O"=c:\program files\SyncroSoft\Pos\H2O\cledx.exe
  144. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
  145.  
  146. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  147. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  148. "%windir%\\system32\\sessmgr.exe"=
  149. "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
  150. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  151. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  152. "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
  153. "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
  154. "e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
  155. "e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\GTAIV.exe"=
  156. "e:\\G T A INSTALACIJA\\Rockstar Games Social Club\\RGSCLauncher.exe"=
  157. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  158. "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  159. "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  160. "e:\\programi\\NOVOMATIC Multi-Gaminator 22in1\\game.exe"=
  161. "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
  162. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  163. "c:\\Program Files\\Opera\\opera.exe"=
  164. "e:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
  165. "e:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
  166. "e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
  167.  
  168. R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 1:46 PM 63352]
  169. R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 4:11 PM 35328]
  170. R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 35168]
  171. R1 f4cd7848-3e92-4732-80a1-63c7ed58f8ac;f4cd7848-3e92-4732-80a1-63c7ed58f8ac;c:\windows\iprot\f4cd7848-3e92-4732-80a1-63c7ed58f8ac\PhysMem.sys [12/8/2009 1:39 PM 3584]
  172. R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 472280]
  173. R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/25/2009 7:06 PM 33792]
  174. S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2/1/2010 9:03 PM 516480]
  175. S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 5:30 PM 135664]
  176. S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2/1/2010 9:03 PM 11648]
  177. S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2010 1:23 PM 691696]
  178.  
  179. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
  180. UxTuneUp
  181. .
  182. Contents of the 'Scheduled Tasks' folder
  183.  
  184. 2010-03-15 c:\windows\Tasks\1-Click Maintenance.job
  185. - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
  186.  
  187. 2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
  188. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
  189.  
  190. 2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  191. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30]
  192.  
  193. 2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  194. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30]
  195. .
  196. .
  197. ------- Supplementary Scan -------
  198. .
  199. uStart Page = hxxp://search.babylon.com/home
  200. mLocal Page =
  201. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  202. IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
  203. IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
  204. IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
  205. IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
  206. IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe
  207. DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
  208. DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
  209. FF - ProfilePath - c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\
  210. FF - prefs.js: browser.search.defaulturl -
  211. FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/index.cgi?active_page=page_home&prev_page=page_login&has_param=1&req_mode=0&mimic_button_field=submit_button_login_submit%3a+..&strip_page_top=0&button_value=
  212. FF - component: c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
  213. FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
  214. FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
  215.  
  216. ---- FIREFOX POLICIES ----
  217. FF - user.js: network.http.max-connections-per-server - 6
  218. FF - user.js: network.http.max-persistent-connections-per-server - 3
  219. FF - user.js: nglayout.initialpaint.delay - 750
  220. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  221. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
  222. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
  223. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
  224. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
  225. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
  226. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  227. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  228. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
  229. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
  230. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
  231. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
  232. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
  233. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
  234. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
  235. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
  236. c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
  237. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
  238. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
  239. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
  240. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  241. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  242. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
  243. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
  244. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
  245. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
  246. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
  247. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  248. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
  249. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
  250. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
  251. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  252. .
  253.  
  254. **************************************************************************
  255.  
  256. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  257. Rootkit scan 2010-03-15 11:21
  258. Windows 5.1.2600 Service Pack 3 NTFS
  259.  
  260. scanning hidden processes ...  
  261.  
  262. scanning hidden autostart entries ...
  263.  
  264. scanning hidden files ...  
  265.  
  266. scan completed successfully
  267. hidden files: 0
  268.  
  269. **************************************************************************
  270.  
  271. Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
  272.  
  273. device: opened successfully
  274. user: MBR read successfully
  275. called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys >>UNKNOWN [0x8AAD28E0]<<
  276. kernel: MBR read successfully
  277. detected MBR rootkit hooks:
  278. \Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28
  279. \Driver\ACPI -> ACPI.sys @ 0xf75aecb8
  280. \Driver\atapi -> sfsync03.sys @ 0xf761895c
  281. IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
  282.  ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9
  283. \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
  284.  ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9
  285. NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf787fbb0
  286.  PacketIndicateHandler -> NDIS.sys @ 0xf788ca21
  287.  SendHandler -> NDIS.sys @ 0xf786a87b
  288. user & kernel MBR OK
  289.  
  290. **************************************************************************
  291. .
  292. --------------------- LOCKED REGISTRY KEYS ---------------------
  293.  
  294. [HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
  295. @Allowed: (Read) (RestrictedCode)
  296. @Allowed: (Read) (RestrictedCode)
  297.  
  298. [HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\SecuROM\License information*]
  299. "datasecu"=hex:d7,c0,b4,20,9d,b8,ac,ba,fd,9e,9b,1e,fb,99,00,32,7b,09,af,78,2b,
  300.    c0,8c,e2,c0,c5,35,7a,36,60,bc,a7,3f,a5,9c,63,f6,d1,f0,40,62,29,8d,f4,18,03,\
  301. "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
  302. .
  303. --------------------- DLLs Loaded Under Running Processes ---------------------
  304.  
  305. - - - - - - - > 'explorer.exe'(7416)
  306. c:\windows\TEMP\logishrd\LVPrcInj01.dll
  307. c:\windows\system32\msi.dll
  308. c:\windows\system32\WPDShServiceObj.dll
  309. c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
  310. c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
  311. c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
  312. c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
  313. c:\windows\system32\PortableDeviceTypes.dll
  314. c:\windows\system32\PortableDeviceApi.dll
  315. .
  316. ------------------------ Other Running Processes ------------------------
  317. .
  318. c:\windows\system32\nvsvc32.exe
  319. c:\program files\Java\jre6\bin\jqs.exe
  320. c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
  321. c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
  322. c:\windows\system32\PnkBstrA.exe
  323. c:\windows\System32\TUProgSt.exe
  324. c:\windows\system32\wscntfy.exe
  325. c:\windows\RTHDCPL.EXE
  326. c:\windows\system32\RUNDLL32.EXE
  327. .
  328. **************************************************************************
  329. .
  330. Completion time: 2010-03-15  11:22:57 - machine was rebooted
  331. ComboFix-quarantined-files.txt  2010-03-15 10:22
  332. ComboFix2.txt  2010-03-14 19:09
  333.  
  334. Pre-Run: 17.346.813.952 bytes free
  335. Post-Run: 17.301.098.496 bytes free
  336.  
  337. - - End Of File - - FE471959DD4154567E34B30A6A614770