Combo Fix

ComboFix 10-08-07.01 - Administrator 08/08/2010 9:53.1.
2 - x86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2812.1301 [GMT 1:
00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-49
3A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A849
3}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
c:\users\Administrator\AppData\Roaming\Hoihy
c:\users\Administrator\AppData\Roaming\Hoihy\ywum.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))
))))))))))))))))))))))))
.
2010-08-08 09:01 . 2010-08-08 09:01 -------- d-----w- c:\users
\Default\AppData\Local\temp
2010-08-08 08:51 . 2010-08-08 08:52 -------- d-----w- C:\32788
R22FWJFW
2010-08-08 07:50 . 2010-08-08 07:50 0 ----a-w- c:\windows\nsreg
.dat
2010-08-08 07:50 . 2010-08-08 07:50 -------- d-----w- c:\users
\Administrator\AppData\Local\Mozilla
2010-08-08 02:45 . 2010-08-08 02:45 -------- d-----w- c:\progr
am files\Microsoft CAPICOM 2.1.0.2
2010-08-08 02:35 . 2010-02-12 10:48 293376 ----a-w- c:\windows\syste
m32\browserchoice.exe
2010-08-08 02:33 . 2010-08-08 02:33 -------- d-----w- c:\users
\Default\AppData\Local\Microsoft Help
m32\PresentationCFFRasterizerNative_v0300.dll
m32\infocardapi.dll
m32\PresentationHostProxy.dll
m32\icardres.dll
m32\icardagt.exe
m32\PresentationNative_v0300.dll
m32\PresentationHost.exe
m32\dfshim.dll
m32\mscoree.dll
m32\netfxperf.dll
m32\mscorier.dll
m32\mscories.dll
m32\nshhttp.dll
m32\httpapi.dll
m32\drivers\http.sys
2010-08-08 02:03 . 2010-08-08 02:03 -------- d-----w- c:\progr
am files\MSXML 4.0
m32\tsbyuv.dll
m32\msyuv.dll
m32\msvidc32.dll
m32\msrle32.dll
m32\iyuv_32.dll
m32\msvfw32.dll
m32\mciavi32.dll
m32\avifil32.dll
m32\avicap32.dll
m32\msxml6.dll
m32\WSDApi.dll
m32\t2embed.dll
m32\drivers\srv.sys
m32\drivers\srvnet.sys
m32\PortableDeviceApi.dll
m32\netiohlp.dll
m32\TCPSVCS.EXE
m32\ROUTE.EXE
m32\MRINFO.EXE
m32\NETSTAT.EXE
m32\ARP.EXE
m32\HOSTNAME.EXE
m32\finger.exe
m32\netevent.dll
m32\wlansvc.dll
m32\wlansec.dll
m32\wlanmsm.dll
m32\L2SecHC.dll
m32\msv1_0.dll
m32\inetcomm.dll
m32\drivers\mrxsmb10.sys
m32\drivers\mrxsmb20.sys
m32\drivers\mrxsmb.sys
m32\mf.dll
m32\ntkrnlpa.exe
m32\ntoskrnl.exe
m32\winhttp.dll
m32\asycfilt.dll
m32\vbscript.dll
m32\atl.dll
m32\gdi32.dll
m32\Apphlpdm.dll
m32\GameUXLegacyGDFs.dll
m32\tzres.dll
m32\msdtcprx.dll
m32\xolehlp.dll
m32\wkssvc.dll
m32\mstscax.dll
m32\msxml3.dll
m32\atmlib.dll
m32\atmfd.dll
m32\fontsub.dll
m32\dciman32.dll
m32\localspl.dll
2010-08-07 06:46 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explo
rer.exe
m32\wdigest.dll
m32\schannel.dll
m32\lsasrv.dll
m32\kerberos.dll
m32\drivers\ksecdd.sys
m32\secur32.dll
m32\lsass.exe
m32\wbem\WmiPrvSD.dll
m32\rpcss.dll
m32\wbem\fastprox.dll
m32\wbem\WmiPrvSE.exe
m32\wbem\WmiDcPrv.dll
m32\printfilterpipelineprxy.dll
m32\printfilterpipelinesvc.exe
m32\sdohlp.dll
m32\iasrecst.dll
m32\iasads.dll
m32\iasdatastore.dll
m32\iashost.exe
m32\drivers\tcpip.sys
m32\iphlpsvc.dll
m32\drivers\tunnel.sys
m32\quartz.dll
m32\apilogen.dll
m32\amxread.dll
m32\PhotoMetadataHandler.dll
m32\WindowsCodecs.dll
m32\WindowsCodecsExt.dll
m32\wersvc.dll
m32\Faultrep.dll
m32\win32spl.dll
m32\wmpdxm.dll
m32\RMActivate_isv.exe
m32\RMActivate.exe
m32\secproc_isv.dll
m32\secproc.dll
m32\RMActivate_ssp_isv.exe
m32\RMActivate_ssp.exe
m32\secproc_ssp_isv.dll
m32\secproc_ssp.dll
m32\msdrm.dll
m32\WMNetMgr.dll
m32\logagent.exe
m32\msasn1.dll
m32\WMSPDMOD.DLL
m32\unregmp2.exe
m32\dxmasf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2010-08-08 07:57 . 2009-01-28 06:34 -------- d-----w- c:\users
\Administrator\AppData\Roaming\Pyqa
2010-08-08 03:38 . 2008-11-03 17:18 75832 ----a-w- c:\users\Adminis
trator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-08 03:32 . 2010-06-22 01:01 12 ----a-w- c:\windows\bthse
rvsdp.dat
2010-08-08 03:31 . 2006-11-02 11:18 -------- d-----w- c:\progr
am files\Windows Mail
2010-08-08 03:11 . 2008-11-03 18:25 -------- d-----w- c:\progr
amdata\Microsoft Help
2010-08-08 03:06 . 2008-11-03 18:13 -------- d-----w- c:\progr
am files\Microsoft Works
m32\ezsvc7x.dll
2010-07-18 20:10 . 2008-11-03 17:54 -------- d-----w- c:\progr
amdata\WildTangent
2010-07-02 21:48 . 2008-11-03 17:37 -------- d-----w- c:\progr
amdata\Symantec
2010-07-02 21:47 . 2010-07-02 21:45 -------- d-----w- c:\progr
am files\Common Files\Symantec Shared
2010-07-02 21:47 . 2010-07-02 21:45 -------- d-----w- c:\progr
am files\Symantec
m32\drivers\SYMEVENT.INF
m32\drivers\SYMEVENT.CAT
m32\drivers\SYMEVENT.SYS
2010-07-02 21:45 . 2010-07-02 21:45 -------- d-----w- c:\progr
am files\Symantec AntiVirus
2010-07-02 21:38 . 2008-11-03 17:37 -------- d-----w- c:\progr
amdata\Norton
2010-07-02 01:14 . 2010-07-02 01:07 -------- d-----w- c:\users
\Administrator\AppData\Roaming\vlc
2010-07-02 01:00 . 2010-07-02 01:00 -------- d-----w- c:\progr
am files\VideoLAN
2010-07-02 00:59 . 2010-07-02 00:59 -------- d-----w- c:\users
\Administrator\AppData\Roaming\Leadertech
2010-06-22 17:07 . 2010-06-22 15:28 -------- d-----w- c:\users
\Administrator\AppData\Roaming\CyberLink
2010-06-22 15:15 . 2010-06-22 15:14 -------- d-----w- c:\users
\Administrator\AppData\Roaming\hewlett-packard
2010-06-22 15:14 . 2008-11-03 18:55 -------- d-----w- c:\progr
am files\SMINST
2010-06-22 15:07 . 2010-06-22 15:07 -------- d-----w- c:\users
\Administrator\AppData\Roaming\HP TCS
2010-06-22 15:07 . 2006-11-02 12:37 -------- d-----w- c:\progr
am files\Windows Sidebar
2010-06-22 15:05 . 2010-06-22 15:05 0 --sha-r- c:\windows\syste
m32\drivers\103C_HP_cNB_TouchSmart tx2 Notebook PC_Y5335KV_0U_QCNF9111LC5_E50354
3-032_4A_I3045_SQuanta_V16.16_F.26_T091211_WV3-1_L409_M2813_J320_7AMD_8F31_92.20
_#100621_N10EC8168;14E4432B_(NJ430EA#ABU)_XMOBILE_CN10_Z_2Rev 1.MRK
2010-06-22 01:59 . 2010-06-22 01:59 -------- d-----w- c:\users
\Administrator\AppData\Roaming\ATI
2010-06-22 01:59 . 2010-06-22 01:59 -------- d-----w- c:\progr
amdata\ATI
2010-06-22 01:59 . 2010-06-22 01:59 -------- d-----w- c:\users
\Administrator\AppData\Roaming\DigitalPersona
2010-06-22 01:54 . 2008-11-03 17:35 -------- d-----w- c:\progr
amdata\Hewlett-Packard
2010-06-22 01:54 . 2010-06-22 01:54 -------- d-----w- c:\users
\Administrator\AppData\Roaming\Macrovision
2010-06-22 01:54 . 2010-06-22 01:54 -------- d-----w- c:\progr
am files\DigitalPersona
2010-06-22 01:54 . 2010-06-22 01:54 -------- d-----w- c:\progr
amdata\Macrovision
2010-06-22 01:54 . 2008-11-03 17:19 -------- d-----w- c:\progr
am files\Hewlett-Packard
2010-06-22 01:53 . 2010-06-22 01:53 -------- d-----w- c:\progr
am files\Common Files\muvee Technologies
2010-06-22 01:53 . 2010-06-22 01:53 -------- d-----w- c:\progr
am files\muvee Technologies
2010-06-22 01:52 . 2010-06-22 01:52 53319 ----a-w- c:\programdata\T
emp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
2010-06-22 01:52 . 2008-11-03 17:34 -------- d--h--w- c:\progr
am files\InstallShield Installation Information
emp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
emp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
emp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
emp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
2010-06-22 01:49 . 2008-11-03 18:35 -------- d-----w- c:\progr
amdata\CyberLink
emp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
emp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
emp\{67626E09-5366-4480-8F1E-93FADF50CA15}\PostBuild.exe
emp\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\PostBuild.exe
emp\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2010-06-22 01:42 . 2010-06-22 01:42 -------- d-----w- c:\progr
am files\Common Files\LightScribe
2010-06-22 01:41 . 2010-06-22 01:41 0 ----a-w- c:\windows\ativp
srm.bin
2010-06-22 01:16 . 2010-06-22 01:16 -------- d-----w- c:\progr
am files\WIDCOMM
2010-06-22 01:15 . 2010-06-22 01:15 -------- d-----w- c:\progr
am files\N-trig
2010-06-22 01:15 . 2010-06-22 01:15 0 ---ha-w- c:\windows\syste
m32\drivers\Msft_User_NtrigDigitizerUSB_01_05_00.Wdf
m32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-06-22 01:14 . 2010-06-22 01:14 -------- d-----w- c:\progr
am files\AMD
2010-06-22 01:13 . 2010-06-22 01:13 -------- d-----w- c:\progr
am files\Broadcom
m32\bcmwlrc.dll
m32\bcmwlcoi.dll
m32\bcmihvsrv.dll
m32\bcmihvui.dll
m32\drivers\BCMWL6.SYS
2010-06-22 01:12 . 2010-06-22 01:11 -------- d-----w- c:\progr
am files\Realtek
2010-06-22 01:11 . 2010-06-22 01:11 319456 ----a-w- c:\windows\DIFxA
PI.dll
2010-06-22 01:11 . 2010-06-22 01:11 -------- d--h--w- c:\progr
am files\Temp
2010-06-22 01:10 . 2010-06-22 01:10 -------- d-----w- c:\progr
am files\DIFX
2010-06-22 01:10 . 2010-06-22 01:10 -------- d-----w- c:\progr
am files\Fingerprint Sensor
2010-06-22 01:10 . 2010-06-22 01:10 -------- d-----w- c:\progr
am files\Motorola
m32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-06-22 01:09 . 2010-06-22 01:09 -------- d-----w- c:\progr
am files\Synaptics
2010-06-22 01:08 . 2010-06-22 01:06 -------- d-----w- c:\progr
am files\ATI Technologies
2010-06-22 01:06 . 2010-06-22 01:06 -------- d-----w- c:\progr
am files\ATI
2010-06-22 01:06 . 2010-06-22 01:06 10134 ----a-r- c:\users\Adminis
trator\AppData\Roaming\Microsoft\Installer\{AD8777EC-B62C-A010-76D2-27C1BF4239BA
}\ARPPRODUCTICON.exe
2010-06-22 01:04 . 2008-11-03 17:16 680 ----a-w- c:\users\Adminis
trator\AppData\Local\d3d9caps.dat
2008-11-03 18:55 . 2008-11-03 18:41 8192 --sha-w- c:\windows\Users
\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 2
26904]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScri
beControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10
-01 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872
080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-09-23 1208320
]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008
]
"NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [
2008-10-04 2256896]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26
1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [200
8-10-30 1160488]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Medi
a\Kernel\CLML\CLMLSvc.exe" [2008-10-30 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-25 20
6120]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartM
enu.exe" [2008-06-14 210216]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008
-10-21 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartM
enu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMe
nu.exe" [2008-10-07 210216]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-15 814144]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1
008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.
exe" [2008-09-05 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMe
nu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUISt
artMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-0
6-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HP
HC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [200
7-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HP
WAMain.exe" [2008-04-15 488752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 10
7112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-1
9 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVi
rus]
"DisableMonitoring"=dword:00000001
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Int
ernet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 DIRECTIO;DIRECTIO;z:\burnintestpro\DirectIo.sys [x]
R3 EraserUtilDrv10631;EraserUtilDrv10631;c:\program files\Common Files\Symantec
Shared\EENGINE\EraserUtilDrv10631.sys [x]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec
Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 1
22008]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}
;c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERT
Srv.exe [2008-07-15 81920]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.
exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SM
INST\BLService.exe [2008-10-06 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packa
rd\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-25 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Ke
rnel\TV\TVSched.exe [2008-09-25 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\
Com4QLBEx.exe [2008-09-08 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54
784]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symante
c Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-17 102448]
S3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c
:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [2008-07-27 5632]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [20
08-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
cs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D
85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\Li
ghtScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-01 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-03 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=
91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Soft
ware\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Softw
are\btsendto_ie.htm
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profil
es\97i67bie.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors",
true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.l
u", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.n
u", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.n
z", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgbaam7a8h", true);
n--mgberp4a5d4ar", true);
n--p1ai", true);
n--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.t
el", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-gene
ric-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",
5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.co
unt", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.si
ze", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeout
Secs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", fals
e);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled",
true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl
.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
.renego_unrestricted_hosts", "");
.treat_unsafe_negotiation_as_broken", false);
.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{97
2ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.prop
erties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{97
2ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/brows
er.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update
.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugin
s.enabled.nptest.dll", true);
s.enabled.npswf32.dll", true);
s.enabled.npctrl.dll", true);
s.enabled.npqtplugin.dll", true);
s.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{A923347E-9C51-6689-3785-A08575E71E91} - c:\users\Administrator\AppData
\Roaming\Hoihy\ywum.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-08-08 10:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvc
Hst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet
Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816
A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2166689169-3893746836-3979649406-500\Software\Microsoft\Win
dows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
dows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
"Progid"="WMP11.AssocFile.ASF"
dows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
"Progid"="WMP11.AssocFile.ASX"
dows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
"Progid"="WMP11.AssocFile.AU"
dows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
"Progid"="WMP11.AssocFile.avi"
dows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
"Progid"="WMP11.AssocFile.CDA"
dows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
"Progid"="WMP11.AssocFile.MPEG"
dows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
"Progid"="WMP11.AssocFile.M3U"
dows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
"Progid"="WMP11.AssocFile.MIDI"
dows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
"Progid"="WMP11.AssocFile.MP3"
dows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
dows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
"Progid"="WMP11.AssocFile.AU"
dows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
"Progid"="WMP11.AssocFile.WAV"
dows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
"Progid"="WMP11.AssocFile.WAX"
dows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
"Progid"="WMP11.AssocFile.ASF"
dows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
"Progid"="WMP11.AssocFile.WMA"
dows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
"Progid"="WMP11.AssocFile.WMD"
dows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
"Progid"="WMP11.AssocFile.WMS"
dows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
"Progid"="WMP11.AssocFile.WMV"
dows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
"Progid"="WMP11.AssocFile.ASX"
dows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
"Progid"="WMP11.AssocFile.WMZ"
dows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
"Progid"="WMP11.AssocFile.WPL"
dows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
"Progid"="WMP11.AssocFile.WVX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX
.exe,-101"
}\Elevation]
"Enabled"=dword:00000001
}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(5604)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
.
Completion time: 2010-08-08 10:07:53
ComboFix-quarantined-files.txt 2010-08-08 09:07
Pre-Run: 257,767,477,248 bytes free
Post-Run: 257,770,754,048 bytes free
- - End Of File - - 7D4F217E417DD5702BF2D59E39CDA910

Combo Fix

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Combo Fix

Enviado por

Direitos autorais:

Formatos disponíveis

ComboFix 10-08-07.01 - Administrator 08/08/2010 9:53.1.

Você também pode gostar