I ran combofix and then did malware byte scan but the three threats keep appearing in the scan - even after removing the threats and restarting.
Fresh hijack this and combofix logs attached:
Hijack This log is attached in the next post as it exceeded the 30000 characters.
Combofix log:
ComboFix 10-07-16.02 - Amitesh 07/19/2010 9:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.391 [GMT 4.5:30]
Running from: c:\documents and settings\Amitesh\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\mpk.db
.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.
2010-07-19 04:59 . 2010-07-19 04:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK
2010-07-17 10:16 . 2010-07-17 10:17 58904 ----a-w- c:\windows\system32\sysfolderazipcnt.dll
2010-07-17 10:16 . 2010-07-17 10:17 58904 ----a-w- c:\windows\system32\azipcontmn.dll
2010-07-17 06:55 . 2010-07-17 06:55 -------- d-----w- c:\program files\Alarm Clock
2010-07-17 06:44 . 2010-07-17 06:44 -------- d-----w- c:\program files\Trend Micro
2010-07-17 04:34 . 2010-07-17 04:34 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-17 04:34 . 2010-07-17 04:34 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-17 04:33 . 2010-07-17 04:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 04:32 . 2010-07-17 04:32 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-17 04:32 . 2010-07-17 04:32 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-17 04:32 . 2010-07-17 04:32 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-17 04:32 . 2010-07-17 04:32 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 09:47 . 2010-04-29 11:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 09:47 . 2010-07-16 09:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 09:47 . 2010-04-29 11:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 20:06 . 2010-07-13 20:06 -------- d-sh--w- c:\program files\KGB
2010-07-08 04:30 . 2010-07-16 19:10 -------- d--h--w- c:\windows\PIF
2010-07-08 04:13 . 2007-03-05 07:21 360580 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-07-08 04:13 . 2007-02-23 12:27 94208 ----a-w- c:\windows\system32\eSellerateControl365.dll
2010-07-08 04:13 . 2003-06-11 21:39 156160 ----a-w- c:\windows\system32\ztvunrar3.dll
2010-07-08 04:13 . 2002-03-05 22:30 75264 ----a-w- c:\windows\system32\ztvunacev2.dll
2010-07-08 04:13 . 1999-02-24 08:26 65536 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-07-08 04:13 . 2010-07-08 04:29 -------- d-----w- c:\program files\AlphaZIP
2010-07-08 04:13 . 2007-01-08 13:59 178176 ----a-w- c:\windows\system32\7-zip32.dll
2010-07-08 03:27 . 2010-07-08 03:29 -------- d-----w- c:\documents and settings\Amitesh\Application Data\ImgBurn
2010-07-08 03:22 . 2010-07-08 03:22 -------- d-----w- c:\program files\ImgBurn
2010-07-05 10:33 . 2010-07-06 04:07 -------- d-----w- c:\program files\DVDx
2010-07-05 06:00 . 2010-07-05 06:00 -------- d-----w- c:\documents and settings\Amitesh\Application Data\HandBrake
2010-07-05 05:59 . 2010-07-05 05:59 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-05 05:19 . 2010-07-08 03:03 -------- d-----w- c:\program files\MagicISO
2010-06-20 11:01 . 2010-06-20 11:01 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 05:01 . 2010-01-23 02:59 -------- d-----w- c:\documents and settings\Amitesh\Application Data\Skype
2010-07-19 05:00 . 2010-01-23 03:03 -------- d-----w- c:\documents and settings\Amitesh\Application Data\skypePM
2010-07-19 04:59 . 2010-01-13 13:39 -------- d-----w- c:\documents and settings\Amitesh\Application Data\uTorrent
2010-07-17 04:33 . 2010-03-18 02:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 04:33 . 2010-03-18 02:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 08:41 . 2010-03-18 04:07 117760 ----a-w- c:\documents and settings\Amitesh\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-13 05:31 . 2010-01-23 03:46 -------- d-----w- c:\documents and settings\Amitesh\Application Data\LimeWire
2010-07-05 05:59 . 2010-01-18 18:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-01 04:48 . 2010-01-28 03:09 -------- d-----w- c:\program files\Google
2010-06-16 08:15 . 2010-06-16 08:15 -------- d-----w- c:\program files\Common Files\Skype
2010-06-14 06:54 . 2010-06-14 06:54 -------- d-----w- c:\program files\uTorrent
2010-06-03 05:26 . 2010-03-18 02:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-31 07:43 . 2010-05-31 07:43 72704 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\RemoteControl.dll
2010-05-31 07:43 . 2010-05-31 07:43 630272 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
2010-05-31 07:43 . 2010-05-31 07:43 613888 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\WMASoundPlugin.dll
2010-05-31 07:43 . 2010-05-31 07:43 5439488 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
2010-05-31 07:43 . 2010-05-31 07:43 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll
2010-05-31 07:43 . 2010-05-31 07:43 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
2010-05-31 07:43 . 2010-05-31 07:43 444928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll
2010-05-31 07:43 . 2010-05-31 07:43 1603072 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll
2010-05-31 07:43 . 2010-05-31 07:43 1495040 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
2010-05-31 07:43 . 2010-05-31 07:43 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
2010-05-25 10:44 . 2010-01-06 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-22 18:29 . 2010-05-22 18:29 503808 ----a-w- c:\documents and settings\Amitesh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1cdb1ff5-n\msvcp71.dll
2010-05-22 18:29 . 2010-05-22 18:29 499712 ----a-w- c:\documents and settings\Amitesh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1cdb1ff5-n\jmc.dll
2010-05-22 18:29 . 2010-05-22 18:29 348160 ----a-w- c:\documents and settings\Amitesh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1cdb1ff5-n\msvcr71.dll
.
------- Sigcheck -------
[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-17_22.13.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-19 04:59 . 2010-07-19 04:59 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-05-14 2515552]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-05-14 21:38 2515552 ----a-w- c:\program files\Freecorder\tbFre0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 05:55 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-05-14 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2010-05-14 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Amitesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-13 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-14 322352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="c:\program files\KGB\Mpk.exe" [2007-12-03 1226240]
c:\documents and settings\Amitesh\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 04:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2010 7:28 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2010 7:28 AM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 9:03 AM 308136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 8:13 AM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3/18/2010 7:28 AM 430152]
.
Contents of the 'Scheduled Tasks' folder
2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 03:43]
2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 03:43]
2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-839522115-1606980848-1003Core.job
- c:\documents and settings\Amitesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 13:43]
2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-839522115-1606980848-1003UA.job
- c:\documents and settings\Amitesh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 13:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Amitesh\Application Data\Mozilla\Firefox\Profiles\tjpja5u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\Amitesh\Application Data\Mozilla\Firefox\Profiles\tjpja5u6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Amitesh\Application Data\Mozilla\Firefox\Profiles\tjpja5u6.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-07-19 09:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2648)
c:\documents and settings\Amitesh\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
.
**************************************************************************
.
Completion time: 2010-07-19 09:33:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-19 05:03
ComboFix2.txt 2010-07-17 22:15
Pre-Run: 55,844,990,976 bytes free
Post-Run: 55,889,666,048 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 53E8B6157058721CE534FF36E611725E