ComboFix 10-06-17.02 - Ja 06/18/2010  13:31:09.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1992.1414 [GMT 2:00]
Running from: c:\documents and settings\Ja\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\ChilkatMail_v7_9.dll
c:\windows\system32\comctlw32u.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
c:\windows\system32\win.com
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\w32dasm8.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((((((((   Files Created from 2010-05-18 to 2010-06-18  )))))))))))))))))))))))))))))))
.

2010-06-18 10:30 . 2010-06-18 10:40	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Notepad++
2010-06-17 13:22 . 2010-06-17 13:22	--------	d-----w-	c:\program files\Fiddler2
2010-06-17 12:17 . 2010-06-17 13:49	--------	d-----w-	c:\program files\Spyware Doctor
2010-06-17 12:12 . 2010-06-17 12:27	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-06-17 11:19 . 2010-06-17 11:53	--------	d-----w-	c:\documents and settings\Ja\DoctorWeb
2010-06-16 18:34 . 2010-06-16 18:34	--------	d-----w-	c:\program files\Xenu
2010-06-16 14:20 . 2010-06-16 14:20	--------	d-----w-	c:\documents and settings\Ja\Local Settings\Application Data\NaNoWriTool
2010-06-16 14:20 . 2010-06-16 14:20	--------	d-----w-	c:\documents and settings\Ja\Application Data\NaNoWriTool
2010-06-16 12:31 . 2010-06-16 12:31	--------	d-----w-	c:\documents and settings\Ja\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2010-06-15 14:58 . 2010-06-15 14:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Readon
2010-06-13 23:20 . 2010-06-13 23:20	--------	d-----w-	c:\documents and settings\Ja\Local Settings\Application Data\ArchonMedia
2010-06-13 23:15 . 2010-06-13 23:17	--------	d-----w-	c:\program files\CommentKahuna
2010-06-10 20:48 . 2010-06-10 20:48	--------	d-----w-	c:\documents and settings\Ja\Library
2010-06-10 20:48 . 2010-06-10 20:48	--------	d-----w-	c:\documents and settings\Ja\Application Data\com.adobe.ExMan
2010-06-10 20:45 . 2010-06-10 20:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2010-06-09 16:08 . 2010-06-15 16:53	174552	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-06 11:08 . 2010-06-17 10:00	--------	d-----w-	C:\Hotspot Shield
2010-06-05 09:19 . 2010-06-05 09:19	--------	d-----w-	c:\program files\ESET
2010-06-05 09:19 . 2010-06-05 09:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-06-02 13:38 . 2010-06-02 13:38	--------	d-----w-	c:\program files\RobotLike.com
2010-06-01 18:47 . 2010-06-01 18:47	--------	d-----w-	c:\documents and settings\Ja\Application Data\BSplayer Pro
2010-06-01 18:47 . 2010-06-01 18:47	--------	d-----w-	c:\program files\Webteh
2010-05-30 21:48 . 2010-05-30 21:48	--------	d-----w-	c:\documents and settings\Ja\Application Data\InterVideo
2010-05-26 09:26 . 2009-03-21 14:40	1310720	----a-w-	c:\windows\system32\ChilkatUpload.dll
2010-05-26 09:26 . 2008-07-01 06:04	659456	----a-w-	c:\windows\system32\ChilkatCharset.dll
2010-05-26 09:26 . 2008-03-26 03:20	569344	----a-w-	c:\windows\system32\CkString.dll
2010-05-26 09:26 . 2008-03-12 17:55	1294336	----a-w-	c:\windows\system32\ChilkatXml.dll
2010-05-26 09:26 . 2008-03-12 17:54	1085440	----a-w-	c:\windows\system32\ChilkatSocket.dll
2010-05-26 09:26 . 2007-12-28 08:16	1122304	----a-w-	c:\windows\system32\ChilkatHttp.dll
2010-05-26 09:26 . 1998-06-17 19:00	102912	--s-a-w-	c:\windows\system32\VB6STKIT.DLL
2010-05-26 09:26 . 2010-05-26 09:36	--------	d-----w-	c:\program files\SENuke
2010-05-21 09:19 . 2010-05-21 10:09	--------	d-----w-	c:\documents and settings\Ja\Local Settings\Application Data\Deployment
2010-05-20 21:51 . 2010-05-20 21:51	--------	d-----w-	c:\documents and settings\Ja\Local Settings\Application Data\TwitterBlackhat
2010-05-20 20:05 . 2010-05-20 20:05	--------	d-----w-	c:\program files\Immortal Marketing

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
8010-03-31 20:25 . 2010-02-05 05:30	--------	d-----w-	c:\program files\Notepad++
2010-06-17 16:35 . 2010-02-10 01:35	--------	d-----w-	c:\documents and settings\Ja\Application Data\Skype
2010-06-17 12:33 . 2010-05-02 14:39	--------	d-----w-	c:\program files\Glary Utilities
2010-06-17 10:00 . 2010-04-06 21:16	--------	d-----w-	c:\program files\Hotspot Shield
2010-06-17 09:43 . 2010-02-06 01:13	--------	d-----w-	c:\documents and settings\Ja\Application Data\FileZilla
2010-06-17 08:03 . 2010-02-18 04:01	--------	d-----w-	c:\documents and settings\Ja\Application Data\vlc
2010-06-15 09:14 . 2010-05-12 15:15	--------	d-----w-	c:\program files\Readon Technology
2010-06-10 20:56 . 2010-02-04 19:48	--------	d-----w-	c:\program files\Common Files\Adobe
2010-06-10 20:49 . 2010-03-31 12:00	--------	d-----w-	c:\program files\CCleaner
2010-06-06 10:29 . 2010-04-25 19:29	--------	d-----w-	c:\program files\ProxyFirewall
2010-05-13 22:05 . 2010-01-08 23:42	32768	----a-w-	c:\windows\system32\drivers\taphss.sys
2010-05-12 16:29 . 2010-04-27 22:45	--------	d-----w-	c:\program files\UBot.Studio.3.00086first
2010-05-12 15:38 . 2010-05-09 20:54	--------	d-----w-	c:\program files\Super Internet TV
2010-05-12 15:37 . 2010-05-12 15:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\DivX
2010-05-12 15:34 . 2010-05-12 15:34	57344	----a-w-	c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-12 15:34 . 2010-05-12 15:34	56766	----a-w-	c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-12 15:34 . 2010-05-12 15:30	--------	d-----w-	c:\program files\DivX
2010-05-10 15:08 . 2010-02-10 18:38	--------	d-----w-	c:\program files\Opera
2010-05-09 20:16 . 2010-05-09 20:16	--------	d-----w-	c:\documents and settings\Ja\Application Data\AtomPark
2010-05-04 17:20 . 2008-07-21 22:50	832512	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2008-07-21 22:49	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2008-07-21 22:49	17408	----a-w-	c:\windows\system32\corpol.dll
2010-05-04 13:19 . 2010-05-04 13:19	--------	d-----w-	c:\program files\MSXML 4.0
2010-05-04 11:44 . 2010-05-03 13:41	90328	----a-w-	c:\program files\worker-yahoohome.ubot
2010-05-02 05:22 . 2008-07-21 22:50	1851264	----a-w-	c:\windows\system32\win32k.sys
2010-04-29 13:45 . 2010-02-07 03:20	--------	d-----w-	c:\program files\Multiple File Search and Replace
2010-04-27 22:26 . 2010-04-27 22:26	--------	d-----w-	c:\documents and settings\Ja\Application Data\ubot
2010-04-27 11:34 . 2010-04-25 22:09	--------	d-----w-	c:\documents and settings\Ja\Application Data\DC++
2010-04-25 22:09 . 2010-04-25 22:09	--------	d-----w-	c:\program files\DC++
2010-04-25 17:06 . 2010-04-25 17:03	--------	d-----w-	c:\program files\WinHex
2010-04-21 21:27 . 2010-04-21 18:42	--------	d-----w-	c:\program files\MP3 CD Converter
2010-04-21 18:38 . 2010-02-04 19:50	--------	d-----w-	c:\program files\Roxio
2010-04-20 05:30 . 2008-07-21 22:49	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-16 13:02 . 2005-06-07 08:04	99738	----a-w-	c:\program files\Common Files\Engines.lnl
2010-04-02 18:17 . 2010-04-02 18:17	28780	---ha-w-	c:\windows\system32\mlfcache.dat
2010-04-02 15:43 . 2010-04-02 15:44	38784	----a-w-	c:\documents and settings\Ja\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-30 13:49 . 2010-02-04 19:55	33112	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-29 15:13 . 2010-03-29 15:13	95872	----a-w-	c:\windows\system32\drivers\epfwtdir.sys
2010-03-29 15:12 . 2010-03-29 15:12	114984	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2010-03-29 15:07 . 2010-03-29 15:07	140216	----a-w-	c:\windows\system32\drivers\eamon.sys
2010-03-25 10:41 . 2010-03-25 10:40	5852536	----a-w-	c:\windows\REGBK00.ZIP
2010-03-25 10:35 . 2010-03-25 10:35	626688	----a-w-	c:\windows\system32\msvcr80.dll
2010-03-25 10:35 . 2010-03-25 10:35	548864	----a-w-	c:\windows\system32\msvcp80.dll
2010-03-25 10:35 . 2010-03-25 10:35	28672	----a-w-	c:\windows\system32\eEmpty.exe
2006-05-03 10:06 . 2010-03-16 14:40	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-16 14:41	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-16 14:41	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-04 148888]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-02-24 111928]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
start WampServer.lnk - c:\wamp\wampmanager.exe [2010-2-5 1152512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-10-27 02:41	180224	----a-w-	c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37	34344	----a-w-	c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2009-07-29 18:40	425984	----a-w-	c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2009-07-29 18:35	172032	----a-w-	c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]
2009-03-13 02:12	16384	----a-w-	c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateLMBCShortCut]
2009-07-16 20:57	40960	----a-w-	c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-01-28 18:10	124248	----a-w-	c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-01-28 18:10	185688	----a-w-	c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2009-10-22 16:04	421888	----a-w-	c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2009-05-28 19:30	61728	----a-w-	c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-11-24 23:42	487424	----a-w-	c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"e:\\mio\\CS 1.5\\hl.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/29/2009 3:57 AM 20520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 10:15 AM 13480]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/27/2008 4:33 AM 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [10/27/2008 4:38 AM 98304]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/29/2010 5:12 PM 810120]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/27/2008 4:41 AM 118784]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 8:19 PM 50704]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2/4/2010 9:55 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/6/2009 4:21 AM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/25/2008 1:34 AM 520192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2/4/2010 9:45 PM 482176]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/23/2008 1:54 AM 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/6/2009 4:21 AM 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/10/2008 3:50 AM 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [10/27/2008 4:38 AM 106496]
S3 CMC AntiRootkit Service;CMC AntiRootkit Servic;c:\windows\system32\drivers\cmcantirootkit.sys --> c:\windows\system32\drivers\cmcantirootkit.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 6:15 PM 1120752]
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-02 08:01]

2010-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

2010-03-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-02-04 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: {93215052-6606-4E58-93F7-E45FFD28EE21} = 208.67.220.220,208.67.222.222
TCP: {F5556346-04B8-432E-B10A-F7ADC452DBB3} = 208.67.222.222
FF - ProfilePath - c:\documents and settings\Ja\Application Data\Mozilla\Firefox\Profiles\ot80e56u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 38242
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 18921);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 50821);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 58477);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 55499);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 59968);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 10774);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 40403);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 37639);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 59118);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 59971);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 60609);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 15952);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 31549);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 5463);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 58414);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 10570);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 47217);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 51257);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 2984);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 56150);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 15817);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 17590);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 14826);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 24749);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 7032);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 22623);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 49986);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 42689);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 299);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 11358);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 28299);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 37165);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 10020);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 29521);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 39444);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 41432);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 6061);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 26404);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 44482);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 18395);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 6346);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 16269);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 63552);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 24564);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 55329);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 27975);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 41300);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 19756);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 52217);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 21598);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 62855);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 3031);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 44216);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 62294);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 3600);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 25079);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 48154);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 16809);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 54201);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 59168);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 1136);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 36139);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 47164);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 15967);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 8323);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 1720);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 41856);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 22450);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 50769);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 16266);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 13113);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 13868);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 11621);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 55216);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 2437);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 57150);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 18530);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 60330);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 14209);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 46911);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 37343);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 15484);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 2275);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 34239);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 27678);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 1021);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 41310);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 47013);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 34242);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 3353);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 30241);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 55891);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 10895);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 23112);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 34092);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 53396);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 22802);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 14319);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 33279);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 12946);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 39988);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 54802);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 40514);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 1145);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 50598);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 20325);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 17315);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 850);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 44942);user_pref('network.proxy.type', 1);user_pref('network.proxy.http', '127.0.0.1');user_pref('network.proxy.http_port', 38242);user_pref('network.proxy.type', 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-ACNotify - ACNotify.dll
MSConfigStartUp-EZEJMNAP - c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
MSConfigStartUp-Message Center Plus - c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 13:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll

- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
.
**************************************************************************
.
Completion time: 2010-06-18  13:39:17 - machine was rebooted
ComboFix-quarantined-files.txt  2010-06-18 11:39

Pre-Run: 52,987,256,832 bytes free
Post-Run: 52,880,445,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4639AC7E381A1B94909D07D6F435CBC3
