Yes, that is where I went the last time I had a problem. I couldn't remember the name of the site. Is that file something that should have been deleted at that time? Here is the Combofix log.
ComboFix 10-02-24.01 - Steven Wilkins 02/24/2010 18:24:44.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1395 [GMT -6:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Steven Wilkins\My Documents\cc_20100217_210402.reg
----- BITS: Possible infected sites -----
hxxp://armmf.adobe.com.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.
2010-02-25 00:00 . 2010-02-25 00:00 -------- d-----w- c:\windows\LastGood
2010-02-23 17:03 . 2010-02-24 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-02-18 23:02 . 2010-02-25 00:17 -------- d-----w- c:\program files\Shockwave.com
2010-02-18 20:55 . 2010-02-18 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix
2010-02-18 02:59 . 2010-02-18 02:59 -------- d-----w- c:\program files\CCleaner
2010-02-16 03:38 . 2010-02-16 03:38 3584 ----a-r- c:\documents and settings\Steven Wilkins\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-16 03:38 . 2010-02-16 03:38 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-02-16 03:37 . 2010-02-16 03:37 -------- d-----w- c:\program files\MSECACHE
2010-02-14 17:25 . 2010-02-15 02:42 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-14 17:20 . 2010-02-14 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-02-14 17:20 . 2010-02-14 17:20 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-14 17:20 . 2010-02-14 17:20 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-14 17:20 . 2010-02-14 17:20 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-14 17:20 . 2010-02-14 17:20 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-14 17:20 . 2010-02-14 17:20 -------- d-----w- c:\program files\COMODO
2010-02-05 18:18 . 2010-02-05 18:18 -------- d-----w- c:\program files\ESET
2010-02-05 16:55 . 2010-02-05 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-28 00:27 . 2010-01-28 00:27 503808 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcp71.dll
2010-01-28 00:27 . 2010-01-28 00:27 348160 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\msvcr71.dll
2010-01-28 00:27 . 2010-01-28 00:27 499712 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-55dcdc56-n\jmc.dll
2010-01-28 00:27 . 2010-01-28 00:27 61440 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-sse.dll
2010-01-28 00:27 . 2010-01-28 00:27 12800 ----a-w- c:\documents and settings\Steven Wilkins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-598350f7-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 00:17 . 2007-09-17 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-24 17:36 . 2007-09-06 14:39 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\PlayFirst
2010-02-24 17:36 . 2007-09-06 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-02-24 11:42 . 2006-06-24 04:45 -------- d-----w- c:\program files\CyberPower PowerPanel Personal Edition
2010-02-23 17:20 . 2009-03-05 21:22 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Boomzap
2010-02-18 19:53 . 2007-10-01 17:52 56 --sh--r- c:\windows\system32\4326BF1B47.sys
2010-02-18 19:53 . 2006-06-18 00:20 6268 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-18 03:07 . 2008-07-13 15:53 849 --sha-w- c:\windows\system32\mmf.sys
2010-02-17 23:33 . 2006-06-18 00:23 85072 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 02:34 . 2006-06-15 02:55 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-15 02:30 . 2006-06-13 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2010-02-15 02:28 . 2010-01-10 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-02-15 02:28 . 2006-06-13 04:40 -------- d-----w- c:\program files\Roxio
2010-02-15 02:28 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-15 02:28 . 2006-06-13 04:29 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-15 02:25 . 2010-01-09 01:34 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Research In Motion
2010-02-15 02:25 . 2010-01-09 01:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-15 01:19 . 2009-11-26 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
2010-02-14 02:44 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2010-02-14 02:44 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
2010-02-09 22:31 . 2006-06-13 04:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 04:40 . 2010-01-10 16:32 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2010-02-05 04:40 . 2010-01-10 16:32 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\1\setiathome_6.03_windows_intelx86.exe
2010-02-05 04:12 . 2008-11-11 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 04:11 . 2009-02-07 04:52 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 03:45 . 2009-07-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:27 . 2006-06-13 04:24 -------- d-----w- c:\program files\Java
2010-01-24 18:23 . 2009-11-05 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-18 17:51 . 2009-11-09 21:20 0 ----a-w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\GamersDigital
2010-01-17 03:26 . 2010-01-17 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GamersDigital
2010-01-14 19:52 . 2006-06-16 16:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 17:37 . 2010-01-09 01:34 256 ----a-w- c:\windows\system32\pool.bin
2010-01-12 01:16 . 2006-06-18 00:20 88 -csh--r- c:\windows\system32\471BBF2643.sys
2010-01-12 01:02 . 2010-01-12 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-01-12 01:02 . 2009-01-17 23:26 100520 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-12 00:59 . 2006-07-11 23:32 -------- d-----w- c:\program files\Yahoo!
2010-01-12 00:53 . 2006-07-11 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-01-12 00:51 . 2006-06-13 04:33 -------- d-----w- c:\program files\Common Files\AOL
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\Roxio
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\acccore
2010-01-10 04:46 . 2010-01-10 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-01-10 03:55 . 2010-01-10 03:55 -------- d-----w- c:\documents and settings\Steven Wilkins\Application Data\InstallShield
2010-01-10 03:55 . 2006-06-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-07 22:07 . 2008-11-11 19:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-11-11 19:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2005-08-16 09:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2005-08-16 09:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 23:14 . 2009-01-11 16:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 17:02 . 2009-12-16 17:02 11572208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-12-16 17:02 . 2009-12-16 17:02 163840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\KDEVICES\CR2\cr_stop.exe
2009-12-16 17:02 . 2009-12-16 17:02 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\KSUStop.exe
2009-12-16 17:02 . 2009-12-16 17:02 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-12-16 17:01 . 2009-12-16 17:01 401408 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_9f2af6a\EasyShrx.Dll
2009-12-14 07:08 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 00:22 . 2008-09-14 23:37 1304 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-08 19:26 . 2005-08-16 09:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 03:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-08-16 09:18 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 18:03 . 2009-11-28 18:03 448600 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll
2009-11-28 18:03 . 2009-11-28 18:03 406016 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
2009-11-28 18:03 . 2009-11-28 18:03 267776 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setigraphics_6.03_windows_intelx86.exe
2009-11-27 17:11 . 2005-08-16 09:18 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2005-08-16 09:18 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2005-08-16 09:18 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2005-08-16 09:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-02-22 00:12 . 2009-01-25 19:08 88 --sh--r- c:\windows\system32\7996F5D1F8.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-14 1800464]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-06-13 04:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 12:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/14/2010 11:20 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/14/2010 11:20 AM 25160]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 5:31 AM 92008]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 9:53 AM 2560]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KLMD21
*Deregistered* - klmd21
.
Contents of the 'Scheduled Tasks' folder
2010-02-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officiauSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comTrusted Zone: neopets.com\www
TCP: {7EE43045-CC52-48A0-B43F-385AEA3C4517} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Steven Wilkins\Application Data\Mozilla\Firefox\Profiles\z80lg0wk.default\
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-BFG-Awakening - The Dreamless Castle - c:\program files\Awakening - The Dreamless Castle\Uninstall.exe
AddRemove-BFGC - c:\program files\bfgclient\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-24 18:29
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:9e,2e,0e,a2,45,38,49,80,3a,44,e1,12,b4,db,c3,b7,43,77,13,a6,d1,
bb,21,01,a3,68,a1,5c,b5,6a,d9,96,ba,32,d9,fb,bc,39,d7,e7,32,3b,d3,74,50,3e,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\guard32.dll
.
Completion time: 2010-02-24 18:32:02
ComboFix-quarantined-files.txt 2010-02-25 00:31
ComboFix2.txt 2010-02-13 18:23
ComboFix3.txt 2010-02-10 04:10
ComboFix4.txt 2010-02-03 19:04
ComboFix5.txt 2010-02-25 00:24
Pre-Run: 119,706,308,608 bytes free
Post-Run: 119,660,023,808 bytes free
- - End Of File - - 4B6DCDD04E9C67527C73CDBC7D9EFA42