As requested and is there anyway u can tell me if i missed copy and pasting these code lines?
c:\program files\QuickTime\qttask .exe
c:\program files\Windows Defender\msascui .exe
I am not sure I included them because I didn't see them till after I started everything
ComboFix 10-04-21.01 - User 04/21/2010 14:39:38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2422 [GMT -4]
Running from: c:\geek police stuff\Combo-Fix.exe
Command switches used :: c:\geek police stuff\CFscript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\42156.dat"
"c:\program files\6413406.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\42156.dat
c:\program files\6413406.dat
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 18:03 . 2010-04-21 18:31 -------- d-----w- C:\Combo-Fix11551C
2010-04-20 19:55 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 19:55 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 18:35 . 2010-04-20 18:35 -------- d-----w- C:\_OTL
2010-04-18 00:02 . 2010-04-18 00:05 -------- d-----w- C:\Avast Stuff
2010-04-17 19:47 . 2010-04-17 19:53 -------- d-----w- C:\Combo-Fix
2010-04-17 19:06 . 2010-04-17 19:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 19:05 . 2010-04-17 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\avG
2010-04-17 19:05 . 2010-04-17 19:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-17 19:04 . 2010-04-19 06:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-17 19:01 . 2010-04-17 19:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-17 15:38 . 2010-04-21 18:39 -------- d-----w- C:\geek police stuff
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\avG
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-14 13:48 . 2010-04-14 13:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-11 19:46 . 2010-04-11 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-11 19:46 . 2010-04-11 19:47 -------- d-----w- c:\program files\Google
2010-04-10 20:12 . 2001-08-18 02:36 110621 -c--a-w- c:\windows\system32\dllcache\digirlpt.dll
2010-04-10 20:12 . 2001-08-18 02:36 110621 ----a-w- c:\windows\system32\digirlpt.dll
2010-04-10 20:12 . 2001-08-17 16:17 42432 -c--a-w- c:\windows\system32\dllcache\digirlpt.sys
2010-04-10 20:12 . 2001-08-17 16:17 42432 ----a-w- c:\windows\system32\drivers\digirlpt.sys
2010-04-07 19:05 . 2010-04-07 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-06 20:59 . 2010-04-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-27 18:29 . 2010-03-27 18:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-23 14:30 . 2010-04-18 18:44 -------- d-----w- c:\program files\QuickTime
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\program files\Common Files\Apple
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\program files\Apple Software Update
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 18:39 . 2009-05-23 01:43 -------- d-----w- c:\program files\Windows Defender
2010-04-21 17:13 . 2009-05-25 02:32 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-21 17:13 . 2009-05-25 02:32 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-20 22:36 . 2010-04-17 20:34 8704 --sha-w- c:\program files\Thumbs.db
2010-04-20 19:55 . 2009-08-03 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 00:11 . 2009-05-25 02:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-17 03:34 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-16 23:33 . 2009-07-07 02:02 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-04-16 20:09 . 2009-07-07 02:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-04-14 16:47 . 2010-04-18 00:06 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-04-18 00:06 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:37 . 2010-04-18 00:06 102736 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-04-14 16:37 . 2010-04-18 00:06 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-04-14 16:36 . 2010-04-18 00:06 196048 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-04-14 16:35 . 2010-04-18 00:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-04-18 00:06 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-04-18 00:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-04-18 00:06 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-04-18 00:06 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-04-18 00:06 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-04-18 00:06 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-06 21:01 . 2009-05-23 01:31 -------- d-----w- c:\program files\Alwil Software
2010-03-26 14:33 . 2010-04-14 23:25 1496064 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-14 23:25 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-14 23:25 339456 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-14 23:25 346112 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 20:46 . 2009-05-24 23:42 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-19 14:27 . 2009-05-23 01:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-17 05:31 . 2010-03-17 05:31 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:16 . 2009-10-02 17:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 03:12 . 2009-05-25 01:40 -------- d-----w- c:\documents and settings\User\Application Data\SoapMakerData
2010-02-23 03:12 . 2010-02-23 03:12 -------- d-----w- c:\program files\SoapMaker3
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-05-20 03:49 . 2009-05-24 23:15 306 ----a-w- c:\program files\Shortcut to My Documents.lnk
2004-07-06 17:54 . 2007-05-22 20:10 1241088 ----a-w- c:\program files\PGE_PlugIn.8bf
1998-05-31 04:00 . 1998-05-31 04:00 295696 ----a-w- c:\program files\Common Files\MSJTOR35.DLL
2009-05-24 23:42 . 2009-05-24 23:42 88 --sh--r- c:\windows\system32\16071871B6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-11 136176]
"Fraps"="c:\fraps\FRAPS.EXE" [2010-03-31 2181040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [4/17/2010 8:06 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [4/17/2010 8:06 PM 196048]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [4/17/2010 8:06 PM 102736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/17/2010 8:06 PM 297552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/17/2010 8:06 PM 162768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2010 8:06 PM 19024]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [4/17/2010 8:06 PM 119200]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2010 3:46 PM 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [4/10/2010 4:12 PM 42432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:46]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:46]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-602162358-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 19:46]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-602162358-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 19:46]
2010-04-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 14:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-04-21 15:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 19:04
ComboFix2.txt 2010-04-21 18:29
ComboFix3.txt 2010-04-21 03:56
ComboFix4.txt 2010-04-20 23:06
Pre-Run: 101,713,883,136 bytes free
Post-Run: 101,771,997,184 bytes free
- - End Of File - - C6031105B101C1BC418D08DC71DA4AE5
c:\program files\QuickTime\qttask .exe
c:\program files\Windows Defender\msascui .exe
I am not sure I included them because I didn't see them till after I started everything
ComboFix 10-04-21.01 - User 04/21/2010 14:39:38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2422 [GMT -4]
Running from: c:\geek police stuff\Combo-Fix.exe
Command switches used :: c:\geek police stuff\CFscript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\42156.dat"
"c:\program files\6413406.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\42156.dat
c:\program files\6413406.dat
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 18:03 . 2010-04-21 18:31 -------- d-----w- C:\Combo-Fix11551C
2010-04-20 19:55 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 19:55 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 18:35 . 2010-04-20 18:35 -------- d-----w- C:\_OTL
2010-04-18 00:02 . 2010-04-18 00:05 -------- d-----w- C:\Avast Stuff
2010-04-17 19:47 . 2010-04-17 19:53 -------- d-----w- C:\Combo-Fix
2010-04-17 19:06 . 2010-04-17 19:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 19:05 . 2010-04-17 19:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\avG
2010-04-17 19:05 . 2010-04-17 19:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-17 19:04 . 2010-04-19 06:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-17 19:01 . 2010-04-17 19:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-17 15:38 . 2010-04-21 18:39 -------- d-----w- C:\geek police stuff
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\avG
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-14 13:48 . 2010-04-14 13:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-11 19:46 . 2010-04-11 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-11 19:46 . 2010-04-11 19:47 -------- d-----w- c:\program files\Google
2010-04-10 20:12 . 2001-08-18 02:36 110621 -c--a-w- c:\windows\system32\dllcache\digirlpt.dll
2010-04-10 20:12 . 2001-08-18 02:36 110621 ----a-w- c:\windows\system32\digirlpt.dll
2010-04-10 20:12 . 2001-08-17 16:17 42432 -c--a-w- c:\windows\system32\dllcache\digirlpt.sys
2010-04-10 20:12 . 2001-08-17 16:17 42432 ----a-w- c:\windows\system32\drivers\digirlpt.sys
2010-04-07 19:05 . 2010-04-07 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-06 20:59 . 2010-04-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-27 18:29 . 2010-03-27 18:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-23 14:30 . 2010-04-18 18:44 -------- d-----w- c:\program files\QuickTime
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\program files\Common Files\Apple
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\program files\Apple Software Update
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 18:39 . 2009-05-23 01:43 -------- d-----w- c:\program files\Windows Defender
2010-04-21 17:13 . 2009-05-25 02:32 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-21 17:13 . 2009-05-25 02:32 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-20 22:36 . 2010-04-17 20:34 8704 --sha-w- c:\program files\Thumbs.db
2010-04-20 19:55 . 2009-08-03 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 00:11 . 2009-05-25 02:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-17 03:34 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-16 23:33 . 2009-07-07 02:02 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-04-16 20:09 . 2009-07-07 02:12 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-04-14 16:47 . 2010-04-18 00:06 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-04-18 00:06 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:37 . 2010-04-18 00:06 102736 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-04-14 16:37 . 2010-04-18 00:06 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-04-14 16:36 . 2010-04-18 00:06 196048 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-04-14 16:35 . 2010-04-18 00:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-04-18 00:06 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-04-18 00:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-04-18 00:06 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-04-18 00:06 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-04-18 00:06 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-04-18 00:06 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-06 21:01 . 2009-05-23 01:31 -------- d-----w- c:\program files\Alwil Software
2010-03-26 14:33 . 2010-04-14 23:25 1496064 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-14 23:25 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-14 23:25 339456 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-14 23:25 346112 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 20:46 . 2009-05-24 23:42 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-19 14:27 . 2009-05-23 01:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-17 05:31 . 2010-03-17 05:31 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:16 . 2009-10-02 17:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 03:12 . 2009-05-25 01:40 -------- d-----w- c:\documents and settings\User\Application Data\SoapMakerData
2010-02-23 03:12 . 2010-02-23 03:12 -------- d-----w- c:\program files\SoapMaker3
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-05-20 03:49 . 2009-05-24 23:15 306 ----a-w- c:\program files\Shortcut to My Documents.lnk
2004-07-06 17:54 . 2007-05-22 20:10 1241088 ----a-w- c:\program files\PGE_PlugIn.8bf
1998-05-31 04:00 . 1998-05-31 04:00 295696 ----a-w- c:\program files\Common Files\MSJTOR35.DLL
2009-05-24 23:42 . 2009-05-24 23:42 88 --sh--r- c:\windows\system32\16071871B6.sys
.
Code:
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-28 13145448]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-11 136176]
"Fraps"="c:\fraps\FRAPS.EXE" [2010-03-31 2181040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [4/17/2010 8:06 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [4/17/2010 8:06 PM 196048]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [4/17/2010 8:06 PM 102736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/17/2010 8:06 PM 297552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/17/2010 8:06 PM 162768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/17/2010 8:06 PM 19024]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [4/17/2010 8:06 PM 119200]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2010 3:46 PM 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [4/10/2010 4:12 PM 42432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:46]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:46]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-602162358-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 19:46]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-602162358-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 19:46]
2010-04-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qvr1ntkg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 14:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-04-21 15:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 19:04
ComboFix2.txt 2010-04-21 18:29
ComboFix3.txt 2010-04-21 03:56
ComboFix4.txt 2010-04-20 23:06
Pre-Run: 101,713,883,136 bytes free
Post-Run: 101,771,997,184 bytes free
- - End Of File - - C6031105B101C1BC418D08DC71DA4AE5