Here it is then, sans quotes.
ComboFix 10-04-17.07 - Verdius 04/19/2010 2:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1780 [GMT -4:00]
Running from: c:\users\Verdius\Desktop\Geroge.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\-{SUMOTorrent.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\-=[SUMOTorrent.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\(SUMOTorrent.com)_Disgraced18_-_Faye_Reagan_(redhead_freckles_puffy_nipples).pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\=[SUMOTorrent.com]=_Disgraced_18_-_Riley_Rey.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\=[SUMOTorrent.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\o{SUMOTorrent.pif
c:\windows\system32\AutoRun.inf
c:\windows\system32\reboot.txt
----- BITS: Possible infected sites -----
hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\tIM_2\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\Tim\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\Che\AppData\Local\temp
2010-04-19 06:17 . 2010-04-19 06:17 28880 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F456AA-660D-4B28-BB28-054B6D3D8D4C}\MpKslf493949b.sys
2010-04-18 21:40 . 2010-04-18 21:40 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 21:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 21:40 . 2010-04-18 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 21:40 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 06:06 . 2010-04-17 06:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-17 02:04 . 2010-04-17 02:04 318976 ----a-w- c:\windows\system32\CF13612.exe
2010-04-17 01:24 . 2010-04-17 01:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-17 01:24 . 2010-04-17 01:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 22:51 . 2010-04-16 22:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-16 21:40 . 2010-04-18 21:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-16 21:21 . 2010-04-16 22:51 -------- d-----w- c:\programdata\Hitman Pro
2010-04-16 21:21 . 2010-04-16 21:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-15 21:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-15 21:33 . 2010-04-17 06:06 -------- d-----w- c:\programdata\Lavasoft
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\Malwarebytes
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 21:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 21:19 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 21:18 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 21:18 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 21:18 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 21:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 21:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 21:18 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 21:18 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 21:18 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 21:18 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- c:\windows\Sun
2010-04-13 22:53 . 2010-04-13 22:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\users\tIM_2\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-18 21:39 -------- d-----w- c:\users\Verdius\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-05 20:40 -------- d-----w- c:\program files\TabletPlugins
2010-04-05 20:39 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-05 20:38 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-05 20:38 . 2009-08-27 22:06 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-04-05 20:38 . 2010-04-05 20:38 -------- d-----w- c:\windows\system32\WTablet
2010-04-05 20:38 . 2009-11-24 19:20 285184 ------w- c:\windows\system32\Wintab32.dll
2010-04-05 20:38 . 2009-11-24 19:25 4463400 ------w- c:\windows\system32\Wacom_Tablet.exe
2010-04-05 20:38 . 2009-11-24 19:25 412456 ------w- c:\windows\system32\Wacom_Tablet.dll
2010-04-05 20:38 . 2010-04-05 20:39 -------- d-----w- c:\program files\Tablet
2010-03-31 19:31 . 2010-03-31 19:31 -------- d-----w- c:\users\tIM_2\AppData\Roaming\Autodesk
2010-03-31 06:06 . 2010-04-15 11:51 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-31 06:06 . 2010-03-31 06:07 -------- d-----w- c:\users\Verdius\AppData\Roaming\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:29 -------- d-----w- c:\programdata\Yahoo!
2010-03-31 06:05 . 2009-12-14 21:52 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-03-31 06:05 . 2010-04-15 11:52 -------- d-----w- c:\program files\Yahoo!
2010-03-31 02:36 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 02:36 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\users\Tim\AppData\Roaming\Autodesk
2010-03-28 07:17 . 2010-03-28 07:17 -------- d-----w- c:\users\Verdius\AppData\Local\Apps
2010-03-26 21:37 . 2010-03-26 21:37 -------- d-----w- c:\users\Verdius\AppData\Roaming\Autodesk
2010-03-26 21:37 . 2010-03-28 10:03 -------- d-----w- c:\programdata\Alias
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\Autodesk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 19:34 . 2009-01-22 13:48 2032 ----a-w- c:\users\Verdius\AppData\Local\d3d9caps.dat
2010-04-17 02:57 . 2008-08-18 00:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 03:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 03:08 . 2008-09-07 19:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 16:39 . 2008-06-23 20:58 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-15 16:16 . 2010-04-15 16:16 34360 ------w- c:\windows\system32\drivers\mouclass.sys83BA0E68
2010-04-15 11:51 . 2010-03-20 02:54 -------- d-----w- c:\programdata\FLEXnet
2010-04-15 11:51 . 2008-09-30 15:16 -------- d-----w- c:\users\Verdius\AppData\Roaming\BitTorrent
2010-04-12 17:12 . 2009-01-15 22:01 -------- d-----w- c:\program files\Steam
2010-04-09 04:26 . 2010-03-07 19:26 439816 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 16:49 . 2008-06-25 07:39 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-03 16:48 . 2008-06-25 07:39 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-31 19:31 . 2009-11-02 22:33 375384 ----a-w- c:\users\tIM_2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 21:35 . 2008-06-23 05:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 00:51 . 2008-07-12 19:19 375384 ----a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 02:54 . 2008-06-23 04:22 375384 ----a-w- c:\users\Verdius\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 01:02 . 2010-03-20 01:02 -------- d-----w- c:\programdata\ALM
2010-03-20 00:50 . 2010-03-20 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-20 00:44 . 2010-03-20 00:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-15 18:08 . 2010-03-15 18:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-15 17:59 . 2008-06-23 04:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-08 22:26 . 2009-11-21 00:45 375384 ----a-w- c:\users\Che\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 03:26 . 2010-03-08 03:26 118784 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 21:58 . 2009-01-15 22:01 -------- d-----w- c:\program files\Common Files\Steam
2010-02-24 14:16 . 2010-01-29 22:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 06:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 06:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 06:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 22:24 . 2010-02-19 22:24 1105920 ----a-w- c:\users\Verdius\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 03:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 03:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 03:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 03:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-21 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-21 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:13 323392 ----a-w- c:\users\Verdius\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-26 16:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e0,35,1c,30,bc,3c,ca,01
R1 dqmqshem;dqmqshem;c:\windows\system32\drivers\dqmqshem.sys [x]
R1 ereuaokm;ereuaokm;c:\windows\system32\drivers\ereuaokm.sys [x]
R1 ghuerudh;ghuerudh;c:\windows\system32\drivers\ghuerudh.sys [x]
R1 hgrcnoaj;hgrcnoaj;c:\windows\system32\drivers\hgrcnoaj.sys [x]
R1 hufuwvhk;hufuwvhk;c:\windows\system32\drivers\hufuwvhk.sys [x]
R1 jjcljqim;jjcljqim;c:\windows\system32\drivers\jjcljqim.sys [x]
R1 MpKslafef8144;MpKslafef8144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD7F9161-8B74-463A-AD82-0F9D53061F2A}\MpKslafef8144.sys [x]
R1 ubkwsltt;ubkwsltt;c:\windows\system32\drivers\ubkwsltt.sys [x]
R1 xmzmpyae;xmzmpyae;c:\windows\system32\drivers\xmzmpyae.sys [x]
R1 ynezzbhl;ynezzbhl;c:\windows\system32\drivers\ynezzbhl.sys [x]
R1 ywfrwohr;ywfrwohr;c:\windows\system32\drivers\ywfrwohr.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 MpKslf493949b;MpKslf493949b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F456AA-660D-4B28-BB28-054B6D3D8D4C}\MpKslf493949b.sys [2010-04-19 28880]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FWLYAPOW
*NewlyCreated* - MPKSLF493949B
*Deregistered* - fwlyapow
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://community.dawnofwar2.com/main.php
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Verdius\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-19 02:47
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0xC500BAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xc8d9dd24
\Driver\ACPI -> acpi.sys @ 0xc860ad68
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}*]
"hahljmcbalfgphip"=hex:6a,61,6f,69,69,6b,6b,66,66,67,61,62,69,6e,6a,62,69,68,
66,64,00,00
"ianlhljdeccmgfgglk"=hex:6a,61,6f,69,69,6b,6b,66,63,67,66,61,62,66,61,6e,69,64,
6a,68,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-19 02:51:59
ComboFix-quarantined-files.txt 2010-04-19 06:51
Pre-Run: 149,741,686,784 bytes free
Post-Run: 149,743,886,336 bytes free
- - End Of File - - A63D32DBEB9EBDEF9A326680C1EBF6E0