Here's the latest combofix log, and not the slightest trouble to get it!
ComboFix 10-04-30.01 - Per 2010-05-01 2:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2812 [GMT 2:00]
Running from: c:\documents and settings\Per\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.
2010-04-30 14:07 . 2010-04-30 14:07 -------- d-----w- C:\rsit
2010-04-29 20:07 . 2006-08-16 17:26 57344 ----a-w- c:\windows\system32\SM4725CI.dll
2010-04-29 20:07 . 2006-08-16 17:26 151552 ----a-w- c:\windows\system32\SM4725CI.exe
2010-04-29 20:07 . 2006-08-16 17:26 22663 ----a-w- c:\windows\system32\scx425lk.DLL
2010-04-29 20:05 . 2006-08-16 17:20 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-04-29 20:05 . 2010-04-29 20:05 -------- d-----w- c:\temp\SCX-4725
2010-04-29 17:50 . 2010-04-29 17:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-28 12:29 . 2010-02-26 15:26 220024 ----a-w- c:\windows\sigcheck.exe
2010-04-28 12:24 . 2010-04-28 14:42 -------- d-----w- c:\windows\maxdriver
2010-04-27 15:21 . 2010-04-27 15:21 -------- d-----w- c:\documents and settings\Per\Local Settings\Application Data\ESET
2010-04-26 16:41 . 2010-04-26 16:41 -------- d-----w- c:\temp\SamsungUniversalPrintDriver
2010-04-26 16:39 . 2010-04-29 20:05 -------- d-----w- c:\program files\SAMSUNG
2010-04-26 16:39 . 2010-04-26 16:39 -------- d-----w- c:\temp\ML-1710
2010-04-26 16:29 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-04-26 16:29 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-25 16:00 . 2010-04-25 16:00 -------- d-----w- c:\program files\Defraggler
2010-04-25 11:25 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-24 09:55 . 2010-04-24 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-04-24 09:55 . 2010-04-24 09:55 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\documents and settings\Per\Application Data\Foxit
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\program files\Foxit Software
2010-04-24 09:12 . 2010-04-24 09:12 -------- d-----w- c:\documents and settings\Per\Application Data\JAM Software
2010-04-24 09:09 . 2010-04-24 09:09 -------- d-----w- c:\program files\JAM Software
2010-04-24 09:08 . 2010-04-24 09:09 -------- d-----w- c:\program files\ImgBurn
2010-04-24 09:08 . 2009-05-13 16:51 19968 ----a-w- c:\windows\system32\drivers\imdisk.sys
2010-04-24 09:08 . 2009-02-09 13:16 9216 ----a-w- c:\windows\system32\drivers\awealloc.sys
2010-04-24 09:08 . 2009-05-13 16:51 10240 ----a-w- c:\windows\system32\imdsksvc.exe
2010-04-24 09:08 . 2009-05-13 16:51 35840 ----a-w- c:\windows\system32\imdisk.exe
2010-04-24 06:43 . 2010-04-24 06:43 -------- d-----w- c:\documents and settings\Per\DoctorWeb
2010-04-24 00:37 . 2004-10-15 16:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2010-04-24 00:37 . 2004-10-15 16:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2010-04-24 00:37 . 2004-10-15 16:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2010-04-24 00:37 . 2004-10-15 16:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2010-04-24 00:37 . 2010-04-24 00:37 -------- d-----w- c:\program files\Sygate
2010-04-23 23:51 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-23 23:51 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-23 23:51 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-23 23:49 . 2010-04-23 23:50 -------- dc-h--w- c:\windows\ie8
2010-04-23 23:47 . 2010-04-23 23:47 -------- d-----w- c:\program files\Trend Micro
2010-04-23 23:41 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-23 23:38 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-23 23:38 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-23 23:37 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-23 23:37 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-23 23:37 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 23:35 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-23 23:34 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-23 23:08 . 2010-04-28 13:10 -------- d-----w- c:\documents and settings\Per\Local Settings\Application Data\Spotify
2010-04-23 23:08 . 2010-04-28 12:55 -------- d-----w- c:\documents and settings\Per\Application Data\Spotify
2010-04-23 22:35 . 2010-04-23 22:35 -------- d-----w- c:\program files\Common Files\Java
2010-04-23 22:35 . 2010-04-23 22:35 503808 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6774b8ce-n\msvcp71.dll
2010-04-23 22:35 . 2010-04-23 22:35 499712 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6774b8ce-n\jmc.dll
2010-04-23 22:35 . 2010-04-23 22:35 348160 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6774b8ce-n\msvcr71.dll
2010-04-23 22:35 . 2010-04-23 22:35 61440 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-45960d9c-n\decora-sse.dll
2010-04-23 22:35 . 2010-04-23 22:35 12800 ----a-w- c:\documents and settings\Per\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-45960d9c-n\decora-d3d.dll
2010-04-23 22:35 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 20:53 . 2009-02-07 05:43 24576 ----a-w- c:\documents and settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2010-04-23 20:53 . 2009-05-17 17:56 11776 ----a-w- c:\documents and settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\WINNT_x86-msvc\components\mgMouseService.dll
2010-04-23 19:33 . 2010-04-23 19:33 -------- d-----w- c:\program files\MAPILab Ltd
2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\windows\Downloaded Installations
2010-04-23 19:15 . 2010-04-23 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-03 20:55 . 2010-04-03 20:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 20:55 . 2010-04-03 20:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 20:55 . 2010-04-03 20:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 20:55 . 2010-04-03 20:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 20:55 . 2010-04-03 20:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 20:55 . 2010-04-03 20:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 11:50 . 2009-04-19 08:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-25 11:24 . 2009-04-19 08:58 -------- d-----w- c:\program files\Sony Ericsson
2010-04-25 11:24 . 2009-03-13 21:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-25 11:23 . 2009-04-19 08:59 -------- d-----w- c:\program files\Avanquest update
2010-04-24 15:54 . 2009-04-22 19:18 -------- d-----w- c:\program files\Axis Communications
2010-04-24 09:59 . 2009-03-15 09:12 -------- d-----w- c:\program files\ESET
2010-04-24 08:43 . 2009-04-04 20:49 -------- d-----w- c:\documents and settings\Per\Application Data\Audacity
2010-04-23 23:31 . 2009-03-13 21:28 64752 ----a-w- c:\documents and settings\Per\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-23 22:54 . 2009-04-10 21:54 -------- d-----w- c:\program files\SpeedFan
2010-04-23 22:41 . 2009-04-04 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 22:35 . 2009-04-08 16:54 -------- d-----w- c:\program files\Java
2010-04-23 20:28 . 2009-05-23 12:59 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 20:55 . 2009-03-14 05:16 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-03 20:55 . 2009-03-13 21:20 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 20:55 . 2007-10-04 08:14 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 20:55 . 2007-10-04 08:14 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 20:55 . 2007-10-04 08:14 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 20:55 . 2007-10-04 08:14 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 20:55 . 2007-10-04 08:14 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 20:55 . 2007-10-04 08:14 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-29 22:46 . 2009-04-04 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-04-04 06:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 07:49 . 2010-04-26 16:42 282624 ----a-w- c:\windows\system32\DscPnt.dll
2010-03-16 15:01 . 2010-04-26 16:42 141680 ----a-w- c:\windows\system32\SUPDSvcA.dll
2010-03-16 15:01 . 2010-04-26 16:42 132464 ----a-w- c:\windows\system32\SUPDSvc.exe
2010-03-16 15:00 . 2010-04-26 16:42 260464 ----a-w- c:\windows\SUPDRun.exe
2010-03-11 12:38 . 2010-03-11 12:38 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-10 06:15 . 2007-07-27 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:34 . 2010-04-26 16:42 157552 ----a-w- c:\windows\system32\spd__ci.exe
2010-02-25 06:24 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-07-27 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2007-07-27 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2007-07-27 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2007-07-27 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-04-28_14.08.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 00:00 . 2010-05-01 00:00 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
+ 2007-07-27 12:00 . 2010-04-30 23:58 72108 c:\windows\system32\perfc009.dat
- 2007-07-27 12:00 . 2010-04-28 14:00 72108 c:\windows\system32\perfc009.dat
+ 2010-04-28 14:42 . 2002-09-18 04:38 82944 c:\windows\maxdriver\sed.exe
+ 2010-04-29 20:07 . 2008-04-13 23:12 543232 c:\windows\system32\spool\drivers\w32x86\PSCRIPT5.DLL
+ 2010-04-29 20:07 . 2008-04-13 23:12 728576 c:\windows\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2010-04-29 20:07 . 2008-04-13 23:12 543232 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2010-04-29 20:07 . 2008-04-13 23:12 728576 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2007-07-27 12:00 . 2010-04-30 23:58 444358 c:\windows\system32\perfh009.dat
- 2007-07-27 12:00 . 2010-04-28 14:00 444358 c:\windows\system32\perfh009.dat
+ 2010-04-28 14:42 . 2009-12-11 19:48 1041920 c:\windows\maxdriver\pevFind.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Hard Disk Sentinel"="g:\program files\Hard Disk Sentinel\HDSentinel.exe" [2009-02-24 3198464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-12 614400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2009-5-3 939536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 29728]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-04-25 27632]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-04-25 90112]
S3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\drivers\awealloc.sys [2010-04-24 9216]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-04-19 13224]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\drivers\imdisk.sys [2010-04-24 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-04-18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-04-18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-04-18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-04-18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-04-18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-04-18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-04-18 115752]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-04-26 132464]
S4 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2010-04-24 10240]
.
Contents of the 'Scheduled Tasks' folder
2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{E51E9111-755F-4990-99AB-39BEABF9B266}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
hxxp://81.232.99.43:60108/activex/AMC.cabFF - ProfilePath - c:\documents and settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.leta.se/FF - component: c:\documents and settings\Per\Application Data\Mozilla\Firefox\Profiles\9l23s4zn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-01 02:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9160B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> 0x8a9160b8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 30 !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1844237615-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,16,57,02,3b,e5,67,7e,51,a1,ab,35,30,1a,60,b1,b1,bf,5b,05,40,89,12,
96,a7,85,da,07,ef,fa,f4,8e,87,76,cb,87,cd,98,ac,b8,36,d6,e1,e0,16,94,85,ad,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"D140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2010-05-01 02:03:47
ComboFix-quarantined-files.txt 2010-05-01 00:03
ComboFix2.txt 2010-04-28 14:09
ComboFix3.txt 2010-04-27 15:27
Pre-Run: 28 985 556 992 bytes free
Post-Run: 29 064 499 200 bytes free
- - End Of File - - E5DA63BDCF3BF72E66C09CF053EA02DE
MBAM log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4056
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-05-01 02:15:01
mbam-log-2010-05-01 (02-15-01).txt
Scan type: Quick scan
Objects scanned: 112528
Time elapsed: 1 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)