I am still unable to get online but I was able to save the Microsoft Windows Recovery console download from microsoft via my laptop and transfer it to my PC (infected computer) and pulled it to Combofix. (also for some reason I can't disable the CA anti virus- even though I unchecked all scans on the system).
Once the scan was complete and I pulled the CFScript.txt file into Combofix.
Results of the 2nd scan(Combo Fix with CFscript.txt):ComboFix 10-04-14.01 - Toni 04/16/2010 8:18.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1543 [GMT -4:00]
Running from: c:\documents and settings\Toni\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Toni\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx
c:\documents and settings\Toni\Local Settings\Application Data\mbidtssnx\ixoukxrtssd.exe
c:\program files\NoAdware5.0
c:\program files\NoAdware5.0\noadware4_012709.na
c:\program files\NoAdware5.0\unins000.dat
c:\program files\NoAdware5.0\unins000.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.
2010-04-16 11:50 . 2010-04-16 11:50 -------- d-----w- c:\windows\LastGood
2010-04-14 23:16 . 2010-04-14 23:19 -------- d-----w- c:\documents and settings\Toni\Application Data\uTorrent
2010-04-13 04:41 . 2010-04-13 04:41 -------- d-----w- c:\program files\ESET
2010-04-13 04:21 . 2010-04-13 04:21 -------- d-----w- C:\_OTS
2010-04-09 13:47 . 2010-04-15 21:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-28 00:53 . 2010-03-28 00:53 2114184 ----a-w- c:\temp\Install_Facebook_Plug-In_1.0.3.exe
2010-03-22 17:58 . 2010-03-22 17:58 -------- d-----w- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 12:21 . 2009-02-17 19:38 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-04-16 11:37 . 2009-01-28 19:20 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-04-16 11:37 . 2009-01-28 19:20 227220 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-04-16 11:36 . 2009-02-17 19:40 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-04-11 18:37 . 2009-02-03 02:26 -------- d-----w- c:\documents and settings\Toni\Application Data\AdobeUM
2010-04-09 16:45 . 2010-02-11 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-09 14:05 . 2009-08-04 03:08 -------- d-----w- c:\documents and settings\Toni\Application Data\U3
2010-04-09 13:53 . 2010-03-10 13:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 21:23 . 2009-08-13 23:13 -------- d-----w- c:\documents and settings\Toni\Application Data\Vso
2010-03-28 00:54 . 2010-02-01 01:44 50354 ----a-w- c:\documents and settings\Toni\Application Data\Facebook\uninstall.exe
2010-03-28 00:54 . 2010-02-01 01:44 -------- d-----w- c:\documents and settings\Toni\Application Data\Facebook
2010-03-19 23:38 . 2009-02-04 05:06 -------- d-----w- c:\documents and settings\Toni\Application Data\ZoomBrowser EX
2010-03-19 21:20 . 2009-01-31 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-03-18 22:58 . 2009-11-18 23:13 79488 ----a-w- c:\documents and settings\Toni\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 14:05 . 2010-03-10 14:05 -------- d-----w- c:\documents and settings\Toni\Application Data\Malwarebytes
2010-03-10 14:05 . 2010-03-10 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 14:04 . 2010-03-10 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-01 23:41 . 2009-01-30 16:19 343928 ----a-w- c:\documents and settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 23:28 . 2010-03-01 23:27 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2010-03-01 23:27 . 2010-03-01 23:27 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-03-01 10:15 . 2009-09-21 22:19 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 20:10 . 2009-03-12 13:30 -------- d-----w- c:\documents and settings\Toni\Application Data\Image Zone Express
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:28 . 2010-02-11 12:28 10134 ----a-r- c:\documents and settings\Toni\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 22:15 . 2009-06-19 22:19 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 16:18 . 2009-06-19 22:19 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 16:18 . 2009-06-19 22:19 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 17:02 . 2010-02-02 17:02 144160 ----a-w- c:\documents and settings\Toni\Application Data\Move Networks\uninstall.exe
2010-02-02 17:02 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Toni\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-02 17:02 . 2010-02-02 17:02 1438976 ----a-w- c:\program files\MoveMediaPlayerWin_071505000011.exe
2010-02-01 01:43 . 2010-02-01 01:43 2107456 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-31 12:26 . 2010-01-31 12:26 1533702 ----a-w- c:\program files\gburner27.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\documents and settings\Toni\Application Data\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
2009-08-13 23:06 . 2009-08-13 23:05 7741336 ----a-w- c:\program files\DivX521XP2K_1.exe
2009-08-13 22:54 . 2009-08-13 22:53 4526458 ----a-w- c:\program files\WinAVI_Video_Converter.exe
2009-06-16 21:38 . 2009-06-16 21:38 2144584 ----a-w- c:\program files\InstallFirefoxPluginV3.exe
2009-06-12 22:34 . 2009-06-12 22:30 24527365 ----a-w- c:\program files\FreeVideoConverter.exe
2009-03-05 21:24 . 2009-03-05 21:24 4909440 ----a-w- c:\program files\Silverlight.2.0.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-04-15_11.57.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-16 11:41 . 2010-04-16 11:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-28 13:12 . 2010-04-16 11:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-28 13:12 . 2009-03-24 23:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-16 11:50 . 2008-09-24 01:46 245408 c:\windows\LastGood\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-22 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-29 230640]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-01-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-01-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-01-28 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-01-28 14088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
c:\documents and settings\Toni\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 21:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/13/2009 7:20 PM 64288]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/11/2010 8:42 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/11/2010 8:42 AM 15856]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 11:08 PM 93712]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 11:08 PM 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 11:08 PM 45584]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 11:08 PM 115216]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/11/2010 8:42 AM 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 6:40 PM 127352]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 11:08 PM 134648]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 11:08 PM 66576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 2:24 PM 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 2:24 PM 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 11:10 PM 281104]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 11:08 PM 88816]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/28/2009 2:24 PM 185584]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:18]
2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-02-23 c:\windows\Tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-01-28 18:26]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage -
www.google.comFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\
[email protected]\components\Shim.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Toni\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.
enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi
n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-NoAdware 5.0_is1 - c:\program files\NoAdware5.0\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-16 08:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\UmxWnp.Dll
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-04-16 08:27:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-16 12:27
ComboFix2.txt 2010-04-16 12:16
ComboFix3.txt 2010-04-15 11:59
Pre-Run: 153,526,624,256 bytes free
Post-Run: 153,495,445,504 bytes free
- - End Of File - - 97396B6F30EF88540E44E9AEFD5695E3