I have used the ComboFix
And here's the result...
ComboFix 10-04-21.01 - G 24/04/2010 11:10:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.314 [GMT 10:00]
Running from: d:\downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Galih\Application Data\chrtmp
c:\windows\Fjamea.exe
c:\windows\Fjameb.exe
c:\windows\system32\OGACheckControl.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-23 12:33 . 2010-04-23 12:33 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 08:30 . 2010-04-23 08:30 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-04-23 08:30 . 2010-04-23 08:30 16 ----a-w- c:\windows\system32\asdict.dat
2010-04-23 08:21 . 2010-04-23 08:21 -------- d-----w- c:\documents and settings\Galih\Application Data\BitDefender
2010-04-23 08:20 . 2010-04-23 08:20 -------- d-----w- C:\Binaries
2010-04-23 08:19 . 2010-04-23 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-04-23 08:19 . 2010-04-23 08:20 -------- d-----w- c:\program files\BitDefender
2010-04-23 08:16 . 2010-04-23 08:20 -------- d-----w- c:\program files\Common Files\BitDefender
2010-04-23 05:35 . 2010-04-23 05:35 70656 --sha-r- c:\windows\system32\ialmuHUNT.dll
2010-04-23 05:32 . 2010-04-23 05:32 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-04-23 05:32 . 2010-04-23 05:32 104960 --sh--r- c:\documents and settings\Galih\Application Data\wayh.exe
2010-04-23 05:26 . 2010-04-23 05:26 -------- d-----w- c:\documents and settings\Galih\Application Data\Nitro PDF
2010-04-23 05:11 . 2009-12-15 23:50 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-04-23 05:11 . 2009-12-15 23:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-04-23 05:11 . 2010-04-23 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-04-23 05:11 . 2010-04-23 05:32 -------- d-----w- c:\program files\Nitro PDF
2010-04-23 05:10 . 2010-04-23 05:10 -------- d-----w- c:\documents and settings\Galih\Application Data\Downloaded Installations
2010-04-17 12:11 . 2010-04-17 12:11 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-13 02:21 . 2010-04-13 02:21 -------- d-----w- c:\program files\Disable Spyware
2010-04-12 15:06 . 2010-04-23 13:45 -------- d-----w- c:\program files\Farm Mania 2
2010-04-12 15:05 . 2010-04-12 15:05 -------- d-----w- c:\program files\ReflexiveArcade
2010-04-11 10:45 . 2010-04-11 10:45 131 ----a-w- C:\DeletePrintJobs.cmd
2010-04-10 06:22 . 2010-04-10 06:22 -------- d-----w- c:\windows\system32\Futuremark
2010-04-10 06:22 . 2008-09-17 05:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2010-04-10 06:22 . 2010-04-10 06:22 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-04-06 11:43 . 2010-04-06 11:43 -------- d-----w- c:\documents and settings\Galih\Local Settings\Application Data\Cranium_Consulting_and_Cu
2010-03-31 13:02 . 2010-03-31 13:02 -------- d-----w- c:\program files\iPod
2010-03-31 13:02 . 2010-04-06 11:45 -------- d-----w- c:\program files\iTunes
2010-03-31 13:02 . 2010-03-31 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 12:58 . 2010-03-31 12:59 -------- d-----w- c:\program files\QuickTime
2010-03-31 12:54 . 2010-03-31 12:54 -------- d-----w- c:\program files\Bonjour
2010-03-31 12:51 . 2010-03-31 12:51 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 09:20 . 2010-03-31 09:20 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 09:20 . 2010-03-31 09:20 503808 ----a-w- c:\documents and settings\Galih\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513900ed-n\msvcp71.dll
2010-03-31 09:20 . 2010-03-31 09:20 499712 ----a-w- c:\documents and settings\Galih\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513900ed-n\jmc.dll
2010-03-31 09:20 . 2010-03-31 09:20 348160 ----a-w- c:\documents and settings\Galih\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513900ed-n\msvcr71.dll
2010-03-31 09:20 . 2010-03-31 09:20 12800 ----a-w- c:\documents and settings\Galih\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7801014c-n\decora-d3d.dll
2010-03-31 09:20 . 2010-03-31 09:20 61440 ----a-w- c:\documents and settings\Galih\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7801014c-n\decora-sse.dll
2010-03-26 10:30 . 2010-03-26 10:30 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-03-26 10:19 . 2010-03-26 10:23 -------- d-----w- c:\program files\VS Revo Group
2010-03-26 10:08 . 2010-03-26 10:09 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 00:54 . 2009-02-15 01:41 -------- d-----w- c:\documents and settings\Galih\Application Data\DMCache
2010-04-23 08:42 . 2009-02-15 01:39 -------- d-----w- c:\program files\Internet Download Manager
2010-04-23 08:24 . 2009-02-15 01:40 -------- d-----w- c:\program files\Avast
2010-04-23 05:27 . 2009-03-18 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-22 12:51 . 2009-02-15 01:53 -------- d-----w- c:\documents and settings\Galih\Application Data\mIRC
2010-04-22 12:45 . 2009-02-15 01:53 -------- d-----w- c:\program files\mIRC
2010-04-18 02:29 . 2010-03-19 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 01:56 . 2009-02-15 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-10 06:22 . 2009-02-15 00:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 11:50 . 2010-03-16 13:27 -------- d-----w- c:\program files\iPhone Folders
2010-03-31 13:02 . 2009-02-16 08:27 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 09:18 . 2009-02-16 06:42 -------- d-----w- c:\program files\Java
2010-03-29 14:46 . 2010-03-19 10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:45 . 2010-03-19 10:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 10:34 . 2009-08-11 11:56 -------- d-----w- c:\program files\Westward III Gold Rush
2010-03-26 10:34 . 2009-08-07 13:08 -------- d-----w- c:\program files\Ranch Rush
2010-03-26 10:30 . 2009-04-30 04:27 -------- d-----w- c:\documents and settings\Galih\Application Data\URSoft
2010-03-25 10:01 . 2009-04-08 11:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-23 13:58 . 2010-03-23 13:58 -------- d-----w- c:\documents and settings\Galih\Application Data\Leawo
2010-03-23 13:46 . 2010-03-23 13:45 9 ----a-w- c:\windows\system32\iPhone Video Converter0902.dat
2010-03-23 13:39 . 2010-03-23 13:39 -------- d-----w- c:\documents and settings\Galih\Application Data\ImTOO Software Studio
2010-03-23 13:19 . 2010-03-23 13:19 -------- d-----w- c:\documents and settings\Galih\Application Data\AnvSoft
2010-03-19 10:18 . 2010-03-19 10:18 -------- d-----w- c:\documents and settings\Galih\Application Data\Malwarebytes
2010-03-19 10:18 . 2010-03-19 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-19 09:36 . 2009-02-16 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-10 06:15 . 2005-01-07 00:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:28 . 2009-02-16 06:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 10:49 . 2010-03-08 10:49 -------- d-----w- c:\program files\Unlocker
2010-03-05 00:59 . 2009-02-15 01:41 -------- d-----w- c:\documents and settings\Galih\Application Data\IDM
2010-03-05 00:59 . 2009-04-21 10:28 198064 ----a-w- c:\documents and settings\Galih\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-03-05 00:43 . 2009-04-21 10:26 3153784 ----a-w- c:\documents and settings\Galih\Application Data\IDM\idmupdt.exe
2010-02-28 10:45 . 2010-02-28 10:45 -------- d-----w- c:\program files\Audacity
2010-02-25 06:24 . 2005-01-07 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-01-07 00:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 04:58 . 2010-02-22 04:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-02-16 14:08 . 2005-01-07 00:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-01-07 00:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-01-07 00:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 00:46 . 2010-02-12 00:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 00:46 . 2010-02-12 00:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 12:02 . 2005-01-07 00:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-03 03:57 . 2010-02-03 03:57 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-03 03:56 . 2010-02-03 03:56 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-03-05 3179952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2005-01-07 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2005-01-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2005-01-07 455168]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\RO\\FeelRO.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22/09/2009 9:22 AM 83208]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/03/2010 8:18 PM 303952]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\NitroPDFDriverService.exe [16/12/2009 10:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 10:11 AM 65856]
R2 PD91Agent;PD91Agent;c:\program files\Raxco Perfect Disk 2008\PD91Agent.exe [31/12/2008 12:12 PM 693512]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [3/02/2010 1:57 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [4/01/2010 7:41 PM 110984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/03/2010 8:18 PM 20824]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 5:06 PM 183880]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24/05/2009 1:31 PM 16512]
S3 cpuz130;cpuz130;\??\c:\docume~1\Galih\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Galih\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco Perfect Disk 2008\PD91Engine.exe [31/12/2008 12:12 PM 910600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1637723038-725345543-1003Core.job
- c:\documents and settings\Galih\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 13:11]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1637723038-725345543-1003UA.job
- c:\documents and settings\Galih\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 13:11]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\Galih\Application Data\Mozilla\Firefox\Profiles\u7b16pg3.default\
FF - component: c:\documents and settings\Galih\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Galih\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,72,23,a9,60,25,5b,06,89,9a,36,83,0c,5e,02,d7,79,17,31,5c,0a,
ac,fd,e8,ce,76,90,19,07,42,c6,43,89,dc,b0,3c,0b,1e,5b,54,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f3b10485-11ca-4f60-b05d-8e59c673246a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ab
"Therad"=dword:0000001f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
Completion time: 2010-04-24 11:16:53
ComboFix-quarantined-files.txt 2010-04-24 01:16
Pre-Run: 36,559,245,312 bytes free
Post-Run: 36,781,961,216 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 07DD5740208AFCFC955E12270F2BCF43