ComboFix 10-04-21.01 - Fuc-Q 04/26/2010  10:08:47.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.387.1033.18.767.363 [GMT 2:00]
Running from: c:\documents and settings\Fuc-Q\Desktop\opala.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Fuc-Q\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\About.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Activate.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Buy.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Digital Protection.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Scan.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Settings.lnk
c:\documents and settings\Fuc-Q\Start Menu\Programs\Digital Protection\Update.lnk
c:\program files\Digital Protection
c:\program files\Digital Protection\digext.dll
c:\program files\Digital Protection\dighook.dll
c:\windows\PRAGMAsecylprpvn
c:\windows\PRAGMAsecylprpvn\PRAGMAcfg.ini
c:\windows\PRAGMAsecylprpvn\PRAGMAd.sys
c:\windows\system32\drivers\hbud.sys
c:\windows\system32\Drivers\pefp.sys
c:\windows\system32\Drivers\wucql.sys
c:\windows\system32\pragmabbr.dll
c:\windows\system32\pragmaserf.dll
c:\windows\system32\PRAGMAsrcr.dat

c:\windows\system32\grpconv.exe was missing 
Restored copy from - c:\system volume information\_restore{3950B024-53B2-4028-BB2D-B23B44F29118}\RP26\A0009753.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMASECYLPRPVN
-------\Service_PRAGMAsecylprpvn
-------\Legacy_bgrqm
-------\Legacy_mebllgud
-------\Legacy_wjgsrr
-------\Service_bgrqm
-------\Service_mebllgud
-------\Service_wjgsrr


(((((((((((((((((((((((((   Files Created from 2010-03-26 to 2010-04-26  )))))))))))))))))))))))))))))))
.

2010-04-26 08:13 . 2004-08-03 22:56	39424	-c--a-w-	c:\windows\system32\dllcache\grpconv.exe
2010-04-26 08:13 . 2004-08-03 22:56	39424	----a-w-	c:\windows\system32\grpconv.exe
2010-04-25 19:47 . 2010-04-26 07:37	--------	d-----w-	c:\windows\system32\NtmsData
2010-04-25 19:44 . 2010-04-25 19:44	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\Avira
2010-04-25 19:39 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-04-25 19:39 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-04-25 19:39 . 2009-05-11 10:49	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-04-25 19:39 . 2009-05-11 10:49	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-04-25 19:39 . 2010-04-25 19:39	--------	d-----w-	c:\program files\Avira
2010-04-25 19:39 . 2010-04-25 19:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2010-04-25 19:38 . 2010-04-25 19:38	--------	d-----w-	c:\windows\Sun
2010-04-25 12:39 . 2010-04-25 19:11	--------	d-----w-	c:\documents and settings\Administrator
2010-04-25 05:09 . 2010-04-26 07:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-25 05:09 . 2010-04-25 05:09	--------	d-----w-	c:\program files\Alwil Software
2010-04-24 20:25 . 2010-04-24 20:25	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\Malwarebytes
2010-04-24 20:24 . 2010-03-29 22:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 20:24 . 2010-04-24 20:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-24 20:24 . 2010-03-29 22:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-24 20:24 . 2010-04-24 20:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-24 08:21 . 2010-04-25 19:43	--------	d-----w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\Unity
2010-04-21 20:57 . 2010-04-21 20:57	40128	----a-w-	c:\windows\system32\drivers\wguuqkbj.sys
2010-04-19 19:34 . 2010-04-19 19:34	--------	d-----w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\Video Downloader
2010-04-17 21:07 . 2010-04-17 21:07	--------	d-----w-	c:\windows\OvtCam
2010-04-16 19:42 . 2010-04-22 12:54	--------	d-----w-	c:\documents and settings\Fuc-Q\ChrometaV2
2010-04-16 19:41 . 2010-04-16 19:40	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-04-16 19:40 . 2010-04-16 19:40	--------	d-----w-	c:\program files\Java
2010-04-16 19:40 . 2010-04-16 19:40	152576	----a-w-	c:\documents and settings\Fuc-Q\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-04-16 19:32 . 2010-04-16 19:32	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\Youtube Downloader HD
2010-04-16 19:32 . 2010-04-16 19:32	--------	d-----w-	c:\program files\Youtube Downloader HD
2010-04-14 11:30 . 2010-04-14 11:30	38976	----a-w-	c:\windows\system32\drivers\pssdk42.sys
2010-04-14 11:30 . 2010-04-14 11:30	--------	d-----w-	c:\program files\NetWorx
2010-04-14 11:30 . 2010-04-14 11:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\SoftPerfect
2010-04-14 02:11 . 2010-04-14 02:11	--------	d-----w-	c:\program files\Poedit
2010-04-12 05:47 . 2010-04-12 05:52	--------	d-----w-	c:\program files\NetMeter
2010-04-12 05:19 . 2006-10-26 17:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-12 05:19 . 2006-10-26 17:56	32592	----a-w-	c:\windows\system32\msonpmon.dll
2010-04-12 05:17 . 2010-04-12 05:17	--------	d-----w-	c:\program files\Microsoft Works
2010-04-12 05:17 . 2010-04-12 05:17	--------	d-----w-	c:\program files\MSBuild
2010-04-12 05:12 . 2010-04-12 05:17	--------	d-----w-	c:\windows\SHELLNEW
2010-04-12 05:12 . 2010-04-12 05:12	--------	d-----w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\Microsoft Help
2010-04-12 05:11 . 2010-04-12 05:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 05:11 . 2010-04-12 05:11	--------	d-----r-	C:\MSOCache
2010-04-12 02:46 . 2010-04-26 08:15	--------	d-----w-	c:\documents and settings\Fuc-Q\Tracing
2010-04-12 02:40 . 2010-04-12 02:40	--------	d-----w-	c:\program files\Microsoft
2010-04-12 02:40 . 2010-04-12 02:40	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-04-12 02:40 . 2010-04-12 02:40	--------	d-----w-	c:\program files\Windows Live
2010-04-12 02:23 . 2010-04-12 02:23	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-04-12 02:15 . 2010-04-12 02:15	--------	d-----w-	c:\program files\MoRUN.net
2010-04-12 00:35 . 2010-04-12 00:35	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-04-12 00:35 . 2010-04-12 00:35	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\skypePM
2010-04-12 00:34 . 2010-04-12 01:54	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\Skype
2010-04-12 00:34 . 2010-04-12 00:34	--------	d-----w-	c:\program files\Common Files\Skype
2010-04-12 00:34 . 2010-04-12 00:34	--------	d-----r-	c:\program files\Skype
2010-04-12 00:34 . 2010-04-12 00:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-04-11 10:19 . 2010-04-11 10:25	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\ooVoo Details
2010-04-11 10:08 . 2010-04-11 10:08	0	----a-w-	c:\windows\nsreg.dat
2010-04-11 10:08 . 2010-04-11 10:08	--------	d-----w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\Mozilla
2010-04-10 00:33 . 2010-04-14 02:08	68456	----a-w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-09 00:14 . 2010-04-09 00:35	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\Notepad++
2010-04-09 00:14 . 2010-04-09 00:14	--------	d-----w-	c:\program files\Notepad++
2010-04-08 23:51 . 2010-04-08 23:51	--------	d-----w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\Torus
2010-04-08 10:46 . 2010-04-08 10:46	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\Webcammax
2010-04-08 10:45 . 2010-04-08 10:45	--------	d-----w-	c:\windows\system32\QuickTime
2010-04-08 10:45 . 2010-04-08 10:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Webcammax
2010-04-08 10:45 . 2010-04-08 10:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\TechSmith
2010-04-08 10:45 . 2004-08-03 21:10	10880	-c--a-w-	c:\windows\system32\dllcache\ndisip.sys
2010-04-08 10:45 . 2004-08-03 21:10	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys
2010-04-08 10:45 . 2004-08-03 21:10	15360	-c--a-w-	c:\windows\system32\dllcache\streamip.sys
2010-04-08 10:45 . 2004-08-03 21:10	15360	----a-w-	c:\windows\system32\drivers\StreamIP.sys
2010-04-08 10:43 . 2010-04-08 10:43	--------	d-----w-	c:\program files\Gadwin Systems
2010-04-08 10:42 . 2010-04-08 10:42	--------	d-----w-	c:\program files\Foxit Software
2010-04-08 10:42 . 2004-08-03 22:56	53760	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-08 10:42 . 2004-08-03 22:56	53760	----a-w-	c:\windows\system32\vfwwdm32.dll
2010-04-08 10:41 . 2010-04-08 10:41	--------	d-----w-	c:\program files\Common Files\TechSmith Shared
2010-04-08 10:40 . 2010-04-08 10:40	--------	d-----w-	c:\program files\TechSmith
2010-04-08 10:40 . 2010-04-08 10:47	--------	d-----w-	c:\program files\WebcamMax
2010-04-08 09:34 . 2009-08-19 03:18	107864	----a-w-	c:\windows\system32\tsccvid.dll
2010-04-08 07:25 . 2010-04-08 07:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Adobe Systems
2010-04-08 07:22 . 2010-04-08 07:26	--------	d-----w-	c:\documents and settings\Fuc-Q\Local Settings\Application Data\Adobe
2010-04-08 05:38 . 2010-04-08 05:38	--------	d-----w-	c:\program files\Common Files\Adobe Systems Shared
2010-04-08 05:22 . 2010-04-08 05:42	--------	d-----w-	c:\program files\Common Files\Adobe
2010-04-08 05:19 . 2010-04-08 05:19	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\GRETECH
2010-04-08 05:17 . 2010-04-08 05:17	--------	d-----w-	c:\program files\GRETECH
2010-04-08 05:07 . 2001-08-17 13:59	3072	----a-w-	c:\windows\system32\drivers\audstub.sys
2010-04-08 05:07 . 2004-08-04 00:56	21504	----a-w-	c:\windows\system32\hidserv.dll
2010-04-08 05:07 . 2004-08-03 22:59	57472	----a-w-	c:\windows\system32\drivers\redbook.sys
2010-04-08 05:06 . 2004-08-03 23:08	10624	----a-w-	c:\windows\system32\drivers\gameenum.sys
2010-04-08 05:06 . 2004-08-03 22:29	1897408	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2010-04-08 05:06 . 2004-08-04 00:56	4274816	----a-w-	c:\windows\system32\nv4_disp.dll
2010-04-08 05:06 . 2004-08-03 22:59	5504	----a-w-	c:\windows\system32\drivers\intelide.sys
2010-04-08 05:06 . 2004-08-03 23:07	42368	----a-w-	c:\windows\system32\drivers\AGP440.SYS
2010-04-08 05:06 . 2004-08-04 00:56	74240	----a-w-	c:\windows\system32\usbui.dll
2010-04-08 05:05 . 2010-04-25 11:47	--------	d-sh--w-	c:\windows\Installer
2010-04-08 05:05 . 2001-08-23 10:00	77824	-c--a-w-	c:\windows\system32\dllcache\spcommon.dll
2010-04-08 05:05 . 2001-08-23 10:00	61440	-c--a-w-	c:\windows\system32\dllcache\spcplui.dll
2010-04-08 05:03 . 2010-04-25 12:39	--------	d-----w-	C:\Documents and Settings
2010-04-08 05:03 . 2010-04-11 10:18	--------	d--h--w-	c:\documents and settings\Default User
2010-04-08 05:03 . 2010-04-08 03:33	--------	d-----w-	c:\documents and settings\All Users

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 19:43 . 2010-04-08 03:43	--------	d-----w-	c:\program files\ESET
2010-04-25 12:39 . 2010-04-25 12:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-22 15:14 . 2010-04-08 03:46	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-22 07:43 . 2004-08-03 22:56	1032192	----a-w-	c:\windows\explorer.exe
2010-04-17 19:14 . 2010-04-17 19:14	--------	d-----w-	c:\program files\directx
2010-04-17 19:14 . 2010-04-17 19:14	--------	d-----w-	c:\program files\ODM
2010-04-09 05:46 . 2010-04-08 03:33	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-08 10:44 . 2010-04-08 10:44	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\stickies
2010-04-08 10:44 . 2010-04-08 10:44	--------	d-----w-	c:\program files\QuickTime
2010-04-08 04:09 . 2010-04-08 03:59	--------	d-----w-	c:\program files\Opera
2010-04-08 03:49 . 2010-04-08 03:49	--------	d-----w-	c:\program files\Realtek Sound Manager
2010-04-08 03:49 . 2010-04-08 03:49	--------	d-----w-	c:\program files\AvRack
2010-04-08 03:48 . 2010-04-08 03:46	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-04-08 03:46 . 2010-04-08 03:46	--------	d-----w-	c:\program files\D-Link
2010-04-08 03:44 . 2010-04-08 03:44	--------	d-----w-	c:\documents and settings\Fuc-Q\Application Data\ESET
2010-04-08 03:43 . 2010-04-08 03:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-04-08 03:34 . 2010-04-08 03:34	--------	d-----w-	c:\program files\microsoft frontpage
2010-04-08 03:30 . 2010-04-08 03:30	21640	----a-w-	c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-23 507904]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wguuqkbj.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alarm++.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alarm++.lnk
backup=c:\windows\pss\Alarm++.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fuc-Q^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Fuc-Q\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Fuc-Q\xkvhtj.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44	3883856	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2010-04-12 08:50	2912768	----a-w-	c:\program files\NetWorx\networx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-06-10 11:12	55296	----a-w-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-04-16 19:40	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
2007-08-01 00:55	450048	----a-w-	c:\program files\WebcamMax\wcmmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [4/14/2010 1:30 PM 38976]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/25/2010 9:39 PM 135336]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/11/2007 7:39 AM 243584]
S0 wguuqkbj;wguuqkbj;c:\windows\system32\drivers\wguuqkbj.sys [4/21/2010 10:57 PM 40128]
S4 jrhawnjdetdeiz;\??\c:\docume~;\??\c:\docume~1\Fuc-Q\LOCALS~1\Temp\hjzqyq.sys --> c:\docume~1\Fuc-Q\LOCALS~1\Temp\hjzqyq.sys [?]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Fuc-Q\Application Data\Mozilla\Firefox\Profiles\75grixob.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-chkntfs64x - c:\docume~1\Fuc-Q\LOCALS~1\Temp\chkntfs64x.exe
MSConfigStartUp-chrometa - c:\program files\Chrometa 2.0\Chrometa.exe
MSConfigStartUp-Digital Protection - c:\program files\Digital Protection\digprot.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
MSConfigStartUp-rokyp - c:\windows\system32\fulukotoor.exe
MSConfigStartUp-userini - c:\windows\system32\userini.exe
MSConfigStartUp-vegepoom - c:\windows\system32\woutoufif.exe
AddRemove-Digital Protection - c:\program files\Digital Protection\Pklkvqdii+`}`



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 10:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(764)
c:\progra~1\NetWorx\deskband.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-26  10:18:44 - machine was rebooted
ComboFix-quarantined-files.txt  2010-04-26 08:18

Pre-Run: 24,131,084,288 bytes free
Post-Run: 24,117,764,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 77F624CBC39C21DBCCA14D7F4AAE6D9A