Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Small.BOG removal


  • This topic is locked This topic is locked
1 reply to this topic

#1 yetam

yetam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 25 July 2009 - 05:49 PM

Hi, I have a trojan (or false positive idk tbh) that's letting me neither run firefox, gives me a popup message of "Please close any open windows of Firefox to start up a new app or restart comp" so i restarted didn't work. So i uninstall, delete everything mozilla/firefox related, and reinstall only to have it say the same thing.

A day later i attempt to start up itunes and AVG goes haywire saying itunes is loaded with viruses (specifically that small.bog). so i scan, remove all infected and it didn't work. did the same to itunes i did with firefox (uninstall/delete) and to install i dl'd a fresh copy of itunes from their site and go to install when avg started going haywire again so... googled this stuff and was lead to this site.

i've already ran both gooredfix and combofix and still running into problems.

results for gooredfix are:

GooredFix by jpshortstuff (12.07.09)
Log created at 14:33 on 25/07/2009 (user)
Firefox version 3.5.1 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:02 19/07/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [04:06 13/05/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [00:13 10/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:52 20/03/2009]

-=E.O.F=-





and the results for the 3rd running of combofix (didn't think to save the first two so my apologies if that hinders anything)are:

ComboFix 09-07-24.01 - user 07/25/2009 15:12.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1488 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"F:\ntdetec1.exe"
.

((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-24 23:14 . 2009-07-24 23:14 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Ironclad Games
2009-07-24 22:13 . 2009-07-24 22:13 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-07-24 22:13 . 2008-01-18 20:26 2763784 ----a-r- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
2009-07-24 21:56 . 2009-07-24 21:56 -------- d-----w- c:\program files\Stardock Games
2009-07-24 21:46 . 2009-07-24 21:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Stardock
2009-07-19 20:06 . 2009-07-19 20:12 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2009-07-19 20:04 . 2009-07-19 20:05 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Deployment
2009-07-19 19:49 . 2009-06-27 20:26 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-19 19:49 . 2009-06-27 20:26 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-19 19:49 . 2009-06-27 20:26 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-19 19:49 . 2009-06-27 20:26 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-19 19:49 . 2009-06-27 20:26 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-19 19:49 . 2009-06-27 20:26 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-19 19:49 . 2009-06-27 20:26 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-19 19:49 . 2009-06-27 20:26 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-19 19:49 . 2009-06-27 20:26 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-19 19:49 . 2009-06-27 20:26 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-19 19:49 . 2009-06-27 20:26 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-19 19:44 . 2009-06-27 20:22 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-19 19:44 . 2009-06-27 20:22 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 22:05 . 2009-03-19 22:31 -------- d-----w- c:\documents and settings\user\Application Data\DNA
2009-07-25 21:15 . 2009-03-19 22:31 -------- d-----w- c:\program files\DNA
2009-07-25 21:11 . 2009-02-11 01:21 -------- d-----w- c:\program files\iPod
2009-07-25 01:30 . 2007-07-18 08:45 -------- d-----w- c:\program files\Common Files\Apple
2009-07-24 23:21 . 2009-03-19 22:53 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2009-07-24 22:10 . 2009-03-19 23:20 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2009-07-21 06:24 . 2009-04-27 04:38 -------- d-----w- c:\program files\Diablo II
2009-07-19 19:58 . 2006-07-03 05:24 -------- d-----w- c:\program files\WinXMedia
2009-07-19 19:57 . 2009-03-20 04:39 -------- d-----w- c:\program files\HTML Builder
2009-07-19 19:48 . 2008-11-27 17:48 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 20:26 . 2008-11-27 17:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 20:26 . 2008-11-27 17:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 21:24 . 2008-06-01 09:49 -------- d-----w- c:\program files\World of Warcraft
2009-06-24 02:37 . 2009-06-24 02:36 -------- d-----w- c:\program files\SWiSH Max2
2009-06-20 00:23 . 2006-06-28 23:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-19 02:50 . 2009-05-22 09:37 -------- d-----w- c:\program files\Google
2009-06-16 14:36 . 2004-08-04 07:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 23:37 . 2009-04-08 12:35 -------- d-----w- c:\program files\QuickTime
2009-06-14 21:54 . 2008-11-27 00:28 -------- d-----w- c:\program files\AIM6
2009-06-14 21:54 . 2006-06-27 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-14 21:51 . 2007-01-20 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-10 00:13 . 2006-07-18 23:30 -------- d-----w- c:\program files\Java
2009-06-10 00:12 . 2009-06-10 00:12 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 21:27 . 2006-07-03 05:25 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss
2009-06-07 03:03 . 2009-06-07 03:03 -------- d-----w- c:\program files\Grandmaster Chess Tournament
2009-06-05 10:28 . 2009-03-24 05:42 2004 ----a-w- c:\windows\Registration\e10f24f0-652e-11dd-ad8b-0800200c9a66.dll
2009-06-05 10:18 . 2009-06-05 10:18 -------- d-----w- c:\documents and settings\user\Application Data\Nik Software
2009-06-03 19:09 . 2004-08-04 07:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 04:25 . 2009-06-01 04:24 -------- d-----w- c:\program files\InterActual
2009-05-27 23:16 . 2006-12-07 03:45 -------- d-----w- c:\documents and settings\user\Application Data\Vso
2009-05-27 08:32 . 2009-05-27 08:32 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-27 08:32 . 2009-05-27 08:32 47360 ----a-w- c:\documents and settings\user\Application Data\pcouffin.sys
2009-05-27 08:32 . 2009-05-27 08:32 47360 ----a-w- c:\documents and settings\user\Application Data\pcouffin.sys
2009-05-27 08:31 . 2009-05-27 08:31 -------- d-----w- c:\program files\VSO
2009-05-21 18:33 . 2009-03-20 04:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 08:36 . 2009-06-14 21:51 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 08:36 . 2009-06-14 21:51 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 08:36 . 2009-06-14 21:51 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-06-14 21:51 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-06-14 21:51 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-06-14 21:51 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-06-14 21:51 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 08:36 . 2009-06-14 21:51 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-13 04:04 . 2009-05-13 04:04 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-09 21:29 . 2008-11-27 17:48 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 07:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 08:43 . 2009-04-27 04:44 36815 ----a-w- c:\windows\DIIUnin.dat
2009-05-03 08:41 . 2009-04-27 04:47 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-03 08:41 . 2009-04-27 04:47 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-03 08:41 . 2009-04-27 04:47 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-05-03 06:52 . 2009-05-03 06:52 249856 ------w- c:\windows\Setup1.exe
2009-05-03 06:52 . 2009-05-03 06:52 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-29 04:56 . 2004-08-04 07:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 04:44 . 2009-04-27 04:44 94208 ----a-w- c:\windows\DIIUnin.exe
2009-04-27 04:44 . 2009-04-27 04:44 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-27 03:05 . 2009-04-27 03:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2006-11-13 11:37 . 2006-11-13 11:37 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-15 20:30 . 2009-07-19 20:02 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-10 01:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-19 321344]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-04-13 365568]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-09 339968]
"snpstd"="c:\windows\vsnpstd.exe" [2004-01-01 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-27 1948440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-07 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

c:\documents and settings\Leola\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 20:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"34222:TCP"= 34222:TCP:66.27.104.19

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/27/2008 10:48 AM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/27/2008 10:48 AM 108552]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [4/25/2009 9:37 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [4/25/2009 9:37 PM 234888]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/27/2008 10:59 AM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/27/2008 10:59 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/26/2008 10:50 PM 24652]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [4/13/2009 9:51 AM 107520]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [9/9/2006 12:01 PM 198528]
.
Contents of the 'Scheduled Tasks' folder

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1381593177-414337625-1344367335-1004Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-19 20:05]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1381593177-414337625-1344367335-1004UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-19 20:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 15:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1381593177-414337625-1344367335-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(200)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-07-25 15:17
ComboFix-quarantined-files.txt 2009-07-25 22:16
ComboFix2.txt 2009-07-25 22:05

Pre-Run: 11,630,714,880 bytes free
Post-Run: 11,603,877,888 bytes free

270 --- E O F --- 2009-07-19 05:21

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 25 July 2009 - 05:52 PM

Hello yetam,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users