Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 Anima6six6

Anima6six6

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 15 March 2010 - 07:56 PM

I had this pretty bad infection a few weeks ago where it was saying my anti-virus was off & I had a crap load of viruses. I ran combofix & it started to wok like normal but every so often that problem occurs again & I have to run combofix again. Well any assistance will be greatly received.

ComboFix 10-03-15.04 - Brenda 03/15/2010 19:25:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.606 [GMT -5:00]
Running from: c:\documents and settings\Brenda\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100315-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-15 23:24 . 2010-03-15 23:24 200704 --sha-w- c:\documents and settings\Brenda\Local Settings\Application Data\1974712374.dll
2010-03-15 21:48 . 2010-03-15 21:48 200704 --sha-w- c:\documents and settings\Brenda\Local Settings\Application Data\ave.exe
2010-03-15 13:19 . 2010-03-15 13:19 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-15 13:19 . 2010-03-15 13:19 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-15 13:19 . 2010-03-15 13:19 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-15 13:15 . 2010-02-26 00:22 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-15 13:15 . 2010-02-26 00:22 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-15 13:15 . 2010-02-26 00:22 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-15 13:15 . 2010-02-26 00:22 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-14 23:23 . 2010-03-14 23:23 -------- d-----w- c:\program files\XeroCreative
2010-03-14 17:08 . 2010-03-15 23:58 -------- d-----w- c:\documents and settings\Brenda\Application Data\LimeWire
2010-03-14 17:08 . 2010-03-14 17:08 -------- d-----w- c:\program files\LimeWire
2010-03-12 03:11 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-12 03:11 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-12 03:11 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-12 03:11 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-12 03:10 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-12 03:10 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-12 03:10 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-12 03:10 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-12 03:10 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-12 03:10 . 2010-03-12 03:10 -------- d-----w- c:\program files\Alwil Software
2010-03-07 14:55 . 2010-03-07 14:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-27 03:46 . 2010-02-26 00:22 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-27 03:46 . 2010-02-19 00:18 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-26 00:31 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 00:31 . 2010-02-26 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 00:23 . 2010-03-15 13:23 -------- d-----w- C:\$AVG
2010-02-26 00:22 . 2010-03-15 13:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-26 00:22 . 2010-03-15 13:18 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-26 00:22 . 2010-03-15 13:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-26 00:22 . 2010-03-15 13:18 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-26 00:22 . 2010-03-15 22:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-26 00:22 . 2010-02-26 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-25 10:20 . 2010-02-25 10:20 -------- d-----w- c:\documents and settings\Brenda\Local Settings\Application Data\Temp
2010-02-25 06:05 . 2010-02-25 06:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-02-25 06:05 . 2010-02-25 06:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-02-24 03:20 . 2010-02-24 03:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-24 03:15 . 2010-02-24 03:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-22 05:05 . 2010-03-15 22:07 0 ----a-w- c:\documents and settings\Brenda\Local Settings\Application Data\prvlcl.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 05:21 . 2009-11-29 20:08 -------- d-----w- c:\program files\JDownloader
2010-03-12 00:52 . 2009-07-23 13:01 -------- d-----w- c:\documents and settings\Brenda\Application Data\Vso
2010-03-07 22:33 . 2009-12-25 14:53 -------- d-----w- c:\program files\iTunes
2010-02-27 01:00 . 2008-09-07 03:01 -------- d-----w- c:\program files\DNA
2010-02-26 02:11 . 2009-12-25 14:52 -------- d-----w- c:\program files\QuickTime
2010-02-26 00:09 . 2008-09-07 03:01 -------- d-----w- c:\documents and settings\Brenda\Application Data\DNA
2010-02-24 23:25 . 2008-09-06 19:58 -------- d-----w- c:\program files\AVG
2010-02-24 03:14 . 2008-09-06 19:28 -------- d-----w- c:\program files\Google
2010-02-09 15:15 . 2009-11-10 00:38 79488 ----a-w- c:\documents and settings\Brenda\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-20 00:56 . 2009-12-13 22:16 -------- d-----w- c:\documents and settings\Brenda\Application Data\AVS4YOU
2010-01-19 00:25 . 2010-01-19 00:25 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-16 20:45 . 2010-01-16 20:44 -------- d-----w- c:\documents and settings\Brenda\Application Data\U3
2010-01-05 10:00 . 2008-07-22 13:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2008-07-22 13:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2008-07-22 13:17 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-14 05:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 21:51 . 2009-12-27 21:51 25214 ----a-r- c:\documents and settings\Brenda\Application Data\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_E38944F26F8D876B004311.exe
2009-12-27 21:51 . 2009-12-27 21:51 10398 ----a-r- c:\documents and settings\Brenda\Application Data\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_6FA99008F6BBB97A091E2D.exe
2009-12-27 03:03 . 2009-12-27 03:03 75304 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 18:43 . 2008-09-05 22:06 343040 ----a-w- c:\windows\system32\mspaint.exe
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\acdaemon .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Creative\Creative ZEN\ZEN Media Explorer\ctcheck .exe
c:\program files\Creative\Sync Manager Unicode\ctsyncu .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\DNA\btdna .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\LeapFrog\LeapFrog Connect\monitor .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\Philips\Intelligent Agent\philips intelligent agent     .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe
c:\windows\ime\IMJP8_1\imjpmig .exe
c:\windows\system32\dla\tfswctrl .exe
c:\windows\system32\IME\TINTLGNT\tintsetp .exe
</pre>


------- Sigcheck -------

[-] 2008-07-22 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\ry0ob082ge.dll" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Brenda\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 13:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Documents and Settings\\Brenda\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\XeroCreative\\YVD\\Utilities\\Basic IRC.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/11/2010 10:10 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/25/2010 7:22 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/25/2010 7:22 PM 242696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2010 10:10 PM 20560]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/25/2010 7:22 PM 308064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/30/2009 7:04 PM 24652]
S2 ACPService;ACPService;c:\program files\Philips\CamSuite\1.0.9.0\ACPService.exe [6/11/2008 1:28 PM 741376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 10:14 PM 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [10/21/2009 11:19 PM 29184]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/20/2008 2:54 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/20/2008 2:54 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [9/20/2008 2:53 PM 42112]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [10/2/2009 11:15 PM 88704]
S3 SPC1330;USB2.0 PC Camera (SPC1330);c:\windows\system32\drivers\spc1330.sys [10/2/2009 5:52 PM 3002112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/26/2008 9:16 AM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 03:14]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 03:14]

2010-03-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 00:12]

2010-03-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 00:12]

2010-03-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\Brenda\Application Data\Mozilla\Firefox\Profiles\izvy6704.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Brenda\Application Data\Mozilla\Firefox\Profiles\izvy6704.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Brenda\Application Data\Mozilla\Firefox\Profiles\izvy6704.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Brenda\Application Data\Mozilla\Firefox\Profiles\izvy6704.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.homepage.dontask, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 19:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-261478967-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-15 19:33:58
ComboFix-quarantined-files.txt 2010-03-16 00:33
ComboFix2.txt 2010-03-07 14:49
ComboFix3.txt 2010-02-26 00:15

Pre-Run: 14,195,687,424 bytes free
Post-Run: 14,201,896,960 bytes free

- - End Of File - - 65A02C05EDC1449AD1156EC89728B2A6


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:37 PM

Posted 19 March 2010 - 05:45 AM

Hi Anima6six6,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Please provide the logs outlined here:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:37 PM

Posted 25 March 2010 - 04:53 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users