Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Me Too!

Started by delightP , Aug 08 2009 01:52 AM

  • Please log in to reply

#1
delightP
Posted 08 August 2009 - 01:52 AM

delightP

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

This is my Combo-fix log:It looks clear to me, but I have highlighted the paths that looks 'suspect'due to their small size. Please check and advise what needs deleting and the next steps.

Thanking you in advance.


ComboFix 09-08-07.07 - user 08/08/2009 3:17.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1534.1074 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\sblog.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-08 00:10 . 2009-08-08 00:10 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-08-08 00:10 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 00:10 . 2009-08-08 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 00:10 . 2009-08-08 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-08 00:10 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 14:52 . 2009-08-05 14:52 47248 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-05 13:43 . 2009-08-05 13:44 -------- d-----w- c:\program files\Safari
2009-08-04 20:31 . 2009-08-04 20:31 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2009-08-01 08:11 . 2009-08-01 08:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-01 08:10 . 2009-08-01 08:10 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-08-01 02:17 . 2009-08-01 02:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-31 22:21 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-31 22:21 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-31 22:21 . 2009-07-31 22:21 -------- d-----w- c:\windows\ie8updates
2009-07-31 22:21 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-31 22:19 . 2009-07-31 22:20 -------- dc-h--w- c:\windows\ie8
2009-07-25 23:16 . 2009-07-25 23:18 -------- d--h--w- C:\winnt_
2009-07-21 05:30 . 2009-07-21 05:30 34304 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{AEEB3643-71DE-414d-9E3F-1159177FE211}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
2009-07-19 02:00 . 2009-07-19 02:00 -------- d-----w- C:\aa6d33163e12d09b7e009c
2009-07-15 23:24 . 2009-07-18 13:32 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent
2009-07-15 23:23 . 2009-07-15 23:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\QuickPlay
2009-07-15 23:23 . 2009-07-15 23:23 -------- d-----w- c:\documents and settings\Admin\Application Data\HP
2009-07-15 23:22 . 2009-07-15 23:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\DNA
2009-07-15 23:21 . 2009-07-21 05:15 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA
2009-07-15 23:21 . 2009-07-15 23:22 -------- d-----w- c:\program files\BitTorrent
2009-07-11 10:53 . 2009-07-11 10:53 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Apple
2009-07-09 06:11 . 2009-07-09 06:11 193913 ----a-w- c:\windows\CFA Level 1 2007 Uninstaller.exe
2009-07-09 06:11 . 2009-07-09 06:11 -------- d-----w- c:\program files\CFA Level 1 2007

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 02:13 . 2008-10-15 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-07 23:35 . 2008-03-20 20:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-07 21:14 . 2006-04-21 14:07 -------- d-----w- c:\program files\Google
2009-08-07 09:42 . 2009-06-27 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-08-07 09:42 . 2009-06-27 09:52 -------- d-----w- c:\program files\SlySoft
2009-08-06 05:31 . 2008-02-28 13:07 7760 ----a-w- c:\documents and settings\user\Application Data\wklnhst.dat
2009-07-15 22:32 . 2008-10-20 07:05 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2009-07-11 14:56 . 2008-07-12 23:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-11 13:04 . 2009-07-03 02:19 280 ----a-w- c:\documents and settings\Admin\Application Data\wklnhst.dat
2009-07-08 06:22 . 2009-07-08 06:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-08 05:15 . 2009-07-08 05:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-08 05:13 . 2009-07-08 05:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-08 05:03 . 2009-07-01 04:34 -------- d-----w- c:\documents and settings\Admin\Application Data\Apple Computer
2009-07-06 00:09 . 2009-07-06 00:01 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2009-07-06 00:09 . 2006-04-21 14:22 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-05 23:22 . 2009-07-05 22:53 -------- d-----w- c:\program files\Common Files\Nero
2009-07-05 23:12 . 2009-07-05 22:53 -------- d-----w- c:\program files\Nero
2009-07-05 23:11 . 2009-07-05 23:11 -------- d-----w- c:\program files\Windows Sidebar
2009-07-05 22:59 . 2009-07-05 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-03 17:09 . 2006-03-16 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 02:19 . 2009-07-03 02:19 -------- d-----w- c:\documents and settings\Admin\Application Data\Template
2009-07-01 05:23 . 2009-07-01 05:23 -------- d-----w- c:\documents and settings\Admin\Application Data\AdobeUM
2009-07-01 03:49 . 2006-04-21 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 22:41 . 2009-06-29 22:41 -------- d-----w- c:\program files\Schweser2009
2009-06-28 21:10 . 2009-06-27 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-28 20:42 . 2009-06-28 20:37 -------- d-----w- c:\program files\nrg2iso
2009-06-27 12:09 . 2009-06-27 12:06 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-27 12:09 . 2009-06-27 12:09 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys
2009-06-27 12:09 . 2009-06-09 21:00 -------- d-----w- c:\documents and settings\user\Application Data\NCH Swift Sound
2009-06-27 10:58 . 2009-06-27 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-06-27 10:58 . 2009-06-09 21:00 -------- d-----w- c:\program files\NCH Software
2009-06-27 08:31 . 2009-06-27 08:31 -------- d-----w- c:\program files\Elaborate Bytes
2009-06-26 06:07 . 2009-06-26 06:07 -------- d-----w- c:\documents and settings\user\Application Data\Sonic
2009-06-16 14:36 . 2005-10-18 12:14 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2005-10-18 12:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 08:08 . 2009-06-16 08:08 390664 ----a-w- c:\documents and settings\user\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-13 17:48 . 2009-06-13 17:48 -------- d-----w- c:\program files\Gabest
2009-06-09 21:14 . 2006-04-21 13:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-07 06:58 . 2009-06-07 06:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 19:09 . 2005-08-30 19:13 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 12:36 . 2009-05-17 14:09 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 12:36 . 2008-10-20 07:03 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 12:16 . 2009-05-25 12:16 134312 ----a-w- c:\windows\system32\ElbyVCD.dll
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-22 23:08 . 2009-05-22 23:08 29696 ----a-w- c:\windows\system32\drivers\VClone.sys
2008-05-01 20:54 . 2008-05-01 20:54 251 ----a-w- c:\program files\wt3d.ini
2008-03-14 21:27 . 2008-03-14 21:24 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-03-13 19:10 . 2008-03-13 06:41 29657696 ----a-w- c:\program files\camtasiaf.exe
2008-03-12 20:06 . 2008-03-12 20:06 1766 ----a-w- c:\program files\Hedge_Funds___Transparency_and_Conflicts_of_Interest.ics
2008-03-12 20:05 . 2008-03-12 20:05 1006 ----a-w- c:\program files\CFA_UK_Annual_Conference.ics
2008-03-08 21:02 . 2008-03-08 21:02 5829600 ----a-w- c:\program files\Firefox Setup 2.0.0.12.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-02-19 100056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-08 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-23 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - user.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-30 12:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-RunOnce-Uninstall Adobe Download Manager - c:\docume~1\user\LOCALS~1\Temp\nos_uninstall_Adobe.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
Trusted Zone: google.co.uk\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\uy82jxp3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 03:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ???([email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-08 3:29
ComboFix-quarantined-files.txt 2009-08-08 02:29

Pre-Run: 5,774,389,248 bytes free
Post-Run: 10,697,285,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

265 --- E O F --- 2009-07-31 22:22

Edited by delightP, 08 August 2009 - 02:07 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP