just ran combo fix has the problem gone now???
ComboFix 09-08-09.04 - Craig 10/08/2009 13:19.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.670 [GMT 1:00]
Running from: c:\documents and settings\Craig\My Documents\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ALLUSE~1\STARTM~1\Programs\PC Camer@
c:\docume~1\ALLUSE~1\STARTM~1\Programs\PC Camer@ \Amcap.lnk
c:\docume~1\ALLUSE~1\STARTM~1\Programs\PC Camer@ \Uninstall.lnk
c:\documents and settings\Craig\Application Data\ultra
c:\documents and settings\Craig\Application Data\ultra\uninstall.bat
c:\windows\braviax.exe
c:\windows\cookies.ini
c:\windows\kb913800.exe
c:\windows\run.log
c:\windows\system32\drivers\UACpjbmqppptx.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\UACbqoimmohul.db
c:\windows\system32\UACduxgjrnnah.dll
c:\windows\system32\UACejyabbibrq.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjkvxdlmpkh.dat
c:\windows\system32\UACqbtftwrmfj.dll
c:\windows\system32\UACsdxxvkpxgf.dll
c:\windows\system32\UACtymetlcqrr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-09 14:28 . 2009-08-09 14:28 -------- d-----w- c:\documents and settings\PAMMY\Local Settings\Application Data\LogMeIn
2009-08-09 13:56 . 2009-08-09 13:50 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-09 13:49 . 2009-08-09 23:50 -------- d-----w- c:\documents and settings\Craig\.housecall6.6
2009-08-09 13:44 . 2009-08-09 13:44 -------- d-----w- c:\documents and settings\Craig\Local Settings\Application Data\LogMeIn
2009-08-09 13:44 . 2009-08-09 13:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\LogMeIn
2009-08-09 13:44 . 2008-10-16 19:35 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-08-09 13:44 . 2008-10-16 19:35 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-08-09 13:44 . 2008-07-24 17:46 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-08-09 13:43 . 2008-10-16 19:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-08-09 13:42 . 2009-08-10 08:20 -------- d-----w- c:\program files\LogMeIn
2009-08-09 13:26 . 2009-08-09 13:26 6881824 ----a-w- C:\SUPERAntiSpyware.exe
2009-08-09 13:25 . 2009-08-09 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-09 13:21 . 2009-08-09 13:22 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-08-09 13:21 . 2009-08-09 13:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-09 13:08 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 13:08 . 2009-08-09 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 13:08 . 2009-08-09 13:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-09 13:08 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 13:03 . 2009-08-09 13:03 3942048 ----a-w- C:\ccwygkvw.exe
2009-08-08 19:39 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-08 19:39 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-08 19:39 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-08 19:39 . 2009-08-09 13:11 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-08 19:39 . 2009-08-08 19:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-08 19:39 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-08 19:39 . 2009-08-08 19:41 -------- d-----w- c:\program files\Spyware Doctor
2009-08-08 19:39 . 2009-08-08 19:39 -------- d-----w- c:\documents and settings\Craig\Application Data\PC Tools
2009-08-08 19:39 . 2009-08-08 19:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools
2009-08-08 18:06 . 2009-08-08 18:06 -------- d-----w- c:\documents and settings\PAMMY\Local Settings\Application Data\ESET
2009-08-08 17:35 . 2009-08-08 17:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-08 17:35 . 2009-08-08 17:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-08 17:35 . 2009-08-08 17:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-08 17:30 . 2009-08-08 17:30 70656 ----a-w- c:\windows\system32\drivers\qhwhxvribapxxbvt.sys
2009-08-07 12:16 . 2009-08-07 12:17 -------- d-----w- C:\6f4ef615ce62ba57dbb4fcf5aea27450
2009-08-07 12:16 . 2009-08-07 15:36 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 20:46 . 2007-02-09 16:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-09 19:38 . 2007-02-09 16:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-09 14:31 . 2008-05-10 15:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-09 14:31 . 2007-04-14 19:01 -------- d-----w- c:\program files\Lavasoft
2009-08-09 13:33 . 2006-02-28 17:42 -------- d-----w- c:\program files\Google
2009-08-08 18:37 . 2006-01-17 14:35 -------- d-----w- c:\program files\Real
2009-08-08 18:37 . 2006-01-17 14:35 -------- d-----w- c:\program files\Common Files\Real
2009-08-07 16:14 . 2006-07-11 18:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-07 15:37 . 2006-12-02 13:43 76976 -c--a-w- c:\documents and settings\Craig\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-01 14:50 . 2007-11-08 19:03 -------- d-----w- c:\documents and settings\Craig\Application Data\LimeWire
2009-07-20 15:12 . 2008-12-27 17:46 304160 ----a-w- C:\PA207.DAT
2009-07-10 06:03 . 2008-04-17 15:55 -------- d-----w- c:\program files\Nokia
2009-07-10 06:03 . 2009-01-09 15:42 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-03 17:09 . 2005-08-16 04:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2005-08-16 04:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 04:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2005-08-16 04:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 14:49 . 2007-11-14 15:06 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 14:47 . 2009-05-14 14:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 14:41 . 2007-11-14 15:03 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2007-01-30 08:35 . 2007-01-30 08:35 565248 --sha-w- c:\program files\ehthumbs.db
2006-08-18 17:20 . 2006-08-18 17:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-07-16 05:41 . 2006-01-17 14:42 41573 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 05:41 . 2006-01-17 14:42 48223 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 05:41 . 2006-01-17 14:42 160871 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-02-03 12:41 . 2006-01-25 15:20 104 -csh--r- c:\windows\system32\15B749A6AF.sys
2007-02-03 12:41 . 2006-01-21 10:13 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=c:\windows\pss\Digimax Viewer 2.1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [08/08/2009 20:39 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/11/2007 16:06 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [09/08/2009 14:44 47640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9889a6091d662;Google Update Service (gupdate1c9889a6091d662);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2009 21:34 133104]
S2 oeesllaael9a5;Print Spooler Service;c:\windows\system32\wysvtxn.exe /service --> c:\windows\system32\wysvtxn.exe [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [27/12/2008 18:18 618112]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
HKCU-Run-AV Care - c:\program files\AV Care\AVCare.exe
HKCU-Run-Monopod - c:\docume~1\Craig\LOCALS~1\Temp\b.exe
HKCU-Run-braviax - c:\windows\system32\braviax.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxIE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\Craig\APPLIC~1\Mozilla\Firefox\Profiles\38mypfpe.default\
FF - prefs.js: browser.search.selectedEngine - Google
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-10 13:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Completion time: 2009-08-10 13:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 12:39
Pre-Run: 128,273,838,080 bytes free
Post-Run: 129,184,571,392 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4
298 --- E O F --- 2009-08-09 12:19