serious firefox problems - Page 2

**Cookiegal** · 23-Apr-2009, 09:18 PM **#16**

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

buginson · 24-Apr-2009, 01:29 PM **#17**

Right....... Here we go.... Here is the log I got from ComboFix. It picked up two files which it asked me to write down and some other bits later.

ComboFix 09-04-24.01 - Matthew 24/04/2009 17:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.627 [GMT 1:00]
Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matthew\Application Data\inst.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\drivers\gxvxcosrumltpixrjbivamixfmuiqjlktetoy.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcmaknempqjotptwbrqhmabrntymysmlya.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys

((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-23 19:56 . 2009-04-23 19:56 -------- d-----w c:\windows\system32\en
2009-04-23 19:56 . 2009-04-23 19:56 -------- d-----w c:\windows\system32\bits
2009-04-23 19:54 . 2009-04-23 20:00 -------- d-----w c:\program files\RegistryFix
2009-04-23 19:53 . 2009-04-23 19:57 -------- d-----w c:\windows\ServicePackFiles
2009-04-23 19:46 . 2009-04-23 19:46 -------- d-----w c:\windows\EHome
2009-04-23 10:41 . 2009-04-23 20:04 2675 ----a-w c:\windows\imsins.BAK
2009-04-22 22:15 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-22 22:15 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-22 22:15 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-22 19:56 . 2009-04-24 11:36 -------- d--h--w C:\$AVG8.VAULT$
2009-04-22 19:35 . 2009-04-22 19:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 19:35 . 2009-04-22 19:35 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 19:35 . 2009-04-22 19:35 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 19:35 . 2009-04-24 07:29 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 19:35 . 2009-04-23 19:27 -------- d-----w c:\documents and settings\Matthew\Application Data\AVGTOOLBAR
2009-04-22 19:35 . 2009-04-22 19:42 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-22 19:35 . 2009-04-22 19:35 -------- d-----w c:\program files\AVG
2009-04-22 19:34 . 2009-04-22 19:33 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-22 19:34 . 2009-04-22 19:33 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-22 18:16 . 2009-04-22 18:16 -------- d-----w c:\program files\Common Files\Scanner
2009-04-22 18:03 . 2009-04-22 18:03 -------- d-----w c:\documents and settings\Matthew\Local Settings\Application Data\Opera
2009-04-22 17:12 . 2009-04-22 17:12 -------- d-----w c:\documents and settings\Matthew\Application Data\Nero
2009-04-22 17:12 . 2009-04-22 17:12 -------- d-----w c:\documents and settings\Matthew\Local Settings\Application Data\Xenocode
2009-04-20 22:01 . 2009-04-20 22:01 -------- d-----w c:\documents and settings\Matthew\Application Data\Canneverbe_Limited
2009-04-20 21:58 . 2009-04-20 21:58 -------- d-----w c:\documents and settings\Matthew\Local Settings\Application Data\CDBurnerXP_Soft
2009-04-20 21:34 . 2009-04-20 21:42 -------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-04-20 21:34 . 2009-04-22 17:52 -------- d-----w c:\documents and settings\Matthew\Application Data\Vso
2009-04-20 21:34 . 2009-04-22 17:52 47360 ----a-w c:\documents and settings\Matthew\Application Data\pcouffin.sys
2009-04-20 21:34 . 2009-04-20 21:34 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-20 21:34 . 2009-04-20 21:34 -------- d-----w c:\program files\LG Software Innovations
2009-04-15 22:31 . 2009-04-15 22:31 -------- d-----w c:\documents and settings\Valerie.INSPIRON1300\Local Settings\Application Data\Apple Computer
2009-04-12 15:05 . 2009-04-12 15:05 -------- d-----w c:\documents and settings\Matthew\Local Settings\Application Data\WMTools Downloaded Files
2009-04-12 14:42 . 2009-04-12 14:42 -------- d-----w c:\documents and settings\Matthew\Local Settings\Application Data\Ares
2009-04-12 14:26 . 2009-04-12 14:26 -------- d-----w c:\windows\system32\custom matrices
2009-04-12 14:26 . 2009-04-12 14:27 -------- d-----w c:\windows\system32\C2MP
2009-04-12 14:26 . 2009-04-12 14:26 -------- d-----w c:\windows\system32\QuickTime
2009-04-11 12:42 . 2009-02-24 19:35 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-11 12:42 . 2009-02-24 19:35 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-11 12:42 . 2009-02-24 19:35 129784 ------w c:\windows\system32\pxafs.dll
2009-04-11 12:41 . 2009-04-11 12:41 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-10 10:02 . 2009-04-10 10:02 -------- d-----w c:\documents and settings\Valerie.INSPIRON1300\Local Settings\Application Data\SupportSoft
2009-04-10 09:00 . 2009-04-10 09:00 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-09 18:30 . 2009-04-09 18:30 -------- d-----w c:\program files\Lame for Audacity
2009-04-09 18:30 . 2009-04-09 18:30 -------- d-----w c:\program files\Audacity
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-09 15:24 . 2009-04-09 15:24 -------- d-----w c:\program files\YouTube Downloader 3000
2009-04-09 15:21 . 2008-04-13 23:12 73796 ------w c:\windows\system32\slserv.exe
2009-04-09 15:20 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-04-09 14:58 . 2008-10-16 13:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-09 14:58 . 2008-10-16 13:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-09 14:58 . 2008-10-16 13:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-09 11:28 . 2009-04-09 11:28 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-09 10:44 . 2009-04-09 10:44 -------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2009-04-09 10:43 . 2009-04-09 10:44 -------- d-----w c:\program files\TalkTalk
2009-04-09 10:43 . 2009-04-09 10:44 750 ----a-w c:\windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-04-09 10:43 . 2009-04-09 10:43 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\documents and settings\Matthew\Local Settings\Application Data\SupportSoft
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\program files\Common Files\SupportSoft
2009-04-06 19:02 . 2009-04-06 19:02 1055 ----a-w c:\windows\_ISENV31.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 16:11 . 2008-12-21 18:39 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-24 16:00 . 2008-02-20 20:35 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-24 02:09 . 2008-02-20 20:35 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-23 20:05 . 2007-01-03 23:19 96384 ----a-w c:\windows\system32\drivers\sptd2461.sys
2009-04-23 19:47 . 2006-02-20 17:50 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 19:25 . 2007-01-03 23:22 -------- d-----w c:\program files\Google
2009-04-22 19:44 . 2008-12-21 17:22 -------- d-----w c:\program files\ESET
2009-04-22 19:33 . 2006-02-20 17:46 -------- d-----w c:\program files\Java
2009-04-22 18:03 . 2008-03-30 21:06 -------- d-----w c:\program files\Opera
2009-04-20 21:59 . 2008-03-30 20:57 -------- d-----w c:\program files\CDBurnerXP
2009-04-14 15:56 . 2006-09-18 13:29 -------- d-----w c:\program files\CCleaner
2009-04-12 12:01 . 2008-12-21 18:39 -------- d-----w c:\program files\PC Tools Firewall Plus
2009-04-11 12:42 . 2006-10-24 00:11 -------- d-----w c:\program files\DivX
2009-04-11 12:28 . 2008-06-19 18:22 -------- d-----w c:\program files\WinUAE
2009-04-11 10:46 . 2008-12-21 18:40 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-11 10:46 . 2008-12-21 18:40 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-11 10:46 . 2008-12-21 18:39 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-04-09 16:16 . 2008-11-15 11:11 -------- d-----w c:\program files\Celestia
2009-04-08 17:25 . 2006-11-21 20:38 -------- d-----w c:\program files\Sony Ericsson
2009-04-08 17:24 . 2007-12-31 15:10 -------- d-----w c:\documents and settings\Matthew\Application Data\Sony
2009-04-08 17:22 . 2008-07-25 16:50 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-08 17:22 . 2008-07-25 16:49 -------- d-----w c:\program files\DVDVideoSoft
2009-04-08 17:08 . 2008-12-06 10:48 -------- d-----w c:\program files\Retriever
2009-04-08 17:07 . 2008-09-06 17:15 -------- d-----w c:\program files\GSC Game World
2009-04-08 17:04 . 2008-02-21 20:57 -------- d-----w c:\program files\Nokia
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-06 14:22 . 2009-04-22 22:16 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-03-06 14:22 . 2004-08-10 12:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 23:04 . 2008-06-26 08:15 1499136 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-02-24 19:35 . 2006-02-22 11:15 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2006-02-22 11:15 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:35 . 2005-04-25 02:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-22 17:57 . 2009-02-22 17:57 4421889 ----a-w c:\windows\system32\libavcodec.dll
2009-02-20 08:11 . 2008-04-21 06:44 3068416 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 08:10 . 2008-06-26 08:15 619520 ------w c:\windows\system32\dllcache\urlmon.dll
2009-02-20 08:10 . 2008-04-21 06:44 666112 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-20 08:10 . 2004-08-10 12:51 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2009-02-20 08:10 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-02-20 08:10 . 2004-08-10 12:51 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 13:57 . 2009-02-18 13:57 557451 ----a-w c:\windows\system32\libmplayer.dll
2009-02-16 17:19 . 2009-02-16 17:19 790190 ----a-w c:\windows\system32\xvidcore.dll
2009-02-16 16:32 . 2009-02-16 16:32 425040 ----a-w c:\windows\system32\TomsMoComp_ff.dll
2009-02-16 16:30 . 2009-02-16 16:30 903703 ----a-w c:\windows\system32\ff_x264.dll
2009-02-16 16:23 . 2009-02-16 16:23 145081 ----a-w c:\windows\system32\libmpeg2_ff.dll
2009-02-16 14:49 . 2009-02-16 14:49 328334 ----a-w c:\windows\system32\ff_kernelDeint.dll
2009-02-14 15:15 . 2009-02-14 15:15 486400 ----a-w c:\windows\system32\ff_libfaad2.dll
2009-02-09 22:28 . 2009-02-09 22:28 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-02-09 20:19 . 2009-02-09 20:19 183296 ----a-w c:\windows\system32\ff_samplerate.dll
2009-02-09 20:19 . 2009-02-09 20:19 178688 ----a-w c:\windows\system32\ff_libmad.dll
2009-02-09 20:18 . 2009-02-09 20:18 113152 ----a-w c:\windows\system32\ff_unrar.dll
2009-02-09 20:18 . 2009-02-09 20:18 146944 ----a-w c:\windows\system32\ff_tremor.dll
2009-02-09 20:18 . 2009-02-09 20:18 257024 ----a-w c:\windows\system32\ff_libdts.dll
2009-02-09 20:18 . 2009-02-09 20:18 142848 ----a-w c:\windows\system32\ff_liba52.dll
2009-02-09 19:56 . 2009-02-09 19:56 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 12:10 . 2009-04-22 22:16 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 12:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-04-22 22:16 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 12:10 . 2009-04-22 22:16 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:10 . 2009-04-22 22:16 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 12:10 . 2009-04-22 22:16 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:10 . 2009-04-22 22:16 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:10 . 2004-08-10 12:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 12:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 12:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-11-13 21:41 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 12:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2009-02-07 18:02 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 18:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2009-04-22 22:16 110592 ------w c:\windows\system32\dllcache\services.exe
2009-02-06 11:11 . 2004-08-10 12:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-04-22 22:16 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 12:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2009-04-22 22:16 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2009-04-22 22:16 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:39 . 2004-08-10 12:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-04-22 22:16 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:10 . 2009-04-22 22:16 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 12:51 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-15 11:04 . 2008-04-18 20:44 67064 ----a-w c:\documents and settings\Valerie.INSPIRON1300\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-09-06 18:11 . 2006-02-22 11:32 67064 ----a-w c:\documents and settings\Matthew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-25 20:00 . 2006-03-25 20:00 143 ----a-w c:\documents and settings\Valerie.INSPIRON1300\Local Settings\Application Data\fusioncache.dat
2006-02-22 11:32 . 2006-02-22 11:32 130 ----a-w c:\documents and settings\Matthew\Local Settings\Application Data\fusioncache.dat
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\opera\program\plugins\ssldivx.dll
2008-11-08 18:39 . 2008-11-08 18:39 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110820081109\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-09 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 148888]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-04-11 2652056]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-22 1932568]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-09-09 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-22 19:35 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-11-30 13352]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2006-12-14 377344]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2006-12-14 15104]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-22 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-22 108552]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-11 159600]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-22 298264]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-04-11 73840]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-04-11 95640]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk/
mStart Page = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1zear0ak.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 17:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-24 17:19
ComboFix-quarantined-files.txt 2009-04-24 16:19

Pre-Run: 13,181,227,008 bytes free
Post-Run: 13,248,724,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

265 --- E O F --- 2009-04-24 02:03

Am i free of this horrid attack yet?

Thank you so much!

buginson · 24-Apr-2009, 01:30 PM **#18**

please note i did shutdown the antivirus but it still came up that it was running?!?!

**Cookiegal** · 25-Apr-2009, 03:29 PM **#19**

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Tag Cloud
access acer asus bios bsod computer crash desktop dns driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!