Fake Antivirus pop up

**Friggan** · 2009-08-17, 16:34

When I run Malware Byte's anti malware I receive the error "Run-time error 5, invalid proceedure call or argument"

**Friggan** · 2009-08-17, 16:50

Limewire is gone, our son seemed to have installed that without permission, I have removed the adobe reader and installed the fox reader, also updated the Java as detailed.

Things seem to be going much smoother, my wife's original wallpaper is back as it was before which really made her happy.

I wanted to say thank you for all of your assistance, you have really made a huge difference and I really appreciate it! My wife has learned a lot also, now she understands how much work one wrong click can make.

Please let me know if I need to do something for the one app that did not run, but things are so much better now, again thank you so much.

**katana** · 2009-08-17, 17:55

----------------------------------------------------------------------------------------
Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

Driver::
0005c497.sys
006dc4ff.sys
00b5bd3f.sys
00c8bd52.sys
00d3c565.sys
016dbdf7.sys
029266be.sys
030ec7a0.sys
0366c7f8.sys
03b0c842.sys
0427c0b1.sys
053ec1c7.sys
058e227e.sys
0629c2b2.sys
06f66b22.sys
06fdc387.sys
0761cbf3.sys
07a6c430.sys
0908c591.sys
0a05c68f.sys
0a13cea5.sys
0af35dfd.sys
0b2ecfc0.sys
0c6fc8f9.sys
0c86c90f.sys
0c8ad11c.sys
0cf57121.sys
0d577183.sys
0d8d71b9.sys
0e32cabb.sys
0e77d309.sys
0e98cb22.sys
0ebbcb45.sys
0f25cbaf.sys
0fe8cc72.sys
1004cc8d.sys
1124d5b6.sys
11a1ce2b.sys
11e2d674.sys
13a5d02e.sys
1428d8ba.sys
147d78aa.sys
1552d9e5.sys
15cfd258.sys
16b2d33c.sys
17db7c07.sys
180dd497.sys
182dd4b6.sys
18391c00.sys
189ed528.sys
19b87de4.sys
1a77df09.sys
1a8cd715.sys
1a93df25.sys
1b587f84.sys
1e3e826a.sys
1e88db11.sys
1f7a83a6.sys
2028dcb2.sys
212d855a.sys
2257e6e9.sys
229edf28.sys
22d5df5e.sys
22f5e787.sys
2425e0af.sys
262deac0.sys
269ceb2e.sys
27b4e43e.sys
28388c64.sys
28afe538.sys
290feda1.sys
29f2e67b.sys
2a0fe699.sys
2b85f017.sys
2c60f0f2.sys
2dbbea44.sys
2e00f292.sys
2e19f2ab.sys
2ee2eb6c.sys
2f9aec24.sys
31559581.sys
31f0f682.sys
324feed9.sys
33449771.sys
3361efea.sys
3369f7fb.sys
33aff039.sys
3471f0fa.sys
3485f10e.sys
35d3f25d.sys
35f1f27b.sys
3736f3c0.sys
3785f40e.sys
37d6f45f.sys
3808f491.sys
3877fd09.sys
38d0f559.sys
3904f58d.sys
391ef5a8.sys
39c9f653.sys
3ad2ff64.sys
3b2fffc1.sys
3bdbf865.sys
3be6a013.sys
3e2102b4.sys
3fc9a3f5.sys
4015a442.sys
4086fd10.sys
424fa67c.sys
4329ffb2.sys
43d70062.sys
43fa0085.sys
446900f3.sys
46b60b49.sys
485a04e5.sys
48f50d88.sys
494a05d5.sys
49cb0e5e.sys
4be8b014.sys
4bea107d.sys
4cd41167.sys
4e1d12b0.sys
4e801313.sys
4f6213f5.sys
507eb4aa.sys
50d60d60.sys
51310dbb.sys
51741607.sys
5208169b.sys
52d80f63.sys
52e70f72.sys
540cb838.sys
545218e6.sys
545f18f2.sys
554411cf.sys
577313fe.sys
580b1c9e.sys
58eb1d7e.sys
58f8bd24.sys
5ac61750.sys
5b211fb4.sys
5b44bf70.sys
5dcd2260.sys
5e1f1aa9.sys
5e44c271.sys
5eff1b8a.sys
61481dd3.sys
61dc266f.sys
61f42687.sys
62931f1e.sys
631327a6.sys
635427e7.sys
63b0c7dc.sys
63df2872.sys
64862919.sys
65772a0a.sys
6643ca6f.sys
6687cab3.sys
66e52370.sys
6701238c.sys
675a23e5.sys
67742c07.sys
67d12c64.sys
68ea2574.sys
691825a3.sys
695a25e5.sys
69a92634.sys
6b5a27e5.sys
6c4830db.sys
6c4a30dd.sys
6cad2937.sys
6d6729f1.sys
6e6a2af5.sys
6e8b2b16.sys
6f0e33a1.sys
6f4d33e0.sys
70ef3582.sys
71f7368b.sys
72723705.sys
73052f90.sys
732437b7.sys
7360d78d.sys
73a63839.sys
74b03943.sys
75d53260.sys
761932a4.sys
76243ab7.sys
762b3abe.sys
763d32c7.sys
76e93b7d.sys
77823c15.sys
77c3344d.sys
79843e17.sys
7af1377c.sys
7b4837d2.sys
7b79400c.sys
7c3a38c4.sys
7db04243.sys
7e043a8f.sys
7e173aa1.sys
7e5d42f0.sys
7ed2e2fe.sys
81804613.sys
83e0406a.sys
840e48a2.sys
842840b3.sys
845c40e6.sys
846d4900.sys
85d8ea04.sys
863b4ace.sys
8642ea6f.sys
86d74b6b.sys
874f4be2.sys
87718b38.sys
87d64461.sys
880b4496.sys
88f24d85.sys
890a4595.sys
894a45d4.sys
8a3046ba.sys
8b114fa5.sys
8b2b47b5.sys
8bca505d.sys
8c5850eb.sys
8c8a4914.sys
8d1651a9.sys
8d5949e4.sys
8d6a51fd.sys
8d804a0b.sys
8da94a34.sys
8dbb524e.sys
8e154aa0.sys
8e174aa2.sys
8ebd4b48.sys
8f0a539d.sys
914f4dda.sys
915ef58a.sys
916c4df7.sys
91a04e2b.sys
9208569b.sys
923556c8.sys
929f4f2a.sys
9308f735.sys
933cf768.sys
935857eb.sys
93d65869.sys
948d5920.sys
969a5325.sys
974e5be1.sys
981b5cae.sys
98225cb5.sys
986754f2.sys
98fa5d8d.sys
9ab2fede.sys
9b32ff5e.sys
9b5757e2.sys
9b7b600e.sys
9b99ffc5.sys
9bc06054.sys
9bda5864.sys
9bfa608d.sys
9c5f58e9.sys
9cb36146.sys
9cea617d.sys
9d6f59fa.sys
9d7a620d.sys
9ee06373.sys
9f4863dc.sys
a05c0489.sys
a0ae6541.sys
a32467b7.sys
a60a6295.sys
a7306bc3.sys
a8de6569.sys
abc3684e.sys
ac2970bc.sys
acb0693b.sys
adb57248.sys
adec727f.sys
aeb17344.sys
aeed7380.sys
af7d6c07.sys
afc813f5.sys
b0a96d34.sys
b14c1579.sys
b2027695.sys
b37a780d.sys
b3b817e5.sys
b3e1706b.sys
b504718e.sys
b5e21a0f.sys
b6357ac8.sys
b69d7327.sys
b7417bd4.sys
b79c7427.sys
b7ef7c82.sys
b8047c98.sys
b81c1c49.sys
b8587cec.sys
b8b57d49.sys
b9011d2e.sys
b92975b4.sys
ba4d7ee1.sys
bcc97953.sys
bdba824d.sys
bf767c01.sys
bff87c82.sys
c0347cbe.sys
c04b7cd5.sys
c088851b.sys
c17925a7.sys
c1f8868b.sys
c25a7ee5.sys
c2f28785.sys
c3b48847.sys
c41588a8.sys
c54381cd.sys
c57429a1.sys
c81d84a8.sys
c9602d8d.sys
c97a8e0d.sys
c9b0863a.sys
c9ee8679.sys
ca2e86b9.sys
ca6086eb.sys
ca918f24.sys
caa48f37.sys
cad5875f.sys
cb4187cb.sys
cc7c30aa.sys
cd2191b4.sys
cd7d8a07.sys
ce8932b6.sys
ce918b1c.sys
ced68b60.sys
cf009393.sys
cf088b93.sys
cf769409.sys
cf8733b4.sys
cfbc8c47.sys
cfc49458.sys
d0568ce1.sys
d0fc958f.sys
d1b68e41.sys
d20a8e95.sys
d23796ca.sys
d3019794.sys
d39037bd.sys
d3b79042.sys
d53d99d0.sys
d6643a92.sys
d6c69b59.sys
d7e93c16.sys
d7f19c85.sys
d9449dd7.sys
d9719e04.sys
da7c9706.sys
dad59f68.sys
db1f9fb3.sys
db209fb3.sys
dc2398ad.sys
dd56a1e9.sys
ddcb41f8.sys
ddf9a28c.sys
de8c9b17.sys
df549bdf.sys
e0ffa592.sys
e1de460c.sys
e22ba6bf.sys
e3279fb1.sys
e39ca82f.sys
e41ca0a7.sys
e46c015e.sys
e58ea218.sys
e75cabf0.sys
e7dcac70.sys
e7ebac7e.sys
e89dad30.sys
ea3caecf.sys
ea42a6cc.sys
eaa6af39.sys
ec79b10d.sys
ec85b118.sys
ed1fa9aa.sys
ed7b51a8.sys
edc8b25b.sys
ee0daa98.sys
ee435271.sys
ee93ab1e.sys
f04e0d40.sys
f161adeb.sys
f190b623.sys
f211ae9b.sys
f224b6b7.sys
f248b6db.sys
f294b727.sys
f360b7f3.sys
f434b0be.sys
f476b909.sys
f489b91c.sys
f60fb29a.sys
f6c2b34d.sys
f6e3b36d.sys
f822bcb5.sys
f833bcc6.sys
f8675c95.sys
f8c5b54f.sys
f8c85cf5.sys
f92bbdbe.sys
f963b5ed.sys
f9db5e08.sys
fa03b68d.sys
fb145f41.sys
fbc9c05d.sys
fc81c114.sys
fd46b9d1.sys
fd5c6189.sys
fd7961a6.sys
ff0ec3a1.sys
ff0fc3a2.sys
ff45bbd0.sys
ffdac46d.sys

ADS::

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Let's reinstall MalwareBytes, that should cure the problem.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
MalwareBytes Log
Kaspersky Log

**Friggan** · 2009-08-17, 18:45

ComboFix 09-08-10.06 - Administrator 08/17/2009 11:13.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1441 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090816-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_0005c497.sys
-------\Service_006dc4ff.sys
-------\Service_00b5bd3f.sys
-------\Service_00c8bd52.sys
-------\Service_00d3c565.sys
-------\Service_016dbdf7.sys
-------\Service_029266be.sys
-------\Service_030ec7a0.sys
-------\Service_0366c7f8.sys
-------\Service_03b0c842.sys
-------\Service_0427c0b1.sys
-------\Service_053ec1c7.sys
-------\Service_058e227e.sys
-------\Service_0629c2b2.sys
-------\Service_06f66b22.sys
-------\Service_06fdc387.sys
-------\Service_0761cbf3.sys
-------\Service_07a6c430.sys
-------\Service_0908c591.sys
-------\Service_0a05c68f.sys
-------\Service_0a13cea5.sys
-------\Service_0af35dfd.sys
-------\Service_0b2ecfc0.sys
-------\Service_0c6fc8f9.sys
-------\Service_0c86c90f.sys
-------\Service_0c8ad11c.sys
-------\Service_0cf57121.sys
-------\Service_0d577183.sys
-------\Service_0d8d71b9.sys
-------\Service_0e32cabb.sys
-------\Service_0e77d309.sys
-------\Service_0e98cb22.sys
-------\Service_0ebbcb45.sys
-------\Service_0f25cbaf.sys
-------\Service_0fe8cc72.sys
-------\Service_1004cc8d.sys
-------\Service_1124d5b6.sys
-------\Service_11a1ce2b.sys
-------\Service_11e2d674.sys
-------\Service_13a5d02e.sys
-------\Service_1428d8ba.sys
-------\Service_147d78aa.sys
-------\Service_1552d9e5.sys
-------\Service_15cfd258.sys
-------\Service_16b2d33c.sys
-------\Service_17db7c07.sys
-------\Service_180dd497.sys
-------\Service_182dd4b6.sys
-------\Service_18391c00.sys
-------\Service_189ed528.sys
-------\Service_19b87de4.sys
-------\Service_1a77df09.sys
-------\Service_1a8cd715.sys
-------\Service_1a93df25.sys
-------\Service_1b587f84.sys
-------\Service_1e3e826a.sys
-------\Service_1e88db11.sys
-------\Service_1f7a83a6.sys
-------\Service_2028dcb2.sys
-------\Service_212d855a.sys
-------\Service_2257e6e9.sys
-------\Service_229edf28.sys
-------\Service_22d5df5e.sys
-------\Service_22f5e787.sys
-------\Service_2425e0af.sys
-------\Service_262deac0.sys
-------\Service_269ceb2e.sys
-------\Service_27b4e43e.sys
-------\Service_28388c64.sys
-------\Service_28afe538.sys
-------\Service_290feda1.sys
-------\Service_29f2e67b.sys
-------\Service_2a0fe699.sys
-------\Service_2b85f017.sys
-------\Service_2c60f0f2.sys
-------\Service_2dbbea44.sys
-------\Service_2e00f292.sys
-------\Service_2e19f2ab.sys
-------\Service_2ee2eb6c.sys
-------\Service_2f9aec24.sys
-------\Service_31559581.sys
-------\Service_31f0f682.sys
-------\Service_324feed9.sys
-------\Service_33449771.sys
-------\Service_3361efea.sys
-------\Service_3369f7fb.sys
-------\Service_33aff039.sys
-------\Service_3471f0fa.sys
-------\Service_3485f10e.sys
-------\Service_35d3f25d.sys
-------\Service_35f1f27b.sys
-------\Service_3736f3c0.sys
-------\Service_3785f40e.sys
-------\Service_37d6f45f.sys
-------\Service_3808f491.sys
-------\Service_3877fd09.sys
-------\Service_38d0f559.sys
-------\Service_3904f58d.sys
-------\Service_391ef5a8.sys
-------\Service_39c9f653.sys
-------\Service_3ad2ff64.sys
-------\Service_3b2fffc1.sys
-------\Service_3bdbf865.sys
-------\Service_3be6a013.sys
-------\Service_3e2102b4.sys
-------\Service_3fc9a3f5.sys
-------\Service_4015a442.sys
-------\Service_4086fd10.sys
-------\Service_424fa67c.sys
-------\Service_4329ffb2.sys
-------\Service_43d70062.sys
-------\Service_43fa0085.sys
-------\Service_446900f3.sys
-------\Service_46b60b49.sys
-------\Service_485a04e5.sys
-------\Service_48f50d88.sys
-------\Service_494a05d5.sys
-------\Service_49cb0e5e.sys
-------\Service_4be8b014.sys
-------\Service_4bea107d.sys
-------\Service_4cd41167.sys
-------\Service_4e1d12b0.sys
-------\Service_4e801313.sys
-------\Service_4f6213f5.sys
-------\Service_507eb4aa.sys
-------\Service_50d60d60.sys
-------\Service_51310dbb.sys
-------\Service_51741607.sys
-------\Service_5208169b.sys
-------\Service_52d80f63.sys
-------\Service_52e70f72.sys
-------\Service_540cb838.sys
-------\Service_545218e6.sys
-------\Service_545f18f2.sys
-------\Service_554411cf.sys
-------\Service_577313fe.sys
-------\Service_580b1c9e.sys
-------\Service_58eb1d7e.sys
-------\Service_58f8bd24.sys
-------\Service_5ac61750.sys
-------\Service_5b211fb4.sys
-------\Service_5b44bf70.sys
-------\Service_5dcd2260.sys
-------\Service_5e1f1aa9.sys
-------\Service_5e44c271.sys
-------\Service_5eff1b8a.sys
-------\Service_61481dd3.sys
-------\Service_61dc266f.sys
-------\Service_61f42687.sys
-------\Service_62931f1e.sys
-------\Service_631327a6.sys
-------\Service_635427e7.sys
-------\Service_63b0c7dc.sys
-------\Service_63df2872.sys
-------\Service_64862919.sys
-------\Service_65772a0a.sys
-------\Service_6643ca6f.sys
-------\Service_6687cab3.sys
-------\Service_66e52370.sys
-------\Service_6701238c.sys
-------\Service_675a23e5.sys
-------\Service_67742c07.sys
-------\Service_67d12c64.sys
-------\Service_68ea2574.sys
-------\Service_691825a3.sys
-------\Service_695a25e5.sys
-------\Service_69a92634.sys
-------\Service_6b5a27e5.sys
-------\Service_6c4830db.sys
-------\Service_6c4a30dd.sys
-------\Service_6cad2937.sys
-------\Service_6d6729f1.sys
-------\Service_6e6a2af5.sys
-------\Service_6e8b2b16.sys
-------\Service_6f0e33a1.sys
-------\Service_6f4d33e0.sys
-------\Service_70ef3582.sys
-------\Service_71f7368b.sys
-------\Service_72723705.sys
-------\Service_73052f90.sys
-------\Service_732437b7.sys
-------\Service_7360d78d.sys
-------\Service_73a63839.sys
-------\Service_74b03943.sys
-------\Service_75d53260.sys
-------\Service_761932a4.sys
-------\Service_76243ab7.sys
-------\Service_762b3abe.sys
-------\Service_763d32c7.sys
-------\Service_76e93b7d.sys
-------\Service_77823c15.sys
-------\Service_77c3344d.sys
-------\Service_79843e17.sys
-------\Service_7af1377c.sys
-------\Service_7b4837d2.sys
-------\Service_7b79400c.sys
-------\Service_7c3a38c4.sys
-------\Service_7db04243.sys
-------\Service_7e043a8f.sys
-------\Service_7e173aa1.sys
-------\Service_7e5d42f0.sys
-------\Service_7ed2e2fe.sys
-------\Service_81804613.sys
-------\Service_83e0406a.sys
-------\Service_840e48a2.sys
-------\Service_842840b3.sys
-------\Service_845c40e6.sys
-------\Service_846d4900.sys
-------\Service_85d8ea04.sys
-------\Service_863b4ace.sys
-------\Service_8642ea6f.sys
-------\Service_86d74b6b.sys
-------\Service_874f4be2.sys
-------\Service_87718b38.sys
-------\Service_87d64461.sys
-------\Service_880b4496.sys
-------\Service_88f24d85.sys
-------\Service_890a4595.sys
-------\Service_894a45d4.sys
-------\Service_8a3046ba.sys
-------\Service_8b114fa5.sys
-------\Service_8b2b47b5.sys
-------\Service_8bca505d.sys
-------\Service_8c5850eb.sys
-------\Service_8c8a4914.sys
-------\Service_8d1651a9.sys
-------\Service_8d5949e4.sys
-------\Service_8d6a51fd.sys
-------\Service_8d804a0b.sys
-------\Service_8da94a34.sys
-------\Service_8dbb524e.sys
-------\Service_8e154aa0.sys
-------\Service_8e174aa2.sys
-------\Service_8ebd4b48.sys
-------\Service_8f0a539d.sys
-------\Service_914f4dda.sys
-------\Service_915ef58a.sys
-------\Service_916c4df7.sys
-------\Service_91a04e2b.sys
-------\Service_9208569b.sys
-------\Service_923556c8.sys
-------\Service_929f4f2a.sys
-------\Service_9308f735.sys
-------\Service_933cf768.sys
-------\Service_935857eb.sys
-------\Service_93d65869.sys
-------\Service_948d5920.sys
-------\Service_969a5325.sys
-------\Service_974e5be1.sys
-------\Service_981b5cae.sys
-------\Service_98225cb5.sys
-------\Service_986754f2.sys
-------\Service_98fa5d8d.sys
-------\Service_9ab2fede.sys
-------\Service_9b32ff5e.sys
-------\Service_9b5757e2.sys
-------\Service_9b7b600e.sys
-------\Service_9b99ffc5.sys
-------\Service_9bc06054.sys
-------\Service_9bda5864.sys
-------\Service_9bfa608d.sys
-------\Service_9c5f58e9.sys
-------\Service_9cb36146.sys
-------\Service_9cea617d.sys
-------\Service_9d6f59fa.sys
-------\Service_9d7a620d.sys
-------\Service_9ee06373.sys
-------\Service_9f4863dc.sys
-------\Service_a05c0489.sys
-------\Service_a0ae6541.sys
-------\Service_a32467b7.sys
-------\Service_a60a6295.sys
-------\Service_a7306bc3.sys
-------\Service_a8de6569.sys
-------\Service_abc3684e.sys
-------\Service_ac2970bc.sys
-------\Service_acb0693b.sys
-------\Service_adb57248.sys
-------\Service_adec727f.sys
-------\Service_aeb17344.sys
-------\Service_aeed7380.sys
-------\Service_af7d6c07.sys
-------\Service_afc813f5.sys
-------\Service_b0a96d34.sys
-------\Service_b14c1579.sys
-------\Service_b2027695.sys
-------\Service_b37a780d.sys
-------\Service_b3b817e5.sys
-------\Service_b3e1706b.sys
-------\Service_b504718e.sys
-------\Service_b5e21a0f.sys
-------\Service_b6357ac8.sys
-------\Service_b69d7327.sys
-------\Service_b7417bd4.sys
-------\Service_b79c7427.sys
-------\Service_b7ef7c82.sys
-------\Service_b8047c98.sys
-------\Service_b81c1c49.sys
-------\Service_b8587cec.sys
-------\Service_b8b57d49.sys
-------\Service_b9011d2e.sys
-------\Service_b92975b4.sys
-------\Service_ba4d7ee1.sys
-------\Service_bcc97953.sys
-------\Service_bdba824d.sys
-------\Service_bf767c01.sys
-------\Service_bff87c82.sys
-------\Service_c0347cbe.sys
-------\Service_c04b7cd5.sys
-------\Service_c088851b.sys
-------\Service_c17925a7.sys
-------\Service_c1f8868b.sys
-------\Service_c25a7ee5.sys
-------\Service_c2f28785.sys
-------\Service_c3b48847.sys
-------\Service_c41588a8.sys
-------\Service_c54381cd.sys
-------\Service_c57429a1.sys
-------\Service_c81d84a8.sys
-------\Service_c9602d8d.sys
-------\Service_c97a8e0d.sys
-------\Service_c9b0863a.sys
-------\Service_c9ee8679.sys
-------\Service_ca2e86b9.sys
-------\Service_ca6086eb.sys
-------\Service_ca918f24.sys
-------\Service_caa48f37.sys
-------\Service_cad5875f.sys
-------\Service_cb4187cb.sys
-------\Service_cc7c30aa.sys
-------\Service_cd2191b4.sys
-------\Service_cd7d8a07.sys
-------\Service_ce8932b6.sys
-------\Service_ce918b1c.sys
-------\Service_ced68b60.sys
-------\Service_cf009393.sys
-------\Service_cf088b93.sys
-------\Service_cf769409.sys
-------\Service_cf8733b4.sys
-------\Service_cfbc8c47.sys
-------\Service_cfc49458.sys
-------\Service_d0568ce1.sys
-------\Service_d0fc958f.sys
-------\Service_d1b68e41.sys
-------\Service_d20a8e95.sys
-------\Service_d23796ca.sys
-------\Service_d3019794.sys
-------\Service_d39037bd.sys
-------\Service_d3b79042.sys
-------\Service_d53d99d0.sys
-------\Service_d6643a92.sys
-------\Service_d6c69b59.sys
-------\Service_d7e93c16.sys
-------\Service_d7f19c85.sys
-------\Service_d9449dd7.sys
-------\Service_d9719e04.sys
-------\Service_da7c9706.sys
-------\Service_dad59f68.sys
-------\Service_db1f9fb3.sys
-------\Service_db209fb3.sys
-------\Service_dc2398ad.sys
-------\Service_dd56a1e9.sys
-------\Service_ddcb41f8.sys
-------\Service_ddf9a28c.sys
-------\Service_de8c9b17.sys
-------\Service_df549bdf.sys
-------\Service_e0ffa592.sys
-------\Service_e1de460c.sys
-------\Service_e22ba6bf.sys
-------\Service_e3279fb1.sys
-------\Service_e39ca82f.sys
-------\Service_e41ca0a7.sys
-------\Service_e46c015e.sys
-------\Service_e58ea218.sys
-------\Service_e75cabf0.sys
-------\Service_e7dcac70.sys
-------\Service_e7ebac7e.sys
-------\Service_e89dad30.sys
-------\Service_ea3caecf.sys
-------\Service_ea42a6cc.sys
-------\Service_eaa6af39.sys
-------\Service_ec79b10d.sys
-------\Service_ec85b118.sys
-------\Service_ed1fa9aa.sys
-------\Service_ed7b51a8.sys
-------\Service_edc8b25b.sys
-------\Service_ee0daa98.sys
-------\Service_ee435271.sys
-------\Service_ee93ab1e.sys
-------\Service_f04e0d40.sys
-------\Service_f161adeb.sys
-------\Service_f190b623.sys
-------\Service_f211ae9b.sys
-------\Service_f224b6b7.sys
-------\Service_f248b6db.sys
-------\Service_f294b727.sys
-------\Service_f360b7f3.sys
-------\Service_f434b0be.sys
-------\Service_f476b909.sys
-------\Service_f489b91c.sys
-------\Service_f60fb29a.sys
-------\Service_f6c2b34d.sys
-------\Service_f6e3b36d.sys
-------\Service_f822bcb5.sys
-------\Service_f833bcc6.sys
-------\Service_f8675c95.sys
-------\Service_f8c5b54f.sys
-------\Service_f8c85cf5.sys
-------\Service_f92bbdbe.sys
-------\Service_f963b5ed.sys
-------\Service_f9db5e08.sys
-------\Service_fa03b68d.sys
-------\Service_fb145f41.sys
-------\Service_fbc9c05d.sys
-------\Service_fc81c114.sys
-------\Service_fd46b9d1.sys
-------\Service_fd5c6189.sys
-------\Service_fd7961a6.sys
-------\Service_ff0ec3a1.sys
-------\Service_ff0fc3a2.sys
-------\Service_ff45bbd0.sys
-------\Service_ffdac46d.sys

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 15:41 . 2009-08-17 15:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-17 15:33 . 2009-08-17 15:33 -------- d-----w- c:\program files\Foxit Software
2009-08-17 15:33 . 2009-08-17 15:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2009-08-17 14:56 . 2009-08-17 14:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-17 14:56 . 2009-08-03 19:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 14:56 . 2009-08-17 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-17 14:56 . 2009-08-17 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 14:56 . 2009-08-03 19:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-16 15:30 . 2009-08-16 15:34 -------- d-----w- C:\rsit
2009-08-13 17:48 . 2009-08-13 17:48 -------- d-----w- c:\program files\Trend Micro
2009-08-13 17:29 . 2009-08-13 17:29 94493460 ----a-w- C:\regbackup.reg
2009-08-13 16:55 . 2009-08-13 16:55 16 ----a-w- c:\windows\system32\drivers\ZuneBusEnum.exe.sys
2009-08-13 16:20 . 2009-08-13 17:07 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-08-13 16:02 . 2009-08-13 16:02 16 ----a-w- c:\windows\system32\drivers\sessionstore-1..sys
2009-08-13 15:44 . 2009-08-13 15:44 16 ----a-w- c:\windows\system32\drivers\History.IE5.sys
2009-08-13 15:41 . 2009-08-13 16:20 16 ----a-w- c:\windows\system32\drivers\Aavm4h.dll.sys
2009-08-13 15:37 . 2009-08-13 16:19 16 ----a-w- c:\windows\system32\drivers\zllictbl.dat.sys
2009-08-12 14:04 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 20:41 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2009-08-10 06:03 . 2009-08-10 06:03 -------- d-----w- c:\program files\AskBarDis
2009-08-10 06:02 . 2009-02-16 06:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-10 06:00 . 2009-08-10 06:00 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-10 05:59 . 2009-08-10 05:59 -------- d-----w- c:\program files\MSBuild
2009-08-10 05:59 . 2009-08-10 05:59 -------- d-----w- c:\program files\Reference Assemblies
2009-08-10 05:59 . 2009-08-10 05:59 -------- d-----w- C:\ddd1fcc9e2fae00c404e3e3bb27d
2009-08-10 05:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-10 05:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-10 05:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-10 05:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-10 05:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-10 05:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-10 05:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-10 04:20 . 2009-08-13 16:38 16 ----a-w- c:\windows\system32\drivers\.sys
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 15:40 . 2006-12-07 09:51 -------- d-----w- c:\program files\Java
2009-08-17 15:34 . 2006-12-07 09:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 15:12 . 2008-10-04 01:22 1295234 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-10 06:02 . 2006-12-30 19:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-10 05:20 . 2008-07-09 01:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 04:19 . 2009-08-16 15:17 69632 ----a-w- c:\windows\system32\drivers\trz37D.tmp
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 05:30 . 2009-07-15 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-15 05:29 . 2009-07-15 05:29 -------- d-----w- c:\program files\Yahoo! Games
2009-07-14 05:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 19:01 . 2007-03-24 15:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\IMVU
2009-06-29 16:12 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 19:13 . 2009-06-23 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\W Photo Studio Viewer
2009-06-18 18:36 . 2009-06-18 18:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-06-18 18:36 . 2009-06-18 18:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-06-18 18:34 . 2009-06-18 18:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-06-18 18:29 . 2009-06-18 18:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-06-18 18:29 . 2009-06-18 18:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-17_15.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 17:18 . 2009-08-17 17:18 16384 c:\windows\Temp\Perflib_Perfdata_638.dat
+ 2009-08-17 17:18 . 2009-08-17 17:18 16384 c:\windows\Temp\Perflib_Perfdata_340.dat
- 2009-08-17 15:09 . 2009-08-17 15:09 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-17 17:17 . 2009-08-17 17:17 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-17 17:17 . 2009-08-17 17:17 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-17 15:09 . 2009-08-17 15:09 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-17 15:41 . 2009-08-17 15:40 149280 c:\windows\system32\javaws.exe
+ 2009-08-17 15:41 . 2009-08-17 15:40 145184 c:\windows\system32\javaw.exe
+ 2009-08-17 15:41 . 2009-08-17 15:40 145184 c:\windows\system32\java.exe
+ 2009-08-17 17:17 . 2009-08-17 17:17 188416 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-17 15:09 . 2009-08-17 15:09 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-17 17:17 . 2009-08-17 17:17 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-17 17:17 . 2009-08-17 17:17 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-17 15:09 . 2009-08-17 15:09 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-17 15:40 . 2009-08-17 15:40 1757696 c:\windows\Installer\11a852.msi
+ 2009-08-17 17:17 . 2009-08-17 17:17 7172096 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 00:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ASKService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/8/2008 7:37 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/8/2008 7:37 PM 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7/13/2008 10:23 AM 222456]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/17/2009 8:56 AM 38160]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/10/2009 12:03 AM 464264]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a6rjsg2e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 11:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-17 11:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 17:40
ComboFix2.txt 2009-08-17 15:23

Pre-Run: 65,217,654,784 bytes free
Post-Run: 65,247,047,680 bytes free

688 --- E O F --- 2009-08-13 09:02

**Friggan** · 2009-08-17, 20:14

completed the combo fix, I am currently at work, I will finish the rest once I am home, just wanted to provide an update, again thank you for your assistance.

**tashi** · 2009-08-24, 21:22

This topic has been closed due to inactivity.

If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thread: Fake Antivirus pop up

Thread Tools

Display

Posting Permissions