ComboFix 09-08-30.01 - Jay 08/30/2009 17:12.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1080 [GMT -4:00]
Running from: c:\users\Jay\Desktop\Combo-Fix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3183089886-1880098321-9346872-500
c:\$recycle.bin\S-1-5-21-4068992104-3095189674-2203985168-500
c:\$recycle.bin\S-1-5-21-521722876-3785596377-593891740-500
c:\users\Jay\AppData\Local\Temp\catchme.dll
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk
c:\users\Jay\protect.dll
c:\windows\AWACT.dll
c:\windows\Installer\3d445bf.msi
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 21:26 . 2009-08-30 21:30 -------- d-----w- c:\users\Jay\AppData\Local\temp
2009-08-30 15:40 . 2009-08-30 15:40 0 ----a-w- c:\windows\system32\wsbl.dat
2009-08-30 15:40 . 2009-08-30 15:40 0 ----a-w- c:\windows\system32\ph_white.dat
2009-08-30 15:40 . 2009-08-30 15:40 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-08-30 15:40 . 2009-08-30 15:40 0 ----a-w- c:\windows\system32\ph_black.dat
2009-08-30 15:40 . 2009-08-30 15:40 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-08-30 15:40 . 2009-08-30 15:40 0 ----a-w- c:\windows\system32\pcwords.dat
2009-08-24 01:07 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 01:07 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 01:07 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 01:07 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 01:07 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 01:07 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 01:07 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 01:07 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-19 11:28 . 2009-08-19 17:24 -------- d-----w- c:\programdata\13359474
2009-08-12 01:30 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 01:30 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 01:30 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 01:30 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 01:30 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 01:30 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 01:30 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 01:30 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-06 20:34 . 2009-08-06 20:34 71176 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 21:26 . 2007-12-13 02:00 836 ----a-w- c:\windows\bthservsdp.dat
2009-08-30 16:49 . 2008-02-06 04:37 27145 ----a-w- c:\users\Jay\AppData\Roaming\nvModes.dat
2009-08-30 15:35 . 2009-08-30 15:31 -------- d-----w- c:\programdata\BitDefender
2009-08-30 15:32 . 2009-08-24 13:40 -------- d-----w- c:\program files\BitDefender
2009-08-30 15:31 . 2009-08-24 13:38 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-30 15:25 . 2009-08-30 15:25 -------- d-----w- c:\users\Jay\AppData\Roaming\BitDefender
2009-08-30 11:23 . 2009-08-26 07:39 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-30 08:09 . 2008-04-03 01:17 -------- d-----w- c:\program files\Java
2009-08-26 06:13 . 2009-06-30 22:41 -------- d-sh--w- c:\users\Jay\AppData\Roaming\lowsec
2009-08-12 07:02 . 2008-02-20 08:23 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 03:20 . 2008-06-18 01:24 -------- d-----w- c:\users\Jay\AppData\Roaming\Azureus
2009-08-10 08:59 . 2008-12-18 01:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-27 03:22 . 2009-07-27 03:22 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-25 09:23 . 2008-12-18 01:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 16:26 . 2009-07-24 16:26 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-07-21 21:52 . 2009-07-28 19:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 15:20 . 2009-07-15 15:20 1878984 ----a-w- c:\users\Jay\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-09 05:24 . 2009-07-09 05:24 -------- d-----w- c:\users\Jay\AppData\Roaming\CyberLink
2009-07-09 05:24 . 2008-02-06 04:08 -------- d-----w- c:\programdata\CyberLink
2009-07-09 05:21 . 2009-07-09 05:21 -------- d-----w- c:\users\Jay\AppData\Roaming\dvdcss
2009-07-01 17:04 . 2007-08-16 05:56 101952 ----a-w- c:\users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 16:17 . 2008-10-17 08:44 101952 ----a-w- c:\users\Jay 2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-29 18:12 . 2009-06-29 18:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-06-29 18:12 . 2009-06-29 18:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-06-22 10:22 . 2009-08-26 07:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-21 22:49 . 2009-06-21 22:49 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-15 15:24 . 2009-07-15 03:18 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 03:18 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 03:18 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 03:18 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 12:34 . 2009-08-26 01:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-05 10:08 . 2009-08-26 01:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-07 14:38 . 2009-08-30 15:37 44544 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-06 50528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-01 39408]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Keyboard OSD Utility"="c:\program files\Keyboard Manager\OSD Utility\OSDManager.exe" [2007-11-19 3809280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-02 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-02 129560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"AlienFusion Controller"="c:\program files\Alienware\Command Center\AlienFusionController.exe" [2007-12-07 24576]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2007-12-14 94208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-24 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-24 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-08-06 64000]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-08-13 1096192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-18 727856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85BA4688-CBED-4D69-9F09-D737A5F64C12}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{57E13E1F-6618-479C-B22C-FDA52D0829BF}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{F11BED08-06CC-482A-9D6B-143677C2030A}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{96FE2ACC-57B1-47C1-86C2-4E02DFF15909}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F3C1CECF-BBD0-46EE-B3A6-8A683D37A2A5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{79245C18-7466-4863-BF96-8E30AFC15110}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CD97D7EC-A0C8-431D-9B9C-88BD1AA5443C}"= UDP:c:\windows\System32\dlbccoms.exe:Photo Printer 720 Server
"{2D960E1F-0E12-46A4-855D-652AA392A61B}"= TCP:c:\windows\System32\dlbccoms.exe:Photo Printer 720 Server
"{792C475D-25C1-4668-8D9F-4610DFE51295}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{147C796A-2AD4-45F5-A4E4-27BF93D86010}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FACE43D2-1432-4A6D-8ECF-B5AFB377120A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DED0D088-8511-40B6-817F-AF8DB9FFFF25}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{77126108-31EA-48FA-B580-F72BEE1B0290}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{167BE324-B092-4C2B-A989-B61A0E089358}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F16E7AFB-B9C1-4EC0-9330-5F222A895901}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FE7C3DB8-5C7F-4A72-8C3D-4D86E6D202DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [8/6/2009 4:34 PM 71176]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [12/7/2007 5:16 PM 20480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [4/1/2009 11:25 AM 82696]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/17/2008 3:34 PM 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10/10/2007 3:31 PM 179712]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [6/29/2009 2:12 PM 152328]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [3/28/2007 8:51 AM 43008]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{32D2ABA7-9B83-49FE-A53E-ABF1F212B54B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alienware.com/Mothership?Comp=%ALIENFACTORY_Company%&SysCode=%ALIENFACTORY_SystemCode%&ai=636E3D26706F3D4D443030303031
mStart Page = hxxp://www.alienware.com/mothership
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\qrxxweof.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xbox360news.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 17:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1964)
c:\windows\system32\ieframe.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlbccoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-08-30 17:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 21:42

Pre-Run: 41,099,948,032 bytes free
Post-Run: 43,252,867,072 bytes free

278 --- E O F --- 2009-08-30 08:24



I ran the software and was wondering if you could let me know if all my stuff is ok miekiemoes


SPLIT from someone elses thread, please do NOT post in someone elses thread as this makes it extremely confusing for all of us and because of that we are having a huge backlog.

Current log overall is okay. Please run the following.

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Please post a status update on this.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.