Thread: Firefox redirects and pop-ups
View Single Post
Old 11-14-2008, 10:28 AM   #11 (permalink)
YSRRider
Registered User
 
Join Date: Jan 2005
Posts: 70
OS: XP


Re: Firefox redirects and pop-ups
ComboFix 08-11-12.02 - Drake1 2008-11-14 11:22:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.347 [GMT -6:00]
Running from: c:\documents and settings\Drake1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.

2008-11-13 18:27 . 2008-11-13 18:27 <DIR> d-------- c:\program files\Trend Micro
2008-11-12 11:09 . 2008-11-13 18:34 250 --a------ c:\windows\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 05:54 --------- d-----w c:\documents and settings\Drake1\Application Data\ComcastToolbar
.
Code:
<pre>
----a-w         3,687,956 2005-10-06 22:17:30  c:\documents and settings\Drake1\Desktop\LimeWire Pro v4.9.32\LimeWire Pro v4.9.32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-28 323584]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 198184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"nForce Tray Options"="sstray.exe" [2003-08-12 c:\windows\system32\sstray.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [2007-05-31 8832]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Drake1\Application Data\Mozilla\Firefox\Profiles\byowlath.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.netscape.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 11:23:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-14 11:23:24
ComboFix-quarantined-files.txt 2008-11-14 17:23:18

Pre-Run: 8,320,802,816 bytes free
Post-Run: 8,783,405,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

68
YSRRider is offline