HiJack this

Tarrynv

Just want to say, that have actually managed to update AVG for 1st time in ages! (reinstalled it) :T going to check if firefox works now

@ alienrik: no idea what that is lol, Im not overly computer savvy

~ any idea what this is? ~
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe

FIX these using hijack ~
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

aliEnRIK

erm

Im not sure if you ment ALL of what I asked or just the file

TICK these in hijack and click to FIX them ~
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

Tarrynv

sorry didnt write that very well did I, I understood about fixing in Hijack I just meant I did not know what the file you asked me about was

Tarrynv

Full scan log for malware bytes as requested

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 6.0.6000

04/07/2009 22:00:09
mbam-log-2009-07-04 (22-00-09).txt

Scan type: Full Scan (C:\|S:\|)
Objects scanned: 171831
Time elapsed: 2 hour(s), 30 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sorry scan took nearly 3 hours :rolleyes::D

aliEnRIK

Can you post the nasties malwarebytes and sas DID find?

Please run COMBOFIX

Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download

Tarrynv

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 6.0.6000
01/07/2009 18:04:35
mbam-log-2009-07-01 (18-04-35).txt
Scan type: Full Scan (C:\|S:\|)
Objects scanned: 171319
Time elapsed: 1 hour(s), 8 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Tarrynv

Super antispyware, the two that were quarantined were, Rogue_Antivirus_Pro and Adware tracking cookie

Browntoa

run combofix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and post that log

Tarrynv

ran combo fix, scared the heck out of me! After it ran it wouldnt let me open IE saying that that registry was about to be deleted, same for firefox. So couldnt post the log as couldnt get online. The restarted and computer was running 3 updates, this took about 2 hours, so left it be and went to bed.

In the morning started up laptop and it was fine, just the desktop background had been changed, here is the log

ComboFix 09-07-04.04 - Tarryn 04/07/2009 22:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.250 [GMT 1:00]
Running from: c:\users\Tarryn\Desktop\qwerty.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-07-04 22:08 . 2009-07-04 22:09

---

d

---

w- c:\users\Tarryn\AppData\Local\temp
2009-07-04 19:30 . 2009-07-04 19:30

---

d

---

w- c:\users\Tarryn\AppData\Roaming\Yahoo!
2009-07-04 19:30 . 2009-07-04 19:30

---

d

---

w- c:\programdata\Yahoo! Companion
2009-07-04 19:23 . 2009-07-04 19:38

---

d--h--w- c:\windows\msdownld.tmp
2009-07-04 18:17 . 2009-07-04 17:36 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-04 17:37 . 2009-07-04 17:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-04 14:30 . 2009-07-04 14:30

---

d

---

w- c:\programdata\NortonInstaller
2009-07-01 16:34 . 2009-07-01 16:34 680 ----a-w- c:\users\Tarryn\AppData\Local\d3d9caps.dat
2009-07-01 16:28 . 2006-12-19 08:53 1872821 ----a-w- c:\windows\system32\cygwin1.dll
2009-07-01 16:28 . 2006-10-16 00:10 66048 ----a-w- c:\windows\system32\cygz.dll
2009-07-01 16:28 . 2006-10-17 21:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-07-01 16:26 . 2009-07-01 16:27

---

d

---

w- c:\program files\MagicDVDRipper
2009-07-01 16:22 . 2006-03-29 13:35 475136 ----a-w- c:\windows\system32\SkinCrafter.dll
2009-07-01 16:22 . 2009-07-01 16:24

---

d

---

w- c:\program files\Plato DVD Ripper
2009-07-01 15:57 . 2009-07-01 15:57

---

d

---

w- c:\users\Tarryn\AppData\Roaming\dvdcss
2009-07-01 15:55 . 2009-07-01 15:55

---

d

---

w- c:\program files\Xilisoft
2009-07-01 15:04 . 2009-07-04 18:10 117760 ----a-w- c:\users\Tarryn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 14:56 . 2009-07-01 14:56

---

d

---

w- c:\program files\SUPERAntiSpyware
2009-07-01 14:54 . 2009-07-01 14:54

---

d

---

w- c:\program files\Common Files\Wise Installation Wizard
2009-06-30 08:34 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 08:34 . 2009-06-30 08:34

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 08:34 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 18:42 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-25 18:42 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-25 18:42 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-25 18:42 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-25 18:42 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-13 17:34 . 2009-06-13 17:34

---

d

---

w- c:\program files\Maxis
2009-06-09 13:21 . 2009-06-09 13:22

---

dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 12:56 . 2009-06-09 12:56

---

d

---

w- c:\users\Tarryn\AppData\Roaming\Malwarebytes
2009-06-09 12:56 . 2009-06-09 12:56

---

d

---

w- c:\programdata\Malwarebytes
2009-06-07 18:23 . 2009-06-07 18:34

---

d

---

w- c:\users\Tarryn\AppData\Roaming\Skype
2009-06-07 18:21 . 2009-06-07 18:21

---

d

---

r- c:\program files\Skype
2009-06-07 18:21 . 2009-06-07 18:21

---

d

---

w- c:\programdata\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 19:30 . 2008-07-11 17:50

---

d

---

w- c:\programdata\Yahoo!
2009-07-04 19:30 . 2008-07-11 17:45

---

d

---

w- c:\program files\Yahoo!
2009-07-04 17:50 . 2009-04-04 21:59

---

d

---

w- c:\programdata\avg8
2009-07-04 17:37 . 2009-04-04 22:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-04 17:37 . 2009-04-04 22:01 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-04 17:37 . 2009-04-04 22:00 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 14:41 . 2007-09-12 19:44 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-04 14:32 . 2008-01-01 15:30

---

d

---

w- c:\program files\Common Files\Symantec Shared
2009-07-01 15:22 . 2008-10-20 20:53

---

d

---

w- c:\users\Tarryn\AppData\Roaming\XnView
2009-07-01 14:56 . 2009-05-14 10:49

---

d

---

w- c:\users\Tarryn\AppData\Roaming\SUPERAntiSpyware.com
2009-06-22 19:16 . 2009-02-24 21:20

---

d

---

w- c:\program files\Watchtower
2009-06-18 13:17 . 2007-12-05 20:01

---

d

---

w- c:\programdata\Microsoft Help
2009-06-18 13:17 . 2007-12-05 20:49

---

d

---

w- c:\program files\Microsoft Works
2009-05-16 17:39 . 2009-05-16 17:39

---

d

---

w- c:\program files\Combined Community Codec Pack
2009-05-14 10:49 . 2009-05-14 10:49

---

d

---

w- c:\programdata\SUPERAntiSpyware.com
2009-05-11 17:09 . 2009-04-04 21:59

---

d

---

w- c:\program files\AVG
2007-07-13 10:29 . 2007-03-07 12:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"Reminder_MUI"="c:\applications\oem\Reminder\Reminder_MUI.exe" [2007-07-20 1089536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 202024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-04 1948440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-11 4468736]
c:\users\Tarryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-2-12 6144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1BFFB9FD-A00B-48C2-A093-39231F8FF3EA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{11CC53DB-4A07-464A-852D-1D3E5C61CB40}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3741140A-2998-4DBF-86D1-BB9811CA3B76}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{545A8018-4CA5-49A2-BA35-F2FF953BE49F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{CAF42E81-153E-419E-A714-B72489706B3B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{873197D2-F05D-4B13-B09F-202C9E37DD70}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{BC3B5174-AD72-43B0-A3DD-808E1D44198A}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F2D9E001-31F0-4605-80D5-B59CDAF24CAA}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{524D0B5B-6A31-42A6-82DF-067F18436922}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{C8F0C8AA-1A22-4869-B302-B473E3E802A0}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{48700E84-A002-4D15-B4E3-131FDDE0B8B0}"= UDP:c:\program files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{6571A4E1-3D34-4305-B48B-D5506DBA774B}"= TCP:c:\program files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{FE542553-35DC-4897-94F6-7E8E1A4F3BE4}"= UDP:c:\program files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault
"{1DC401E6-84E9-47FA-92BA-C02617B059DC}"= TCP:c:\program files\Grisoft\AVG7\avgvv.exe:AVG Virus Vault
"{A7E8090A-64C6-4565-994E-E0822DBAE523}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{DF4ACD6B-0601-402A-8CDA-E542E52F3220}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{9F74B3A2-84EF-4AEB-A20E-4D3997FC7922}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{E522061F-A305-495F-9B64-F473B91A6BB6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9309B411-8141-4999-B4FF-ECC854EAC86A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A2ABD841-CBA0-42EF-A04B-CD84C4EEB795}"= UDP:c:\program files\AVG\AVG8\avgw.exe:AVG Test Center
"{14BA5789-D9FB-478C-9582-E079D23FAEE4}"= TCP:c:\program files\AVG\AVG8\avgw.exe:AVG Test Center
"{0C40CEE7-9C03-4BA4-9D88-D8A3C8025CCB}"= UDP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{C131C7CF-D422-4F1C-B8C3-46745BDE47D9}"= TCP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{BEC40458-1C09-48D9-9CCA-6772A282FB04}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{0A3965F4-9A1B-4F53-872C-F48CFF65C23A}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{7E99027D-0C6A-4B2E-813E-262B2FBB5AC5}"= UDP:c:\program files\AVG\AVG8\avgvv.exe:AVG Virus Vault
"{2525F789-3D20-45C4-A3A8-9D97F1C546F9}"= TCP:c:\program files\AVG\AVG8\avgvv.exe:AVG Virus Vault
"{0705D6D7-8B03-4CC3-A3D0-BCE79C4A8928}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{62040004-6F3F-4F5A-9411-4F503644CE08}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{C83C983B-226D-41C8-8659-323D4CE7864B}"= UDP:c:\users\Tarryn\AppData\Local\Temp\7zSA7E2.tmp\SymNRT.exe:Norton Removal Tool
"{FC307A8D-5DE7-4A43-98EB-AACB1A342293}"= TCP:c:\users\Tarryn\AppData\Local\Temp\7zSA7E2.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04/04/2009 23:00 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/04/2009 23:01 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/09/2007 21:07 351232]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AVGMFX86
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mdx.ac.uk\oasisplus
FF - ProfilePath - c:\users\Tarryn\AppData\Roaming\Mozilla\Firefox\Profiles\11p3rpeq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", google
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-04 23:09
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTZDetec.exe = c:\program files\Creative\Creative Media Lite\CTZDetec.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-04 23:13
ComboFix-quarantined-files.txt 2009-07-04 22:13
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 67,910,877,184 bytes free
228 --- E O F --- 2008-12-22 17:35

aliEnRIK

Log looks clean to me

It took as long as it did probably because of what was removed has now allowed your computer to work as it should and just happened to update as you ran combofix (Unluckily)

Download CCLEANER (Just to clean up the computer a little)
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)

Then you should be good to go