ComboFix 09-07-28.04 - a 07/29/2009 16:43.1.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.631.471 [GMT 5.5:30] Running from: c:\documents and settings\a\Desktop\Combo-Fix.exe AV: Total Security 10.00 *On-access scanning enabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskSearch\bin\DefaultSearch.dll c:\windows\Installer\WMEncoder.msi . ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))))) . 2009-07-29 10:27 . 2009-07-29 10:27 -------- d-----w- C:\Rooter$ 2009-07-28 09:43 . 2009-07-28 09:43 -------- d-----w- c:\windows\Sun 2009-07-28 09:33 . 2009-07-28 09:33 -------- d-----w- c:\documents and settings\a\Application Data\JonDo 2009-07-28 09:13 . 2009-07-28 09:13 -------- d-----w- c:\program files\JAP 2009-07-28 04:23 . 2009-07-28 04:23 -------- d-sh--w- C:\FOUND.019 2009-07-27 07:11 . 2009-07-27 07:11 -------- d-sh--w- C:\FOUND.018 2009-07-26 10:25 . 2009-07-26 10:25 -------- d-sh--w- C:\FOUND.017 2009-07-24 05:13 . 2009-07-24 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap 2009-07-24 05:12 . 2009-07-24 05:12 -------- d-----w- c:\program files\PopCap Games 2009-07-22 12:51 . 2009-07-22 12:51 -------- d-----w- c:\windows\system32\Lang 2009-07-22 12:35 . 2009-07-22 12:35 -------- d-sh--w- C:\FOUND.016 2009-07-22 03:50 . 2009-07-22 03:50 -------- d-sh--w- C:\FOUND.015 2009-07-21 07:55 . 2009-07-21 07:55 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\The Weather Channel 2009-07-17 07:15 . 2009-07-17 07:15 -------- d-sh--w- C:\FOUND.014 2009-07-17 04:15 . 2009-07-17 04:15 -------- d-sh--w- C:\FOUND.013 2009-07-16 06:13 . 2009-07-16 06:13 -------- d-----w- c:\documents and settings\a\Application Data\ARGELA 2009-07-15 06:57 . 2009-07-15 06:57 -------- d--h--r- C:\MSOCache 2009-07-15 05:01 . 2009-07-15 05:01 -------- d-sh--w- C:\FOUND.012 2009-07-14 15:50 . 2009-07-14 15:50 -------- d-----w- c:\program files\Realtek AC97 2009-07-14 15:49 . 2005-05-02 19:43 69632 ----a-w- c:\windows\Alcmtr.exe 2009-07-14 15:49 . 2006-05-03 17:26 2808832 ----a-w- c:\windows\alcwzrd.exe 2009-07-14 15:49 . 2006-09-11 17:58 16264192 ----a-w- c:\windows\RTHDCPL.exe 2009-07-14 15:49 . 2006-09-11 16:12 2155008 ----a-w- c:\windows\MicCal.exe 2009-07-14 15:49 . 2006-05-15 19:04 2879488 ----a-w- c:\windows\SkyTel.exe 2009-07-14 15:49 . 2009-07-14 15:49 -------- d-----w- c:\windows\system32\RTCOM 2009-07-14 15:49 . 2006-08-31 15:35 364544 ----a-w- c:\windows\RtlUpd.exe 2009-07-14 15:49 . 2006-05-03 17:35 9709568 ----a-w- c:\windows\RTLCPL.exe 2009-07-14 15:49 . 2005-07-15 11:18 40960 ----a-w- c:\windows\system32\ChCfg.exe 2009-07-14 15:49 . 2006-09-11 20:27 4381184 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys 2009-07-14 15:47 . 2009-07-14 15:47 -------- d-----w- c:\program files\Realtek 2009-07-14 15:47 . 2006-09-11 15:34 499712 ----a-w- c:\windows\RtlExUpd.dll 2009-07-13 15:20 . 2009-07-13 15:20 -------- d-----w- C:\DriveKey 2009-07-12 05:53 . 2009-07-12 05:53 -------- d-sh--w- C:\FOUND.011 2009-07-09 04:33 . 2009-07-09 04:33 28664 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS 2009-07-09 04:32 . 2009-07-09 04:33 65024 ----a-w- c:\windows\system32\drivers\catflt.sys 2009-07-06 11:56 . 2005-07-22 09:30 81920 ----a-w- c:\windows\SoundMan.exe 2009-07-06 11:56 . 2004-09-07 08:53 156672 ----a-w- c:\windows\system32\RtlCPAPI.dll 2009-07-06 11:13 . 2005-07-22 09:29 10458112 ----a-w- c:\windows\system32\RTLCPL.EXE 2009-07-06 11:03 . 2009-07-06 11:03 -------- d-----w- c:\program files\Intel 2009-07-06 05:46 . 2001-12-31 18:29 312 ----a-w- c:\windows\system32\drivers\HDACfg.dat 2009-07-06 05:45 . 2004-11-18 05:12 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2009-07-04 13:04 . 2009-07-04 13:04 -------- d-sh--w- C:\FOUND.010 2009-07-04 08:47 . 2009-07-04 08:47 -------- d-sh--w- C:\FOUND.009 2009-07-04 05:36 . 2009-07-04 05:36 0 ----a-w- c:\windows\nsreg.dat 2009-07-04 05:36 . 2009-07-04 05:36 -------- d-----w- c:\documents and settings\a\Local Settings\Application Data\Mozilla 2009-07-04 01:59 . 2009-07-04 01:59 -------- d-sh--w- C:\FOUND.008 2009-07-03 16:09 . 2009-07-03 16:09 -------- d-----w- c:\documents and settings\a\Application Data\BitTorrent 2009-07-03 16:08 . 2009-07-03 16:09 -------- d-----w- c:\program files\BitTorrent 2009-07-03 16:08 . 2009-07-03 16:08 -------- d-----w- c:\program files\AskSearch 2009-07-03 04:40 . 2009-07-03 04:40 -------- d-sh--w- C:\FOUND.007 2009-07-02 11:48 . 2009-07-02 11:48 -------- d-sh--w- C:\FOUND.006 2009-07-02 10:54 . 2009-07-02 10:54 -------- d-----w- c:\documents and settings\a\Application Data\ESTSoft 2009-07-02 10:24 . 2005-07-26 11:33 3644032 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS 2009-07-02 10:24 . 2004-02-24 05:38 400384 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS 2009-07-02 10:24 . 2005-06-02 11:13 200704 ----a-w- c:\windows\alcrmv.exe 2009-07-02 10:24 . 2005-06-02 11:01 294912 ----a-w- c:\windows\alcupd.exe 2009-07-02 08:46 . 2009-07-02 08:46 -------- d-----w- c:\windows\system32\DRVSTORE 2009-07-02 04:05 . 2009-07-02 04:05 -------- d-sh--w- C:\FOUND.005 2009-07-01 11:40 . 2009-07-01 11:40 -------- d-sh--w- C:\FOUND.004 2009-07-01 04:27 . 2009-07-01 04:27 -------- d-sh--w- C:\FOUND.003 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 05:59 . 2009-07-26 05:59 2215936 ----a-w- c:\documents and settings\a\ntuser.tmp 2009-07-04 15:23 . 2009-07-04 15:23 10528768 ----a-w- c:\windows\system32\SET72.tmp 2009-07-01 06:17 . 2009-06-23 01:53 65144 ----a-w- c:\documents and settings\a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-28 04:18 . 2009-06-28 04:17 -------- d-----w- c:\program files\Windows Media Components 2009-06-28 04:17 . 2009-06-28 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Huelix Solutions 2009-06-27 20:25 . 2009-06-27 20:21 79051 ----a-w- c:\windows\hpfins05.dat 2009-06-27 20:24 . 2009-06-27 20:24 -------- d-----w- c:\program files\Common Files\HP 2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\program files\Hewlett-Packard 2009-06-27 20:23 . 2009-06-27 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-06-27 20:21 . 2009-06-27 20:21 -------- d-----w- c:\program files\HP 2009-06-27 20:13 . 2009-06-27 20:13 -------- d-----w- c:\documents and settings\a\Application Data\HP 2009-06-25 05:09 . 2009-06-25 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-24 10:57 . 2009-06-24 10:57 -------- d-----w- c:\program files\Quick Heal 2009-06-24 10:55 . 2009-06-24 10:55 -------- d-----w- c:\program files\Google 2009-06-24 09:40 . 2009-06-24 09:40 -------- d-----w- c:\program files\ESTsoft 2009-06-24 09:28 . 2009-06-24 09:28 -------- d-----w- c:\program files\directx 2009-06-23 15:08 . 2009-06-23 15:08 -------- d-----w- c:\documents and settings\a\Application Data\vlc 2009-06-23 13:45 . 2009-06-23 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-23 13:45 . 2009-06-23 13:45 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-23 06:15 . 2009-06-23 01:18 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-23 02:11 . 2009-06-23 02:11 10968576 ----a-r- c:\windows\system32\SET11C.tmp 2009-06-23 02:11 . 2009-06-23 02:11 4114400 ----a-r- c:\windows\system32\drivers\SET118.tmp 2009-06-23 01:58 . 2009-06-23 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-06-23 01:57 . 2009-06-23 01:57 -------- d-----w- c:\program files\Yahoo! 2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Java 2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Common Files\Java 2009-06-23 01:52 . 2009-06-23 01:52 88064 ----a-w- c:\windows\system32\AudioExCtl.dll 2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Mjuice Media Player 2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\Winamp 2009-06-23 01:52 . 2009-06-23 01:52 -------- d-----w- c:\program files\VideoLAN 2009-06-23 01:51 . 2009-06-23 01:51 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-23 01:51 . 2009-06-23 01:51 -------- d-----w- c:\documents and settings\a\Application Data\InterTrust 2009-06-23 01:42 . 2009-06-23 01:42 -------- d-----w- c:\program files\Common Files\L&H 2009-06-23 01:41 . 2009-06-23 01:41 -------- d-----w- c:\program files\Microsoft.NET 2009-06-23 01:41 . 2009-06-23 01:41 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-06-23 01:40 . 2009-06-23 01:40 -------- d-----w- c:\program files\Microsoft Works 2009-06-23 01:20 . 2009-06-23 01:20 -------- d-----w- c:\program files\microsoft frontpage 2009-06-23 01:16 . 2009-06-23 01:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-17 12:37 . 2009-07-04 05:36 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2004-08-03 14:56 . 2004-08-03 14:56 174326 --sh--r- c:\windows\system32\lvkjwi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Email Protection"="c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-07-09 267648] "Update Scheduler"="c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2009-07-09 95616] "On-Line Protection"="c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe" [2009-07-09 206208] "Startup Scan"="c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE" [2009-07-09 144768] "ResumeQuickupDownload"="c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe" [2009-07-09 95616] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1c9f727759f6d5c"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6763:TCP"= 6763:TCP:wccee R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [7/9/2009 10:02 AM 65024] R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [7/9/2009 10:03 AM 28664] R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [6/23/2009 7:15 PM 18004] S2 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [7/9/2009 10:02 AM 17280] S2 Quick Heal Total Security Mail Protection;Quick Heal Total Security Mail Protection;c:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [7/9/2009 10:02 AM 50560] S2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [7/9/2009 10:02 AM 58752] S2 rlqhrqgnb;Server Config;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 8:26 PM 14336] S2 Startup Handler;Quick Heal Total Security Startup Handler;c:\progra~1\QUICKH~1\QUICKH~1\strtsvc.exe [7/9/2009 10:02 AM 54656] S4 gupdate1c9f727759f6d5c;Google Update Service (gupdate1c9f727759f6d5c);c:\program files\Google\Update\GoogleUpdate.exe [6/27/2009 6:31 PM 133104] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rlqhrqgnb . Contents of the 'Scheduled Tasks' folder 2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 12:57] 2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-27 12:57] 2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1229272821-725345543-1003Core.job - c:\documents and settings\a\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 14:52] 2009-07-24 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-24 06:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.in/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\9vugicid.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/ FF - plugin: c:\documents and settings\a\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJPI142_06.dll FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-29 16:47 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rlqhrqgnb] "ServiceDll"="c:\windows\system32\lvkjwi.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\l3codeca.acm . Completion time: 2009-07-29 16:48 ComboFix-quarantined-files.txt 2009-07-29 11:18 Pre-Run: 6,942,736,384 bytes free Post-Run: 7,243,341,824 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 268