Neat. Here is the new combofix log
ComboFix 09-08-10.06 - rickh 08/16/2009 9:55.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -4:00]
Running from: c:\documents and settings\rickh.GOODNATURE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\rickh.GOODNATURE\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\ppp3.dat"
"c:\windows\ppp4.dat"
"c:\windows\system32\sysnet.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskSearch
c:\program files\LimeWire
c:\program files\LimeWire\limewire.m3u
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\sysnet.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIPPRO2009_12
-------\Service_AntipPro2009_12
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-12 19:09 . 2009-08-12 19:09 -------- d-----w- c:\program files\Trend Micro
2009-08-12 19:06 . 2009-08-12 19:06 -------- d-----w- c:\program files\ERUNT
2009-08-11 21:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 05:16 . 2009-08-11 05:16 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-08-11 05:01 . 2009-08-11 05:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft
2009-08-11 04:42 . 2009-08-11 04:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-11 04:26 . 2009-08-11 04:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ipswitch
2009-08-10 22:22 . 2009-08-10 22:22 -------- d-----w- c:\documents and settings\rickh\Application Data\Ipswitch
2009-08-05 16:50 . 2009-08-05 16:50 -------- d-----w- c:\documents and settings\rickh.GOODNATURE\Application Data\GlarySoft
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 16:22 . 1996-12-19 01:17 26768 ----a-w- c:\windows\system32\Ctl3d.dll
2009-08-03 16:22 . 1996-08-10 16:51 5040 ----a-w- c:\windows\Prcntbox.dll
2009-08-03 16:22 . 2009-08-03 16:22 -------- d-----w- C:\Bartender
2009-07-24 13:25 . 2009-07-24 13:25 -------- d-----w- c:\windows\CONFAD
2009-07-24 13:25 . 2009-07-24 13:25 -------- d-----w- C:\ASAWSYS
2009-07-24 13:25 . 1996-11-27 18:24 8096 ----a-w- c:\windows\WCDTGR.DLL
2009-07-24 13:25 . 1996-11-27 18:24 13888 ----a-w- c:\windows\WDTGR.DLL
2009-07-24 13:25 . 1996-11-27 18:23 6656 ----a-w- c:\windows\WNETWAY.DLL
2009-07-24 13:24 . 2009-07-24 13:24 -------- d-----w- c:\documents and settings\rickh.GOODNATURE\WINDOWS
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-20 21:00 . 2009-07-20 21:00 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
2009-07-20 21:00 . 2009-07-20 21:00 49152 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-20 21:00 . 2009-07-20 21:00 49152 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-20 21:00 . 2009-07-20 21:00 49152 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 17:00 . 2007-11-06 00:42 182915 ----a-w- c:\windows\system32\nvModes.dat
2009-08-11 15:58 . 2007-11-10 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 04:36 . 2007-11-10 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 04:23 . 2007-11-06 01:14 -------- d-----w- c:\program files\Google
2009-08-07 19:12 . 2009-05-06 21:14 256 ----a-w- c:\windows\system32\pool.bin
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 21:11 . 2007-11-06 01:04 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-20 21:11 . 2007-11-06 01:04 -------- d-----w- c:\program files\Roxio
2009-07-20 21:11 . 2007-11-06 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-07-20 21:06 . 2007-11-06 01:04 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-20 21:00 . 2009-05-05 21:54 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-20 13:26 . 2009-04-02 14:47 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 19:08 . 2008-07-10 13:44 -------- d-----w- c:\program files\DOSBox-0.72
2009-07-15 16:40 . 2007-11-11 20:57 -------- d-----w- c:\program files\AutoCAD 2000i
2009-07-14 03:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 18:19 . 2009-05-07 18:04 256 ----a-w- c:\documents and settings\rickh.GOODNATURE\pool.bin
2009-06-30 13:54 . 2009-04-02 14:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 13:54 . 2007-11-10 01:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 16:50 . 2004-08-11 23:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 2004-08-11 23:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-11 23:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-11 23:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-11 23:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 23:13 . 2008-01-26 23:18 -------- d-----w- c:\documents and settings\rickh.GOODNATURE\Application Data\Image Zone Express
2009-06-18 21:58 . 2009-06-18 21:58 563712 ----a-w- c:\documents and settings\rickh.GOODNATURE\gotomypc_372.exe
2009-06-16 14:36 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 20:59 . 2009-06-12 20:59 69632 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\DesktopMgr.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 20:59 . 2009-06-12 20:59 26694 ----a-r- c:\documents and settings\rickh.GOODNATURE\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-12 12:31 . 2004-08-11 23:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 23:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 19:46 . 2009-06-11 19:46 81 ----a-w- C:\CTX.DAT
2009-06-10 14:13 . 2004-08-11 23:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-11 23:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-11 23:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-11 23:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-15_20.04.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-08-15 20:00 . 2009-08-15 20:00 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 14:01 . 2009-08-16 14:01 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-16 14:01 . 2009-08-16 14:01 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-15 20:00 . 2009-08-15 20:00 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-16 14:01 . 2009-08-16 14:01 413696 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-15 20:00 . 2009-08-15 20:00 413696 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-15 20:00 . 2009-08-15 20:00 1429504 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-16 14:01 . 2009-08-16 14:01 1429504 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-16 14:01 . 2009-08-16 14:01 1425408 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-15 20:00 . 2009-08-15 20:00 1425408 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-16 14:01 . 2009-08-16 14:01 11218944 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-15 20:00 . 2009-08-15 20:00 11218944 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-06-06 405504]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-11-13 49254]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 13:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KADxMain"=c:\windows\system32\KADxMain.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/2/2009 10:47 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/2/2009 10:47 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/2/2009 10:46 AM 298776]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [4/19/2007 11:09 AM 99200]
S3 VC0130Afx;VC130 Audio FX;c:\windows\system32\drivers\C0130Afx.sys [5/17/2008 5:23 PM 142656]
S3 VC0130Aud;VC0130 Audio;c:\windows\system32\drivers\C0130Aud.sys [5/17/2008 5:23 PM 94976]
S3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\drivers\C0130Vid.sys [5/17/2008 5:23 PM 690528]
S3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\drivers\C0130Vfx.sys [5/17/2008 5:23 PM 6912]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071106
mStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\rickh.GOODNATURE\Application Data\Mozilla\Firefox\Profiles\1u64lsrp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.jdcrawlers.com/messageboard/viewforum.php?f=1|http://webmail.onecommunications.net...reason=session
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 10:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{114866E9-7C82-20F7-16C3063A4CAB25A4}\{3FC78BFC-C5A7-A764-C3D11931F655D68A}\{CA848313-C322-9D26-10260A1412DD57C5}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-08-16 10:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 14:09
ComboFix2.txt 2009-08-15 20:08
Pre-Run: 119,734,112,256 bytes free
Post-Run: 119,714,017,280 bytes free
307 --- E O F --- 2008-08-14 13:08
Thanks again