Aight heres the Combofix txt
ComboFix 09-03-04.01 - Joshua 2009-03-04 23:27:56.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.768.228 [GMT -8:00]
Running from: c:\documents and settings\Joshua\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\Joshua\Application Data\inst.exe
c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
c:\windows\search_res.txt
c:\windows\system32\ameyejaz.ini
c:\windows\system32\anotorin.ini
c:\windows\system32\balomane.dll
c:\windows\system32\disk.dll
c:\windows\system32\dogejuhu.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dugiwise.dll
c:\windows\system32\duwibiho.dll
c:\windows\system32\ekkyvv.dll
c:\windows\system32\evodamim.ini
c:\windows\system32\fidetiga.dll
c:\windows\system32\fihijazo.dll
c:\windows\system32\hizapego.dll
c:\windows\system32\iatmbw.dll
c:\windows\system32\ICON.ico
c:\windows\system32\kiyajeru.dll
c:\windows\system32\ldpackage.dll
c:\windows\system32\lihedayu.dll
c:\windows\system32\luqcdh.dll
c:\windows\system32\mimadove.dll
c:\windows\system32\model.dat
c:\windows\system32\munovolu.dll
c:\windows\system32\nejopoyi.dll
c:\windows\system32\nirotona.dll
c:\windows\system32\niwaluyu.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pihemova.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rakubuse.dll
c:\windows\system32\rlxf.dll
c:\windows\system32\silc_dll.dll
c:\windows\system32\SkypeComm.dll
c:\windows\system32\taskmagr.exe
c:\windows\system32\tpxofs.dll
c:\windows\system32\ugifufak.ini
c:\windows\system32\uyadehil.ini
c:\windows\system32\uyulawin.ini
c:\windows\system32\vafedewe.dll
c:\windows\system32\wadejino.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wmdmpmsvc.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xxiepd.dll
c:\windows\system32\zhhpss.dll
c:\windows\Web\default.htt
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.
2009-03-04 20:58 . 2009-03-04 20:58 <DIR> d-------- c:\documents and settings\Joshua\Application Data\Synthesia
2009-03-04 20:57 . 2009-03-04 20:57 <DIR> d-------- c:\windows\LastGood.Tmp
2009-03-04 20:56 . 2009-03-04 20:56 <DIR> d-------- c:\program files\Synthesia
2009-03-03 16:44 . 2009-03-03 16:44 <DIR> d-------- c:\program files\Resource Tuner
2009-03-03 16:44 . 2009-03-03 16:44 <DIR> d-------- c:\documents and settings\Joshua\Application Data\Resource Tuner
2009-03-02 20:50 . 2009-03-02 21:02 250 --a------ c:\windows\gmer.ini
2009-03-02 18:50 . 2009-03-02 18:50 <DIR> d-------- c:\program files\Lavasoft
2009-03-02 18:50 . 2009-03-02 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-02 18:50 . 2009-03-02 18:50 <DIR> d--h----- c:\documents and settings\All Users\Application Data\~0
2009-03-02 17:10 . 2009-03-02 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\program files\PE Explorer
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\documents and settings\Joshua\Application Data\PE Explorer
2009-03-01 09:46 . 2009-03-01 09:46 <DIR> d-------- c:\documents and settings\Joshua\Application Data\Vso
2009-03-01 09:46 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\SYSTEM32\wvc1dmod.dll
2009-03-01 09:46 . 2006-05-11 19:21 626,688 --a------ c:\windows\SYSTEM32\vp7vfw.dll
2009-03-01 09:46 . 2006-09-29 12:24 217,127 --a------ c:\windows\SYSTEM32\drv43260.dll
2009-03-01 09:46 . 2006-09-29 12:25 208,935 --a------ c:\windows\SYSTEM32\drv33260.dll
2009-03-01 09:46 . 2006-09-29 12:26 176,165 --a------ c:\windows\SYSTEM32\drv23260.dll
2009-03-01 09:46 . 2002-12-10 02:20 102,439 --a------ c:\windows\SYSTEM32\sipr3260.dll
2009-03-01 09:46 . 2007-03-18 20:37 65,602 --a------ c:\windows\SYSTEM32\cook3260.dll
2009-03-01 09:46 . 2009-03-01 09:46 47,360 --a------ c:\windows\SYSTEM32\DRIVERS\pcouffin.sys
2009-03-01 09:46 . 2009-03-01 09:46 47,360 --a------ c:\documents and settings\Joshua\Application Data\pcouffin.sys
2009-03-01 09:45 . 2009-03-01 09:45 <DIR> d-------- c:\program files\VSO
2009-02-28 22:51 . 2009-02-28 22:51 70,656 --ah----- c:\windows\SYSTEM32\yapiniti.dll.(1).bak
2009-02-28 22:51 . 2009-03-03 16:52 68,608 --a------ c:\windows\SYSTEM32\pwn3d.pwnd
2009-02-28 22:51 . 2009-03-04 23:29 6,456 --ah----- c:\windows\SYSTEM32\fulesemu
2009-02-28 18:38 . 2009-02-28 18:38 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-28 18:37 . 2009-02-28 18:37 348,160 --a------ c:\windows\SYSTEM32\pnup0.dll
2009-02-28 16:26 . 2009-02-28 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-28 16:10 . 2009-02-28 16:10 <DIR> d-------- c:\program files\Little Fighter 2.5 - v2.0
2009-02-24 17:11 . 2009-02-24 17:11 <DIR> d-------- c:\program files\BrineSoft
2009-02-23 17:29 . 2009-02-23 17:29 <DIR> d-------- c:\program files\Little Fighter 2 Toolbar
2009-02-23 17:29 . 2009-02-23 17:29 232,846 --a------ c:\windows\Little_Fighter_2_Toolbar_Uninstaller_5890.exe
2009-02-23 17:28 . 2009-02-23 17:28 <DIR> d-------- c:\program files\LittleFighter2
2009-02-21 08:11 . 2009-02-21 08:11 <DIR> d-------- c:\program files\Bots
2009-02-20 22:28 . 2009-02-20 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-02-19 03:57 . 2009-02-19 03:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\EmailNotifier
2009-02-18 01:03 . 2009-02-18 01:03 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\EmailNotifier
2009-02-17 23:17 . 2009-02-17 23:17 <DIR> d-------- c:\documents and settings\Joshua\Application Data\EmailNotifier
2009-02-17 23:17 . 2009-02-17 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Megaupload
2009-02-13 23:07 . 2009-02-13 23:07 <DIR> d-------- c:\program files\Pando Networks
2009-02-09 09:47 . 2009-02-09 09:47 <DIR> d-------- c:\program files\Password Recovery for MSN
2009-02-09 05:40 . 2009-02-09 05:40 <DIR> d-------- c:\program files\DemonicSoftware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 07:31 25,930 ----a-w c:\windows\system32\drivers\FLockXP.sys
2009-03-02 23:37 98,304 ----a-w c:\windows\DUMP596a.tmp
2009-02-23 01:16 15,124 ----a-w c:\documents and settings\Joshua\Application Data\wklnhst.dat
2009-01-25 20:59 --------- d-----w c:\program files\CCleaner
2009-01-20 02:49 --------- d-----w c:\program files\Utherverse Digital Inc
2009-01-20 02:49 --------- d-----w c:\documents and settings\All Users\Application Data\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}
2009-01-16 03:50 --------- d-----w c:\documents and settings\Joshua\Application Data\KompoZer
2009-01-09 02:48 --------- d-----w c:\program files\ezt
2009-01-07 02:05 --------- d-----w c:\program files\NOS
2009-01-07 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-29 17:50 0 ----a-w c:\documents and settings\Joshua\jagex_runescape_preferences.dat
2008-04-04 02:09 61,800 ----a-w c:\documents and settings\Joshua\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 01:17 2,379,862 ----a-w c:\program files\No_limit_Winmugen_patch.zip
2006-09-02 18:29 271 --sh--w c:\program files\desktop.ini
2009-02-26 00:05 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-08-04 20:00 94,784 --sh--w c:\windows\twain.dll
2004-08-04 20:00 50,688 --sh--w c:\windows\twain_32.dll
2008-03-26 02:29 848 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-03-26 02:29 56 --sh--r c:\windows\SYSTEM32\1B63C507BD.sys
2008-07-09 17:46 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
2004-08-04 20:00 60,416 --sha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe
.
------- Sigcheck -------
2007-06-13 03:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 03:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\SYSTEM32\dllcache\explorer.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 12:44 1947080 --a------ c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-24 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"SpyCatcher Reminder"="c:\program files\SpyCatcher\SpyCatcher.exe" [2007-07-09 103864]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-25 30192]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Joshua\Start Menu\Programs\Startup\
Scheduler.lnk - c:\program files\SpyCatcher\Scheduler daemon.exe [2007-09-23 86133]
DesktopComic.exe [2006-04-13 1056291]
AutoBackup Launcher.lnk - c:\program files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-08 211992]
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2007-08-29 340856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SpyCatcher Protector.lnk - c:\program files\SpyCatcher\Protector.exe [2007-09-23 91576]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"vidc.avrn"= AvidAVICodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-03-24 03:41 1294446 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 11:50 155648 c:\windows\SYSTEM32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\NVCPL.DLL,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\SYSTEM32\NVMCTRAY.DLL,NvTaskbarInit
"EnvyHFCPL"=c:\program files\Envy24\EnMixCPL.exe
"AVG7_CC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
"AVG7_EMC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
"AVG7_AMSVR"=c:\progra~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\dlcgcoms.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\dlcgpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bots\\BOTS.DAT"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Seagate\\SystemTray\\StxMenuMgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"58918:TCP"= 58918:TCP:Pando Media Booster
"58918:UDP"= 58918:UDP:Pando Media Booster
R0 FILELOCK;FILELOCK;c:\windows\SYSTEM32\DRIVERS\FLockXP.sys [2007-07-20 25930]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SYSTEM32\WebUpdateSvc4.exe [2007-10-15 237784]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM V1.01 (Envy24HT-S Eval. Only);c:\windows\SYSTEM32\DRIVERS\Envy24HF.sys [2006-09-02 561144]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\SYSTEM32\DRIVERS\libusb0.sys [2008-01-16 29184]
S2 gupdate1c99a0511ff297e;Google Update Service (gupdate1c99a0511ff297e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
S3 CEDRIVER53;CEDRIVER53;c:\program files\Cheat Engine\dbk32.sys [2008-10-13 35840]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-06 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-02 30192]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [2008-03-17 40832]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WMIAPSRV
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55E24AD2-DA5C-C1E2-12D1-A32D214AA1BC}]
c:\windows\mshyet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-03-05 c:\windows\Tasks\PCHealth Scheduler for Data Collection.job
- c:\windows\PCHEALTH\SUPPORT\PCHSCHD.EXE []
2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-05 c:\windows\Tasks\User_Feed_Synchronization-{7B4CF7CE-253B-430D-B7D9-4E8CE7C38A4D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2009-03-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 16:31]
2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-28 16:26]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
BHO-{53934df1-8469-4b78-bb3e-9c757e07de20} - c:\windows\system32\pihemova.dll
BHO-{6d765bd1-948f-4add-b551-ac29d8f0c34b} - c:\windows\system32\xxiepd.dll
BHO-{AE90C38C-97CF-4696-B290-C7973DC9675E} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-322b12a7 - c:\windows\system32\niwaluyu.dll
HKCU-Run-yujilibobe - c:\windows\system32\fihijazo.dll
HKLM-Run-ClientGW - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.ez-tracks.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm860MFCA&fl=0&ptb=OyeO7ohJ.SI6f7ydDBuGDg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://home.ez-tracks.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Search -
http://edits.mywebsearch.com/toolbar...p=ZCxdm860MFCA
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Win32 Classes
DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - hxxp://down.hangame.com/dist/activex/HanGamePlugin19.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Joshua\Application Data\Mozilla\Firefox\Profiles\sv0ouu29.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Joshua\Application Data\Mozilla\Firefox\Profiles\sv0ouu29.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-03-04 23:33:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-839522115-308236825-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%§*T%]
@Class="Shell"
[HKEY_USERS\S-1-5-21-839522115-308236825-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%§*T%\OpenWithList]
@Class="Shell"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{670ac596-1ca2-4b97-ac4b-db1790a0c0f0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f2
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,be,36,c3,70,74,d0,90,f2,7b,bc,6d,1e,ba,55,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):03,d0,98,eb,8a,cb,80,e1,52,d8,ea,5b,28,46,da,62,a1,11,a2,9f,08,
53,f5,db,21,47,fc,ef,b0,56,7b,36,c0,ff,19,be,50,1e,a2,4e,00,00,00,00,00,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AHEAD\INCD\INCDSRV.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\MEMEO\AUTOBACKUP\MEMEOSERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\SYSTEM32\LIBUSBD-NT.EXE
c:\nexon\MABINOGI\NPKCMSVC.EXE
c:\program files\SITEADVISOR\6253\SASERVICE.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\DLCGCOMS.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-03-04 23:40:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 07:40:54
Pre-Run: 6,319,767,552 bytes free
Post-Run: 6,494,322,688 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout =30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=0 Default=0 Failed=2 LastKnownGood=3 Sets=,2,3,4
412 --- E O F --- 2009-02-25 11:00:45