Thread: Search Results redirected
View Single Post
Old 06-26-2009, 11:15 AM   #3 (permalink)
Shadowkid
Registered User
 
Join Date: Dec 2008
Posts: 35
OS: XP


Re: Search Results redirected
Ok heres the combofix log

ComboFix 09-06-25.07 - Owner 06/26/2009 12:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.342 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETxbopyrlv.sys
c:\windows\system32\SKYNETppjcrjae.dat
c:\windows\system32\SKYNETpqhyiqrd.dat
c:\windows\system32\SKYNETrjnswute.dll
c:\windows\system32\SKYNETuekypbwq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETqplvbrfu


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-24 03:39 . 2009-06-24 03:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-06-23 18:56 . 2009-06-23 18:55 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-22 16:09 . 2009-06-22 16:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-06-22 02:50 . 2009-06-22 02:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2009-06-22 02:50 . 2009-06-22 02:50 -------- d-----w- c:\program files\Auslogics
2009-06-21 05:43 . 2009-06-21 05:43 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-21 05:43 . 2009-06-21 05:43 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-21 05:43 . 2009-06-21 05:43 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-21 05:43 . 2009-06-21 05:43 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-21 05:43 . 2009-06-21 05:43 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-21 05:43 . 2009-06-21 05:43 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-21 05:43 . 2009-06-21 05:43 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-21 05:43 . 2009-06-21 05:43 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-21 05:43 . 2009-06-21 05:43 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-21 05:43 . 2009-06-21 05:43 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-21 05:43 . 2009-06-21 05:43 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-21 05:42 . 2009-06-21 05:42 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-21 05:42 . 2009-06-21 05:42 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-21 05:42 . 2009-06-21 05:42 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-19 14:59 . 2009-06-19 14:59 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-07 21:00 . 2009-06-03 21:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe
2009-06-07 20:52 . 2009-06-07 20:52 -------- d-----w- c:\program files\NHN USA
2009-06-07 20:52 . 2009-05-26 21:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-06-07 20:52 . 2009-05-13 00:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-06-07 20:52 . 2008-06-12 03:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-06-07 20:52 . 2008-04-23 18:02 157152 ----a-w- c:\windows\system32\PubPlugin.dll
2009-06-07 05:43 . 2009-06-07 05:43 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-07 05:43 . 2009-06-07 05:43 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-07 05:43 . 2009-06-07 05:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-07 05:43 . 2009-06-07 05:43 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-06 18:59 . 2009-06-06 18:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-06-06 18:53 . 2009-06-06 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-06 18:53 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-06 18:52 . 2009-06-06 18:53 -------- d-----w- c:\program files\Yahoo!
2009-06-05 04:57 . 2009-06-05 04:57 -------- d-----w- c:\program files\iPod
2009-06-05 04:57 . 2009-06-05 04:58 -------- d-----w- c:\program files\iTunes
2009-06-05 04:23 . 2009-06-05 04:23 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 03:59 . 2009-05-14 23:57 -------- d-----w- c:\program files\BitComet
2009-06-23 18:55 . 2008-05-14 18:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 18:55 . 2008-05-14 18:19 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 18:55 . 2008-02-05 01:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 18:40 . 2008-02-04 23:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 17:19 . 2009-02-15 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 17:19 . 2009-03-28 20:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 16:57 . 2008-11-20 18:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-19 15:00 . 2008-02-20 07:31 -------- d-----w- c:\program files\Java
2009-06-17 15:27 . 2009-02-15 00:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-15 00:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 16:11 . 2008-02-11 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 15:32 . 2009-05-14 06:10 -------- d-----w- c:\documents and settings\Owner\Application Data\.purple
2009-06-07 21:00 . 2008-12-28 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-06-07 20:52 . 2008-02-04 23:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 05:43 . 2009-02-15 17:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-06 18:57 . 2009-05-14 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-06-05 04:57 . 2008-02-05 06:29 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 04:47 . 2008-02-05 05:33 -------- d-----w- c:\program files\QuickTime
2009-05-23 11:51 . 2008-02-13 16:24 -------- d-----w- c:\program files\SpywareBlaster
2009-05-21 15:33 . 2008-12-26 18:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 16:49 . 2008-03-20 22:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-18 18:12 . 2009-03-24 23:28 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-14 06:08 . 2009-05-14 06:08 -------- d-----w- c:\program files\Pidgin
2009-05-14 06:08 . 2009-05-14 06:08 -------- d-----w- c:\program files\Common Files\GTK
2009-05-13 18:47 . 2009-05-13 18:47 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-13 18:46 . 2008-02-27 20:30 -------- d-----w- c:\program files\Common Files\Real
2009-05-13 17:51 . 2009-05-13 17:51 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-11 15:49 . 2009-05-11 15:47 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\VideoLAN
2009-05-10 04:54 . 2009-05-10 04:54 -------- d-----w- c:\program files\KeyHoleTV
2009-05-07 15:32 . 2002-09-03 16:39 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 16:41 . 2009-05-04 16:41 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
2009-05-01 16:44 . 2008-05-14 18:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 20:43 . 2008-08-01 04:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-29 04:56 . 2002-09-03 17:12 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-02-05 00:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 21:17 . 2009-04-24 21:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 21:17 . 2009-02-15 06:42 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2002-09-03 17:11 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2002-09-03 16:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 20:16 . 2009-04-10 20:16 383645136 ----a-w- c:\documents and settings\Owner\Application Data\ijjigame\U_GBOUND_setup.exe
2009-04-09 14:08 . 2009-04-09 14:08 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-03-31 21:56 . 2009-03-31 21:55 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-31 20:46 . 2008-02-05 01:21 32168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-21 518488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-13 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 18:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"27580:TCP"= 27580:TCP:BitComet 27580 TCP
"27580:UDP"= 27580:UDP:BitComet 27580 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 2:42 AM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/14/2008 2:19 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/14/2008 2:19 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 1:40 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 1:40 PM 298776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/31/2008 2:38 PM 210216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/8/2008 12:54 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1003344]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/22/2008 4:53 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/22/2008 4:53 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [9/22/2008 4:53 PM 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:43]

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-573735546-725345543-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-16 23:09]

2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nidoynur.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nidoynur.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {7630E09F-69DA-4C49-9772-9B2238C891E9} - c:\documents and settings\Owner\Local Settings\Application Data\{7630E09F-69DA-4C49-9772-9B2238C891E9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 12:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Œ[hQHr]
@Class="Shell"

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Œ[hQHr\OpenWithList]
@Class="Shell"
"a"="BitComet.exe"
"MRUList"="ba"
"b"="wmplayer.exe"

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Œ[hQHr\OpenWithProgids]
"???_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*Œ[hQHr]
"0"=hex:d8,9a,4b,6a,42,30,93,30,2e,00,2d,00,2e,00,e1,30,a4,30,c9,30,eb,30,42,
30,93,30,68,30,57,30,88,30,46,30,88,30,2e,00,61,00,76,00,69,00,2e,00,8c,5b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\software\Classes\.*Œ[hQHr]
@="???_auto_file"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell]
@="open"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\open]
@="&Open"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Open \"%L\""

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"

[HKEY_LOCAL_MACHINE\software\Classes\Œ[hQHr_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@="c:\\Program Files\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4068)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-26 13:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 17:02

Pre-Run: 11,012,911,104 bytes free
Post-Run: 10,951,245,824 bytes free

298 --- E O F --- 2009-06-25 15:25
Shadowkid is offline