It says "
Kitty ate it :p " In there. xD
ComboFix 10-02-20.04 - HackerX 02/21/2010 11:56:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.622 [GMT -5:00]
Running from: c:\documents and settings\HackerX\My Documents\Downloads\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
The following files were disabled during the run:
c:\windows\system32\dvduopen.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Brandon.M\Local Settings\Application Data\{D8854CF0-0689-4F44-A53D-F5F1B762B5D0}
c:\documents and settings\Brandon.M\Local Settings\Application Data\{D8854CF0-0689-4F44-A53D-F5F1B762B5D0}\chrome.manifest
c:\documents and settings\Brandon.M\Local Settings\Application Data\{D8854CF0-0689-4F44-A53D-F5F1B762B5D0}\chrome\content\_cfg.js
c:\documents and settings\Brandon.M\Local Settings\Application Data\{D8854CF0-0689-4F44-A53D-F5F1B762B5D0}\chrome\content\overlay.xul
c:\documents and settings\Brandon.M\Local Settings\Application Data\{D8854CF0-0689-4F44-A53D-F5F1B762B5D0}\install.rdf
c:\documents and settings\HackerX\Desktop\Security essentials 2010.lnk
c:\documents and settings\HackerX\Local Settings\Application Data\{E68319FE-84E6-4C28-B372-9B0F53AE15A7}
c:\documents and settings\HackerX\Local Settings\Application Data\{E68319FE-84E6-4C28-B372-9B0F53AE15A7}\chrome.manifest
c:\documents and settings\HackerX\Local Settings\Application Data\{E68319FE-84E6-4C28-B372-9B0F53AE15A7}\chrome\content\_cfg.js
c:\documents and settings\HackerX\Local Settings\Application Data\{E68319FE-84E6-4C28-B372-9B0F53AE15A7}\chrome\content\overlay.xul
c:\documents and settings\HackerX\Local Settings\Application Data\{E68319FE-84E6-4C28-B372-9B0F53AE15A7}\install.rdf
c:\documents and settings\HackerX\Start Menu\Security essentials 2010.lnk
c:\documents and settings\rita wilson\Local Settings\Application Data\{D713D8E9-99FA-436A-8AD1-F55948136410}
c:\documents and settings\rita wilson\Local Settings\Application Data\{D713D8E9-99FA-436A-8AD1-F55948136410}\chrome.manifest
c:\documents and settings\rita wilson\Local Settings\Application Data\{D713D8E9-99FA-436A-8AD1-F55948136410}\chrome\content\_cfg.js
c:\documents and settings\rita wilson\Local Settings\Application Data\{D713D8E9-99FA-436A-8AD1-F55948136410}\chrome\content\overlay.xul
c:\documents and settings\rita wilson\Local Settings\Application Data\{D713D8E9-99FA-436A-8AD1-F55948136410}\install.rdf
c:\program files\Securityessentials2010
c:\program files\Securityessentials2010\SE2010.exe
c:\recycler\S-1-5-21-3142272795-1391450550-3467938909-500
c:\windows\oteqazaqesu.dll
c:\windows\system32\fuzoyalu.dll
c:\windows\system32\gafilumu.dll
c:\windows\system32\helpers32.dll
c:\windows\system32\hikepohe.dll
c:\windows\system32\hiyivonu.dll
c:\windows\system32\juguteto.dll
c:\windows\system32\napokoku.dll
c:\windows\system32\setunude.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\siruguhu.dll
c:\windows\system32\smss32.exe
c:\windows\system32\sujehihu.dll
c:\windows\system32\susonuno.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tosofove.dll
c:\windows\system32\vetaweyo.dll
c:\windows\system32\warnings.html
c:\windows\system32\winlogon32.exe
c:\windows\system32\wolizapa.dll
c:\windows\system32\yajosofo.dll
c:\windows\system32\zasezara.dll
c:\windows\system32\zomisula.dll
c:\windows\Tasks\lemrjgoz.job
c:\windows\Tasks\mgrbkxmg.job
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://download.esdj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvob:430d9682-5004-4421-aa87-69ff4bf26187esd#65284362967168Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.
2010-02-20 17:09 . 2010-02-20 17:09 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\AdobeUM
2010-02-20 16:21 . 2010-02-20 16:27 -------- d-----w- c:\program files\American Civil War - Gettysburg
2010-02-20 01:59 . 2010-02-20 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-02-20 01:12 . 2010-02-20 01:12 -------- d-----w- c:\program files\3DO
2010-02-18 22:53 . 2010-02-18 22:53 -------- d-----w- C:\Xfire
2010-02-18 00:36 . 2010-02-18 00:36 -------- d-----w- c:\documents and settings\rita wilson\Local Settings\Application Data\IsolatedStorage
2010-02-18 00:36 . 2010-02-18 00:36 -------- d-----w- c:\documents and settings\rita wilson\Local Settings\Application Data\Intuit
2010-02-18 00:36 . 2010-02-18 00:36 -------- d-----w- c:\documents and settings\rita wilson\Application Data\Intuit
2010-02-18 00:15 . 2010-02-19 14:09 0 ----a-w- c:\documents and settings\rita wilson\Local Settings\Application Data\Mwokumulig.bin
2010-02-18 00:15 . 2010-02-19 14:09 120 ----a-w- c:\documents and settings\rita wilson\Local Settings\Application Data\Lsalif.dat
2010-02-17 20:25 . 2010-02-21 14:38 0 ----a-w- c:\windows\Mwokumulig.bin
2010-02-17 20:25 . 2010-02-21 16:43 120 ----a-w- c:\windows\Lsalif.dat
2010-02-16 13:25 . 2010-02-16 13:25 -------- d-----w- c:\documents and settings\HackerX\Local Settings\Application Data\Conduit
2010-02-16 13:25 . 2010-02-18 23:18 -------- d-----w- c:\documents and settings\HackerX\Local Settings\Application Data\ToggleEN
2010-02-16 13:23 . 2010-02-21 16:45 -------- d-----w- c:\documents and settings\HackerX\Application Data\HPAppData
2010-02-16 13:16 . 2010-02-19 22:25 35328 ----a-w- c:\windows\system32\dvduopen.dll.vir
2010-02-16 13:08 . 2010-02-16 13:08 -------- d-----w- c:\documents and settings\rita wilson\Application Data\Yahoo!
2010-02-16 13:05 . 2010-02-19 14:10 -------- d-----w- c:\documents and settings\rita wilson\Application Data\HPAppData
2010-02-15 16:23 . 2010-02-15 16:23 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Yahoo!
2010-02-15 16:22 . 2010-02-21 00:32 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\HPAppData
2010-02-15 16:21 . 2010-02-15 16:21 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\HP
2010-02-15 15:58 . 2010-02-15 16:04 -------- d-----w- c:\documents and settings\HackerX\Application Data\HP
2010-02-15 15:58 . 2010-02-15 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-02-15 15:54 . 2010-02-15 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-15 15:54 . 2010-02-15 15:54 -------- d-----w- c:\documents and settings\HackerX\Application Data\Yahoo!
2010-02-15 15:54 . 2010-02-15 15:54 -------- d-----w- c:\program files\Yahoo!
2010-02-15 15:53 . 2010-02-15 15:53 -------- d-----w- c:\program files\Common Files\HP
2010-02-15 15:52 . 2010-02-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-02-15 15:50 . 2010-02-15 15:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-15 15:50 . 2010-02-18 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-02-15 15:48 . 2010-02-15 15:58 160812 ----a-w- c:\windows\hphins33.dat
2010-02-15 15:48 . 2009-06-11 10:17 586 ------w- c:\windows\hphmdl33.dat
2010-02-15 15:36 . 2010-02-15 15:53 -------- d-----w- c:\program files\HP
2010-02-15 15:35 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-02-15 15:35 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-02-15 15:34 . 2009-04-16 19:08 126976 ----a-w- c:\windows\system32\hpfll70v.dll
2010-02-15 15:34 . 2009-04-16 19:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-02-15 15:34 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-02-15 15:34 . 2010-02-15 15:34 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-15 15:33 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-02-15 15:33 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-02-15 15:33 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-02-15 15:32 . 2004-08-04 04:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-15 15:32 . 2004-08-04 04:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-14 19:59 . 2010-02-16 22:00 -------- d-----w- c:\program files\StarCraft
2010-02-14 19:59 . 2010-02-14 20:09 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-14 02:28 . 2010-02-14 02:28 -------- d-----w- c:\program files\Trend Micro
2010-02-13 20:03 . 2010-02-13 20:03 -------- d-----w- c:\documents and settings\Brandon.M\Local Settings\Application Data\Help
2010-02-13 19:41 . 2010-02-20 23:48 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Software Informer
2010-02-13 19:41 . 2010-02-13 19:43 -------- d-----w- c:\program files\Software Informer
2010-02-13 17:02 . 2010-02-13 17:02 -------- d-----w- c:\program files\Atari
2010-02-12 22:06 . 2010-02-12 22:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-02-12 22:06 . 2010-02-12 22:06 -------- d-----w- c:\documents and settings\HackerX\Local Settings\Application Data\Intuit
2010-02-12 22:05 . 2010-02-12 22:05 -------- d-----w- c:\documents and settings\HackerX\Application Data\Intuit
2010-02-12 22:05 . 2010-02-12 22:05 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-02-12 21:57 . 2010-02-12 21:57 -------- d-----w- c:\documents and settings\HackerX\Local Settings\Application Data\IsolatedStorage
2010-02-12 21:57 . 2010-02-12 22:04 -------- d-----w- c:\program files\Common Files\Intuit
2010-02-12 21:56 . 2010-02-12 21:56 -------- d-----w- c:\program files\TurboTax
2010-02-12 21:55 . 2010-02-12 21:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-12 21:55 . 2010-02-12 21:55 -------- d-----w- c:\program files\MSBuild
2010-02-12 21:54 . 2010-02-12 21:54 -------- d-----w- c:\program files\Reference Assemblies
2010-02-12 21:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-12 21:54 . 2010-02-12 21:54 -------- d-----w- C:\689cbcae47736664b9
2010-02-12 21:54 . 2008-07-06 12:06 89088 -c--a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-12 21:54 . 2008-07-06 12:06 575488 -c--a-w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-12 21:54 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2010-02-12 21:54 . 2008-07-06 12:06 1676288 -c--a-w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-12 21:54 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2010-02-12 21:54 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2010-02-12 21:54 . 2008-07-06 10:50 597504 -c--a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-12 21:54 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-12 21:51 . 2010-02-12 21:51 -------- d-----w- c:\program files\MSXML 6.0
2010-02-12 21:45 . 2010-02-12 21:45 -------- d-----w- c:\documents and settings\HackerX\Local Settings\Application Data\DNA
2010-02-12 21:45 . 2010-02-21 17:04 -------- d-----w- c:\documents and settings\HackerX\Application Data\DNA
2010-02-12 21:45 . 2010-02-12 21:45 -------- d-----w- c:\documents and settings\HackerX\Local Settings\Application Data\GamersFirst LIVE!
2010-02-11 13:33 . 2010-02-11 13:33 -------- d-----w- c:\documents and settings\rita wilson\Local Settings\Application Data\DNA
2010-02-11 13:33 . 2010-02-19 14:14 -------- d-----w- c:\documents and settings\rita wilson\Application Data\DNA
2010-02-11 13:33 . 2010-02-11 13:33 -------- d-----w- c:\documents and settings\rita wilson\Program Files
2010-02-11 13:33 . 2010-02-11 13:33 -------- d-----w- c:\documents and settings\rita wilson\Local Settings\Application Data\GamersFirst LIVE!
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-10 22:51 . 2010-02-10 22:57 -------- d-----w- c:\documents and settings\Brandon.M\Local Settings\Application Data\GamersFirst LIVE!
2010-02-10 22:51 . 2010-02-10 22:51 -------- d-----w- c:\program files\GamersFirst
2010-02-10 19:50 . 2010-02-12 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-02-09 20:45 . 2010-02-09 20:45 -------- d-----w- c:\program files\MSXML 4.0
2010-02-08 20:27 . 2010-02-08 20:34 -------- d-----w- c:\program files\Galaxy Online
2010-02-08 14:52 . 2010-02-08 14:52 -------- d-----w- c:\windows\system32\drivers\NSS
2010-02-08 14:52 . 2010-02-08 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-08 14:52 . 2010-02-08 14:52 -------- d-----w- c:\program files\Norton Security Scan
2010-02-08 14:52 . 2010-02-08 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-08 14:52 . 2010-02-08 14:52 -------- d-----w- c:\program files\NortonInstaller
2010-02-08 14:52 . 2010-02-08 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-08 02:25 . 2010-02-08 02:25 -------- d-----w- c:\windows\system32\Adobe
2010-02-07 19:32 . 2010-02-07 19:33 -------- d-----w- c:\documents and settings\Brandon.M\Local Settings\Application Data\Adobe
2010-02-07 00:09 . 2010-02-07 00:09 65536 ----a-w- c:\windows\IFinst27.exe
2010-02-03 00:06 . 2004-08-10 19:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-02-03 00:01 . 2010-02-03 00:01 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-03 00:00 . 2010-02-03 00:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-02 23:51 . 2010-02-02 23:51 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\uTorrent
2010-02-02 21:25 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\HackerX\Application Data\Mozilla\Firefox\Profiles\yael0wua.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-02 21:25 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\HackerX\Application Data\Mozilla\Firefox\Profiles\yael0wua.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-02 21:25 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\HackerX\Application Data\Mozilla\Firefox\Profiles\yael0wua.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-02 21:25 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\HackerX\Application Data\Mozilla\Firefox\Profiles\yael0wua.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-02 21:16 . 2010-02-02 21:16 -------- d-----w- c:\program files\uTorrent
2010-02-02 21:15 . 2010-02-03 00:03 -------- d-----w- c:\documents and settings\HackerX\Application Data\uTorrent
2010-02-02 21:01 . 2010-02-02 21:01 -------- d-----w- c:\documents and settings\HackerX\Application Data\Malwarebytes
2010-02-02 02:25 . 2010-02-16 21:17 38968 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-31 19:38 . 2010-01-31 19:38 -------- d-----w- c:\documents and settings\rita wilson\Application Data\Red Alert 3
2010-01-31 19:38 . 2010-01-31 19:38 -------- d--h--r- c:\documents and settings\rita wilson\Application Data\SecuROM
2010-01-30 17:53 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\rita wilson\Application Data\Mozilla\Firefox\Profiles\48jwqe1o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-30 17:53 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\rita wilson\Application Data\Mozilla\Firefox\Profiles\48jwqe1o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-30 17:53 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\rita wilson\Application Data\Mozilla\Firefox\Profiles\48jwqe1o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-01-30 17:53 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\rita wilson\Application Data\Mozilla\Firefox\Profiles\48jwqe1o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-28 00:07 . 2010-01-28 00:07 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Petroglyph
2010-01-27 23:47 . 2010-01-27 23:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2010-01-27 02:43 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\Brandon.M\Application Data\Mozilla\Firefox\Profiles\gxyhp0ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-27 02:43 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\Brandon.M\Application Data\Mozilla\Firefox\Profiles\gxyhp0ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-27 02:43 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\Brandon.M\Application Data\Mozilla\Firefox\Profiles\gxyhp0ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-27 02:43 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\Brandon.M\Application Data\Mozilla\Firefox\Profiles\gxyhp0ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-01-27 02:38 . 2010-01-27 02:38 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
2010-01-27 02:37 . 2010-01-27 02:37 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Notepad++
2010-01-27 02:37 . 2010-01-27 02:37 -------- d-----w- c:\program files\Notepad++
2010-01-27 02:31 . 2010-01-27 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-01-27 02:27 . 2010-02-16 21:14 -------- d-----w- c:\documents and settings\rita wilson\Local Settings\Application Data\ToggleEN
2010-01-27 02:27 . 2010-01-27 02:27 -------- d-----w- c:\documents and settings\rita wilson\Local Settings\Application Data\Conduit
2010-01-24 17:55 . 2010-01-24 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 17:03 . 2010-01-10 22:28 -------- d-----w- c:\program files\DNA
2010-02-21 02:15 . 2010-01-10 22:28 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\DNA
2010-02-20 20:44 . 2010-01-17 01:43 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Xfire
2010-02-19 21:25 . 2010-01-17 01:43 -------- d-s---w- c:\program files\Xfire
2010-02-16 13:08 . 2010-01-16 20:40 -------- d-----w- c:\program files\ToggleEN
2010-02-15 16:04 . 2006-06-19 04:25 38968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 15:36 . 2010-01-12 20:29 -------- d-----w- c:\documents and settings\rita wilson\Application Data\McAfee.com Personal Firewall
2010-02-13 21:14 . 2010-01-13 01:22 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Red Alert 3
2010-02-13 20:33 . 2009-12-14 04:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 21:58 . 2010-01-09 17:21 -------- d-----w- c:\documents and settings\HackerX\Application Data\McAfee.com Personal Firewall
2010-02-11 22:23 . 2010-01-17 01:20 509708424 ----a-w- c:\documents and settings\Brandon.M\Application Data\ijjigame\U_SFInstaller.exe
2010-02-09 20:46 . 2010-01-16 21:35 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-09 20:43 . 2009-12-20 03:04 -------- d-----w- c:\program files\Microsoft Games
2010-01-23 03:13 . 2010-01-16 17:50 -------- d-----w- c:\program files\Youdagames
2010-01-23 03:11 . 2009-12-14 04:56 -------- d-----w- c:\program files\CyberLink
2010-01-23 03:10 . 2009-12-14 05:07 -------- d-----w- c:\program files\Common Files\AOL
2010-01-23 03:10 . 2009-12-14 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-23 03:04 . 2009-12-14 05:02 -------- d-----w- c:\program files\Gateway Games
2010-01-23 03:04 . 2009-12-14 05:02 -------- d-----w- c:\program files\WildTangent
2010-01-23 03:04 . 2009-12-14 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-01-17 21:43 . 2010-01-17 18:40 1804553488 ----a-w- c:\documents and settings\Brandon.M\Application Data\ijjigame\U_AVA_Setup.exe
2010-01-17 20:18 . 2010-01-17 01:20 -------- d--h--w- c:\documents and settings\Brandon.M\Application Data\ijjigame
2010-01-17 14:59 . 2010-01-17 14:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2010-01-17 02:08 . 2010-01-17 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2010-01-17 01:47 . 2010-01-17 01:47 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-17 00:33 . 2010-01-17 00:33 -------- d-----w- c:\program files\ijji
2010-01-16 21:38 . 2010-01-16 21:38 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Sierra
2010-01-16 21:34 . 2010-01-16 21:34 -------- d-----w- c:\program files\Sierra
2010-01-16 20:43 . 2010-01-16 17:50 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\Youdagames
2010-01-16 20:42 . 2010-01-16 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Youdagames
2010-01-16 20:40 . 2010-01-16 20:40 -------- d-----w- c:\program files\Conduit
2010-01-15 22:13 . 2010-01-15 22:13 138056 ----a-w- c:\documents and settings\Brandon.M\Application Data\PnkBstrK.sys
2010-01-15 22:13 . 2010-01-15 22:13 138056 ----a-w- c:\documents and settings\Brandon.M\Application Data\PnkBstrK.sys
2010-01-15 22:02 . 2010-01-15 22:02 -------- d-----w- c:\program files\EA Games
2010-01-15 17:05 . 2010-01-15 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 XPack Trial
2010-01-13 01:21 . 2010-01-13 01:21 -------- d--h--r- c:\documents and settings\Brandon.M\Application Data\SecuROM
2010-01-12 21:37 . 2010-01-12 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-01-12 21:35 . 2010-01-12 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2010-01-12 13:15 . 2010-01-12 13:15 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-01-12 13:15 . 2010-01-12 13:15 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-01-12 13:15 . 2010-01-12 13:15 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-01-12 13:15 . 2010-01-12 13:15 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-01-12 13:15 . 2010-01-12 13:15 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-01-12 13:15 . 2010-01-12 13:15 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-01-12 12:52 . 2010-01-12 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-01-12 12:51 . 2010-01-12 12:51 -------- d-----w- c:\program files\Pando Networks
2010-01-12 12:45 . 2010-01-09 17:47 -------- d-----w- c:\program files\StarWarsGalaxies
2010-01-10 17:29 . 2010-01-10 17:18 -------- d-----w- c:\documents and settings\Brandon.M\Application Data\McAfee.com Personal Firewall
2010-01-09 17:35 . 2010-01-09 17:35 -------- d-----w- c:\program files\Sony
2010-01-09 17:25 . 2009-12-14 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-12-28 01:32 . 2009-12-14 04:18 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-12-28 01:22 . 2009-12-28 01:22 484 ----a-w- c:\windows\eReg.dat
2009-12-28 01:22 . 2009-12-28 01:22 -------- d-----w- c:\program files\Maxis
2009-12-27 23:14 . 2009-12-16 01:25 -------- d-----w- c:\program files\LucasArts
2009-12-22 00:15 . 2009-12-20 03:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-12-22 00:15 . 2009-12-20 03:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-12-20 03:01 . 2009-12-20 03:01 16 ----a-w- c:\windows\popcinfo.dat
2009-12-20 02:09 . 2009-12-20 02:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-20 01:35 . 2009-12-20 01:35 3624 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-17 23:18 . 2009-12-17 23:18 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-12-17 23:17 . 2009-12-17 23:17 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-12-15 22:21 . 2009-12-15 22:21 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-12-14 05:07 . 2009-12-14 05:07 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-12-14 05:07 . 2009-12-14 05:07 335 ----a-w- c:\windows\nsreg.dat
2009-12-14 05:05 . 2009-12-14 05:05 4 ----a-w- c:\windows\Pix11.dat
2009-12-14 04:43 . 2009-12-14 04:43 60 ----a-w- c:\windows\system32\SYSDRV.DAT
1601-01-01 00:03 . 1601-01-01 00:03 66560 --sha-w- c:\windows\system32\bevukeyo.dll
1601-01-01 00:03 . 1601-01-01 00:03 51712 --sha-w- c:\windows\system32\bibegipe.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 100352 --sha-w- c:\windows\system32\dinibafi.dll
1601-01-01 00:03 . 1601-01-01 00:03 53248 --sha-w- c:\windows\system32\ganizoni.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\honomige.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\jinorije.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\juwefisi.dll
1601-01-01 00:03 . 1601-01-01 00:03 56320 --sha-w- c:\windows\system32\ligijowe.dll
1601-01-01 00:03 . 1601-01-01 00:03 100864 --sha-w- c:\windows\system32\mipiduwi.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\tanetezo.dll
1601-01-01 00:03 . 1601-01-01 00:03 51712 --sha-w- c:\windows\system32\wosarako.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 92672 --sha-w- c:\windows\system32\wuganabu.dll
1601-01-01 00:03 . 1601-01-01 00:03 53248 --sha-w- c:\windows\system32\yavawoji.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 53248 --sha-w- c:\windows\system32\yidurufo.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 51712 --sha-w- c:\windows\system32\zazuporo.dll.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-02-16 13:26 2349080 ----a-w- c:\program files\ToggleEN\tbTog0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf6e7a71-8e16-4097-bc40-d31902456e61}]
1601-01-01 00:03 56320 --sha-w- c:\windows\system32\ligijowe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-02-16 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-02-16 2349080]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-02-12 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"HostManager"="c:\program files\Common Files\AOL\1260767234\EE\AOLHostManager.exe" [2004-11-03 125528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-14 98304]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
c:\documents and settings\Brandon.M\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2010-2-10 3207056]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2009-10-27 2665328]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-12-14 745472]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli anetut.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1260767234\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III - The WarChiefs Trial\\age3x.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\WINDOWS\\creator\\Remind_XP.exe"=
"c:\\Program Files\\GamersFirst\\LIVE!\\Live.exe"=
"c:\\Program Files\\NETGEAR\\WG111v2 Configuration Utility\\RtlWake.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_FlashUtil.exe"=
"c:\\Program Files\\WinZip\\WZQKPICK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\1260767234\\EE\\AOLHostManager.exe"=
"c:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57064:TCP"= 57064:TCP:Pando Media Booster
"57064:UDP"= 57064:UDP:Pando Media Booster
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/14/2009 6:39 PM 66048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/14/2009 6:26 PM 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [12/14/2009 6:39 PM 13532]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-12-14 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-12-14 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3507mStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3507uInternet Connection Wizard,ShellNext =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3507IE: &Search
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
FF - ProfilePath - c:\documents and settings\HackerX\Application Data\Mozilla\Firefox\Profiles\yael0wua.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\HackerX\Application Data\Mozilla\Firefox\Profiles\yael0wua.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
HKCU-Run-Security essentials 2010 - c:\program files\Securityessentials2010\SE2010.exe
HKLM-Run-Pdaluz - c:\windows\oteqazaqesu.dll
HKLM-Run-tijivufet - c:\windows\system32\vetaweyo.dll
HKLM-Run-donepofibi - yajosofo.dll
SharedTaskScheduler-{0c8c7a14-05f0-424d-b34d-d42e7999b730} - (no file)
SharedTaskScheduler-{ced5b9f2-5240-4d74-bafb-67ffd8bd946e} - (no file)
SharedTaskScheduler-{ab76e428-23f9-4927-b3d9-0fe93b83f5a1} - c:\windows\system32\sujehihu.dll
SharedTaskScheduler-{5b761b56-ff04-40ae-aa42-9180b8a4d98d} - c:\windows\system32\sujehihu.dll
SharedTaskScheduler-{9155ab46-df69-4a54-9aa1-cf9bb6693050} - c:\windows\system32\kafawagi.dll
SharedTaskScheduler-{885f25e6-b444-41be-8d8f-3dcefde7af16} - c:\windows\system32\fihiyota.dll
SharedTaskScheduler-{a9376150-0334-41ee-af64-fa39e20b92d7} - c:\windows\system32\wolizapa.dll
SharedTaskScheduler-{e0fecb7e-7885-42e6-a861-e99f0b35c3ed} - c:\windows\system32\wolizapa.dll
SharedTaskScheduler-{06b4fd7d-d54b-43ce-aba2-61c484e5185e} - c:\windows\system32\vetaweyo.dll
SharedTaskScheduler-{212c22cf-6ec4-415c-9e89-504a0470592a} - c:\windows\system32\vetaweyo.dll
SSODL-vifonovel-{0c8c7a14-05f0-424d-b34d-d42e7999b730} - (no file)
SSODL-zodevalud-{ced5b9f2-5240-4d74-bafb-67ffd8bd946e} - (no file)
SSODL-yukelekut-{ab76e428-23f9-4927-b3d9-0fe93b83f5a1} - c:\windows\system32\sujehihu.dll
SSODL-tovazejag-{5b761b56-ff04-40ae-aa42-9180b8a4d98d} - c:\windows\system32\sujehihu.dll
SSODL-hebuhogat-{9155ab46-df69-4a54-9aa1-cf9bb6693050} - c:\windows\system32\kafawagi.dll
SSODL-harigogon-{885f25e6-b444-41be-8d8f-3dcefde7af16} - c:\windows\system32\fihiyota.dll
SSODL-vebabutef-{a9376150-0334-41ee-af64-fa39e20b92d7} - c:\windows\system32\wolizapa.dll
SSODL-lolulahuz-{e0fecb7e-7885-42e6-a861-e99f0b35c3ed} - c:\windows\system32\wolizapa.dll
SSODL-pebefogew-{06b4fd7d-d54b-43ce-aba2-61c484e5185e} - c:\windows\system32\vetaweyo.dll
SSODL-doyohiwah-{212c22cf-6ec4-415c-9e89-504a0470592a} - c:\windows\system32\vetaweyo.dll
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-tijivufet - c:\windows\system32\wejuwava.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-21 12:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(592)
c:\windows\anetut.dll
- - - - - - - > 'explorer.exe'(2172)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\anetut.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\AOL\126076~1\EE\AOLHOS~1.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\COMMON~1\AOL\126076~1\EE\AOLServiceHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-21 12:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-21 17:08
Pre-Run: 61,319,008,256 bytes free
Post-Run: 61,388,476,416 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - CF21DC843158C2613132B862DAA92F8C
............................................................................................