ComboFix 10-03-28.01 - Owner 03/28/2010 16:18:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.239 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\NI.GSCNS
c:\documents and settings\Owner\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Owner\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\Owner\Local Settings\Application Data\fvwoso
c:\documents and settings\Owner\Local Settings\Application Data\fvwoso\yptqsftav.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ENCSC-Download.com.2.5.1040.0.exe
c:\windows\system32\adoteneg.ini
c:\windows\system32\ahinibes.ini
c:\windows\system32\alatopus.ini
c:\windows\system32\amkieioy.ini
c:\windows\system32\asuginep.ini
c:\windows\system32\atabofuy.ini
c:\windows\system32\ativehuh.ini
c:\windows\system32\aveviyaz.ini
c:\windows\system32\avihavef.ini
c:\windows\system32\awhdljkn.ini
c:\windows\system32\awidobil.ini
c:\windows\system32\ayiruley.ini
c:\windows\system32\aziwilor.ini
c:\windows\system32\berwoeht.ini
c:\windows\system32\ebobitut.ini
c:\windows\system32\ebokuwed.ini
c:\windows\system32\ebuvakew.ini
c:\windows\system32\ekigimut.ini
c:\windows\system32\elejugas.ini
c:\windows\system32\emamewos.ini
c:\windows\system32\enilofab.ini
c:\windows\system32\epekesek.ini
c:\windows\system32\etapayoj.ini
c:\windows\system32\evusizew.ini
c:\windows\system32\eworowuy.ini
c:\windows\system32\ewotevuz.ini
c:\windows\system32\eyitohef.ini
c:\windows\system32\eyojotov.ini
c:\windows\system32\gnslyqtu.ini
c:\windows\system32\ibiwovaw.ini
c:\windows\system32\idihujil.ini
c:\windows\system32\ihavumog.ini
c:\windows\system32\ikudowil.ini
c:\windows\system32\imegovus.ini
c:\windows\system32\imosuyag.ini
c:\windows\system32\ipegowin.ini
c:\windows\system32\iseyatul.ini
c:\windows\system32\ivadozat.ini
c:\windows\system32\ivayoyot.ini
c:\windows\system32\iwilihad.ini
c:\windows\system32\iyokijir.ini
c:\windows\system32\izaseren.ini
c:\windows\system32\lknwokpb.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\obusorus.ini
c:\windows\system32\odolomir.ini
c:\windows\system32\ogohofon.ini
c:\windows\system32\okuyupif.ini
c:\windows\system32\opivaget.ini
c:\windows\system32\orulujum.ini
c:\windows\system32\oruyofid.ini
c:\windows\system32\osanojoy.ini
c:\windows\system32\osimegey.ini
c:\windows\system32\otemogaf.ini
c:\windows\system32\oyopesof.ini
c:\windows\system32\oyusuvob.ini
c:\windows\system32\ozotisuk.ini
c:\windows\system32\tmufekcy.ini
c:\windows\system32\ubodidem.ini
c:\windows\system32\ukihozuy.ini
c:\windows\system32\umedaluv.ini
c:\windows\system32\urimiriw.ini
c:\windows\system32\utipogaf.ini
c:\windows\system32\uvimugod.ini
c:\windows\system32\uwelenak.ini
c:\windows\system32\uzohureh.ini
c:\windows\system32\VB6KO.DLL
c:\windows\system32\vetahadu.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.
2010-03-11 12:14 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 20:29 . 2007-09-04 21:24 -------- d-----w- c:\program files\lg_fwupdate
2010-03-15 23:55 . 2009-01-16 22:19 -------- d-----w- c:\program files\uTorrent
2010-03-15 23:55 . 2009-01-16 22:19 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-02-24 11:47 . 2010-01-11 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-02-16 03:21 . 2007-09-03 17:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-02-16 03:03 . 2010-02-16 03:03 -------- d-----w- c:\program files\iTunes
2010-02-16 03:03 . 2010-02-16 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-16 03:03 . 2010-02-16 03:03 -------- d-----w- c:\program files\iPod
2010-02-16 03:03 . 2008-12-14 15:54 -------- d-----w- c:\program files\Common Files\Apple
2010-02-16 03:01 . 2010-02-16 03:00 -------- d-----w- c:\program files\QuickTime
2010-02-16 02:59 . 2010-02-16 02:59 -------- d-----w- c:\program files\Apple Software Update
2010-02-16 02:58 . 2010-02-16 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-16 02:54 . 2010-01-13 11:51 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-02-02 00:20 . 2010-03-28 20:29 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-08 02:28 . 2007-09-04 21:24 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-12-31 16:14 . 2003-03-31 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2007-09-15 18:16 . 2007-09-15 18:16 11470608 -c--a-w- c:\program files\avgas-setup-7[1].5.0.50.exe
2007-09-15 18:11 . 2007-09-15 18:11 744529 -c--a-w- c:\program files\bazookasetup.exe
2007-09-08 13:58 . 2007-09-08 13:58 882888 -c--a-w- c:\program files\Google Updater.exe
2007-09-07 16:04 . 2007-09-07 16:04 23661600 -c--a-w- c:\program files\DivXInstaller.exe
2007-09-03 17:45 . 2007-09-03 17:45 4862464 -c--a-w- c:\program files\BitComet_0.91_setup.exe
2004-10-01 19:00 . 2007-09-04 21:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-02-12 14:06 . 2009-02-12 14:06 120 --sh--w- c:\windows\system32\asuginep.tmp
2009-03-16 02:20 . 2009-03-16 02:20 1702986 --sh--w- c:\windows\system32\ativehuh.tmp
2009-03-06 21:47 . 2009-03-06 21:47 1840365 --sh--w- c:\windows\system32\awidobil.tmp
2009-03-10 15:47 . 2009-03-10 15:47 2098 --sh--w- c:\windows\system32\dafamupu.dll
2009-02-10 20:22 . 2009-02-10 20:22 120 --sh--w- c:\windows\system32\emamewos.tmp
2009-03-16 14:19 . 2009-03-16 14:19 1702999 --sh--w- c:\windows\system32\eworowuy.tmp
2009-03-08 19:05 . 2009-03-08 19:05 2098 --sh--w- c:\windows\system32\fapawozi.dll
2009-03-10 03:48 . 2009-03-10 03:48 1840365 --sh--w- c:\windows\system32\ikutujah.tmp
2009-02-16 02:32 . 2009-02-16 02:32 120 --sh--w- c:\windows\system32\iparepur.tmp
2009-03-18 12:31 . 2009-03-18 12:31 2098 --sh--w- c:\windows\system32\nadojizu.dll
2009-03-15 14:19 . 2009-03-15 14:19 2098 --sh--w- c:\windows\system32\natulevo.dll
2009-03-18 12:32 . 2009-03-18 12:31 2098 --sh--w- c:\windows\system32\nifarake.dll
2009-03-10 15:47 . 2009-03-10 15:47 2098 --sh--w- c:\windows\system32\popefuha.dll
2009-03-20 15:58 . 2009-03-20 15:58 1809320 --sh--w- c:\windows\system32\upeteloy.tmp
2009-02-05 21:56 . 2009-02-05 21:56 120 --sh--w- c:\windows\system32\uzefenef.tmp
2009-03-08 19:05 . 2009-03-08 19:05 2098 --sh--w- c:\windows\system32\zimuworo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-01-08 557056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"IgfxTray"=c:\windows\System32\igfxtray.exe
"PrinTray"=c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe
"PRONoMgr.exe"=c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"InCD"=c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Ahead\\InCD\\InCDsrv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\system32\\net1.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\net.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Canon\\CAL\\CALMAIN.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\NETGEAR WG311v2 Adapter\\wlancfg5.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [2/2/2010 9:02 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [2/2/2010 9:02 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [2/2/2010 9:02 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys [1/8/2010 8:46 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 9:02 PM 117640]
.
Contents of the 'Scheduled Tasks' folder
2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uLocal Page =
uStart Page =
hxxp://securityresponse.symantec.com/avcenter/fix_homepagemLocal Page =
mStart Page =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2e1t0p0z.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage -
hxxp://www.google.caFF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
BHO-{22F34525-FC1F-4947-BB50-CC703912F18A} - c:\windows\system32\awtqpMFx.dll
BHO-{309EF80B-9561-43CF-8501-73002131B9C9} - (no file)
BHO-{5BA54959-C612-4BBE-B841-FB25CD98AF7C} - (no file)
BHO-{5C81503A-B448-447C-B766-0C880B6EE46C} - (no file)
BHO-{64E81918-66F3-43AA-8429-9A5C02A0BF72} - (no file)
BHO-{66CD7F6E-6B85-40E1-AD70-FD97B635B77C} - (no file)
BHO-{939AFF5F-6D9B-4461-A2BE-8BB4021E5C2B} - (no file)
BHO-{D11223A3-9AD5-4135-BFC8-4B2015DEBD68} - (no file)
BHO-{F433B643-9A98-4186-A188-CAAA1CC73B3E} - (no file)
HKCU-Run-draw tool - c:\docume~1\Owner\APPLIC~1\RECTFI~1\Mapi Ball Anti.exe
HKCU-Run-xqbyrinh - c:\documents and settings\Owner\Local Settings\Application Data\fvwoso\yptqsftav.exe
HKLM-Run-WMC_AutoUpdate - (no file)
HKLM-Run-xqbyrinh - c:\documents and settings\Owner\Local Settings\Application Data\fvwoso\yptqsftav.exe
SafeBoot-AVG Anti-Spyware Driver
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-28 16:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-28 16:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 20:35
Pre-Run: 157,273,677,824 bytes free
Post-Run: 158,860,320,768 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - FB4F09F1C5787360909D15C81F58C753