Thanks, here is the ComboFix log:ComboFix 09-09-20.04 - Mike 2009-09-22 2:15.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2921 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\ydas.bat
c:\documents and settings\All Users\Application Data\ysid.scr
c:\documents and settings\All Users\Documents\fifal.inf
c:\documents and settings\All Users\Documents\koxe.dl
c:\documents and settings\All Users\Documents\ykygoxeh.vbs
c:\documents and settings\Mike\Application Data\axybixovu.com
c:\documents and settings\Mike\Application Data\etypah.vbs
c:\documents and settings\Mike\Application Data\inst.exe
c:\documents and settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Mike\Application Data\yqixer.dll
c:\documents and settings\Mike\Cookies\hulakuvyt.bin
c:\documents and settings\Mike\Cookies\piboceqa.lib
c:\documents and settings\Mike\Cookies\ugojim.bat
c:\documents and settings\Mike\Local Settings\Application Data\cunozupyk.bat
c:\program files\Common Files\vamuwi.exe
c:\recycler\S-1-5-21-1139334371-1240231164-418609414-500
c:\recycler\S-1-5-21-1468007736-1529030422-1409086007-500
c:\recycler\S-1-5-21-1651131100-3297319145-64728309-500
c:\recycler\S-1-5-21-1998970204-1611086259-4156484100-500
c:\recycler\S-1-5-21-2407261895-921458624-2646503882-500
c:\recycler\S-1-5-21-299502267-1214440339-682003330-500
c:\recycler\S-1-5-21-3811009231-2924526007-3457765865-500
c:\windows\ayuduqiyalo.dll
c:\windows\Installer\493c2.msi
c:\windows\Installer\8def05.msi
c:\windows\kohajoruhu.sys
c:\windows\system32\41.exe
c:\windows\system32\acJlmnnn.ini
c:\windows\system32\acJlmnnn.ini2
c:\windows\system32\basukavu.exe
c:\windows\system32\gehudehe.exe
c:\windows\system32\huzitala.exe
c:\windows\system32\iniasd.txt
c:\windows\system32\isazuno.reg
c:\windows\system32\mebasugu.exe
c:\windows\system32\MWaaHRqr.ini
c:\windows\system32\MWaaHRqr.ini2
c:\windows\system32\parahuri.exe
c:\windows\system32\phmdwnkq.ini
c:\windows\system32\prrnnknj.ini
c:\windows\system32\pukimssc.ini
c:\windows\system32\sejuvoma.exe
c:\windows\system32\tevqkmfe.ini
c:\windows\system32\tghtaxre.ini
c:\windows\system32\tyzutu.exe
c:\windows\system32\vxflwrms.ini
c:\windows\system32\winhelper.dll
c:\windows\system32\wisdstr.exe
c:\windows\uqyh.vbs
c:\windows\wojaxyreto.dl
c:\windows\zarij.dl
D:\Autorun.inf
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_PCMSTUB
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.
2009-09-22 05:22 . 2009-09-22 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 05:22 . 2009-09-22 06:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 05:22 . 2009-09-22 05:22 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2009-09-20 18:26 . 2009-09-20 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-20 03:56 . 2009-09-20 03:56 13740 ----a-w- c:\windows\edaruzibib.com
2009-09-20 03:56 . 2009-09-20 03:56 11668 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\apeloxywez.dat
2009-09-20 03:29 . 2009-09-20 03:29 155648 ----a-w- C:\ddbpu.exe
2009-09-20 03:29 . 2009-09-20 03:29 22016 ----a-w- C:\ruptbvv.exe
2009-09-20 03:29 . 2009-09-20 03:29 49664 ----a-w- C:\vhlyrkv.exe
2009-09-20 03:29 . 2009-09-20 03:29 48640 ----a-w- C:\mdnsq.exe
2009-09-09 08:00 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 23:45 . 2009-09-05 23:45 -------- d-----w- c:\documents and settings\Mike\Application Data\YouSendIt
2009-09-05 23:45 . 2009-09-05 23:45 -------- d-----w- c:\program files\YouSendIt
2009-09-05 23:44 . 2009-09-05 23:44 -------- d-----w- c:\windows\Downloaded Installations
2009-09-05 23:44 . 2009-09-05 23:44 -------- d-----w- c:\program files\WinPcap
2009-09-05 23:43 . 2009-09-05 23:43 -------- d-----w- c:\windows\Replay Converter 3
2009-09-05 23:43 . 2009-09-05 23:43 737280 ----a-w- c:\windows\iun6002.exe
2009-09-05 23:43 . 2009-09-11 08:13 -------- d-----w- c:\program files\Replay AV 8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 05:53 . 2008-10-20 07:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 05:21 . 2008-11-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 05:14 . 2009-06-22 05:14 49152 --sha-w- c:\windows\system32\zuhuyaba.dll
2009-09-22 05:14 . 2009-06-22 05:14 180224 --sha-w- c:\windows\system32\sagopise.exe
2009-09-21 04:38 . 2009-06-21 04:38 89088 --sha-w- c:\windows\system32\layezefu.dll
2009-09-20 04:35 . 2009-06-20 04:35 38400 --sha-w- c:\windows\system32\dijuzihi.dll
2009-09-20 03:56 . 2009-09-20 03:56 17410 ----a-w- c:\program files\Common Files\qysave._sy
2009-09-20 00:48 . 2008-11-02 20:26 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-20 00:06 . 2009-01-10 16:38 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-19 22:53 . 2008-02-06 16:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 18:40 . 2009-09-20 16:47 20780477 ----a-w- c:\program files\PROCESSLIST.DB
2009-09-18 18:40 . 2009-09-20 16:47 1230109 ----a-w- c:\program files\PROCESSLISTRELATED.DB
2009-09-11 08:16 . 2009-06-01 04:56 -------- d-----w- c:\program files\iWin Games
2009-09-05 23:45 . 2008-11-09 17:50 -------- d-----w- c:\program files\Replay Music 3
2009-09-05 23:40 . 2008-08-28 21:11 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-08-21 20:34 . 2008-08-03 05:06 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-21 20:34 . 2008-08-03 05:06 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-08 23:11 . 2009-08-08 23:11 70144 ----a-w- c:\windows\system32\drivers\tpecwkicvfqrjaib.sys
2009-08-07 07:13 . 2008-06-04 01:41 -------- d-----w- c:\documents and settings\Mike\Application Data\LimeWire
2009-08-05 09:01 . 2008-02-05 22:39 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 03:40 . 2009-01-10 16:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-27 23:47 . 2009-01-15 15:38 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-17 19:01 . 2008-02-05 22:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-02-05 22:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-02-05 22:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-02-05 22:39 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-02-05 22:39 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-02-05 22:39 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-02-05 22:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-02-05 22:39 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-02-05 22:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-02-05 22:39 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2008-08-11 05:08 . 2008-08-11 05:08 978396 ----a-w- c:\program files\BDAXP.cab
2008-06-30 17:44 . 2008-08-30 06:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-08-13 23:02 . 2008-08-13 23:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-06-22 05:14 . 2009-06-22 05:14 49152 --sha-w- c:\windows\system32\pologodi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7d88e64f-79e7-471d-8dce-937dff8b92fd}]
2009-06-22 05:14 49152 --sha-w- c:\windows\system32\pologodi.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-15 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-11 69632]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iacylo.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"VSSERV"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"LIVESRV"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iWinTrusted"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"gusvc"=2 (0x2)
"FlipShare Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Arrakis3"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aliasdocserver"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\After Effects 6.5\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\discreet\\cleaner XL\\cleaner XL.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Alias\\Maya6.0\\bin\\mayabatch.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 cgwc;cgwc;c:\windows\system32\drivers\admvgxwb.sys --> c:\windows\system32\drivers\admvgxwb.sys [?]
S2 fpinlgk;fpinlgk;c:\windows\system32\drivers\xnpj.sys --> c:\windows\system32\drivers\xnpj.sys [?]
S2 inyiqiv;inyiqiv;c:\windows\system32\drivers\kcsmpoxa.sys --> c:\windows\system32\drivers\kcsmpoxa.sys [?]
S2 lpvlpm;lpvlpm;c:\windows\system32\drivers\sqxof.sys --> c:\windows\system32\drivers\sqxof.sys [?]
S2 lqel;lqel;c:\windows\system32\drivers\hflfdgs.sys --> c:\windows\system32\drivers\hflfdgs.sys [?]
S2 pjqefld;pjqefld;c:\windows\system32\drivers\gczmyi.sys --> c:\windows\system32\drivers\gczmyi.sys [?]
S2 rpwlfydw;rpwlfydw;c:\windows\system32\drivers\mfmbtf.sys --> c:\windows\system32\drivers\mfmbtf.sys [?]
S2 rxium;rxium;c:\windows\system32\drivers\qjnb.sys --> c:\windows\system32\drivers\qjnb.sys [?]
S2 weolfr;weolfr;c:\windows\system32\drivers\fqff.sys --> c:\windows\system32\drivers\fqff.sys [?]
S2 xxgy;xxgy;c:\windows\system32\drivers\bwnabzzh.sys --> c:\windows\system32\drivers\bwnabzzh.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S4 aliasdocserver;Alias Documentation Server;c:\program files\Alias\Maya6.0\docs\Wrapper.exe [2008-08-07 110592]
S4 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [2008-11-13 439616]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 06:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\Adblock Pro\AdblockPro.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\wikb88jo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre6\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre6\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre6\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre6\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_05.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-sovibusoba - wamonewe.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-22 02:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b5,fe,1f,11,e2,04,7e,b7,fc,0a,c1,20,08,71,d0,02,df,f4,be,19,54,
08,cb,c2,b3,08,e8,0c,49,3f,c1,02,bf,77,83,4c,ab,64,df,fe,0c,9f,86,a3,db,7d,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:32,49,1f,c5,b7,af,7b,ea,03,22,52,c7,8a,2e,ee,06,b4,cf,43,6a,0e,
62,7f,57,c9,4e,21,1c,11,d6,1f,1d,93,a9,eb,25,94,7e,07,96,d6,a8,ad,db,1b,65,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(928)
c:\windows\iacylo.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(432)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\iacylo.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\BitDefender\BitDefender 2009\bdshelxt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\txmlutil.dll
c:\program files\BitDefender\BitDefender 2009\txmlx.dll
c:\program files\BitDefender\BitDefender 2009\ENU\bdshelxt.ui
c:\program files\YouSendIt\Express\version2\YsiExt.dll
c:\program files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
c:\program files\WinRAR\rarext.dll
c:\program files\7-Zip\7-zip.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\pologodi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\searchindexer.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2009-09-22 2:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 06:24
Pre-Run: 631,660,593,152 bytes free
Post-Run: 632,225,394,688 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
363 --- E O F --- 2009-09-11 04:23