ComboFix 09-05-04.A3 - Administrator 05/05/2009 19:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2077 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.
2009-05-05 03:21 . 2009-05-05 03:21 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-05 03:21 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 03:21 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 03:21 . 2009-05-05 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-05 03:21 . 2009-05-05 03:21 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-05 03:00 . 2009-05-05 03:00 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-05-05 02:58 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-05 02:58 . 2009-05-05 03:02 -------- d-----w c:\program files\SpywareBlaster
2009-05-05 02:41 . 2009-05-05 02:41 -------- d-----w c:\program files\Trend Micro
2009-05-05 02:39 . 2009-05-05 02:54 -------- d-----w c:\program files\SpywareGuard
2009-05-05 02:30 . 2009-05-05 02:30 -------- d-----w c:\documents and settings\Administrator\Application Data\Avira
2009-05-05 02:21 . 2009-05-05 02:21 -------- d-----w c:\windows\system32\xircom
2009-05-05 02:21 . 2009-05-05 02:21 -------- d-----w c:\program files\microsoft frontpage
2009-05-05 02:10 . 2009-05-05 02:11 -------- d-----w C:\Rooter$
2009-05-05 01:56 . 2009-05-05 01:56 -------- d-----w c:\program files\Avira
2009-05-05 01:16 . 2009-05-05 01:19 32 --s-a-w c:\windows\system32\216738917.dat
2009-05-05 01:16 . 2009-05-05 01:16 29696 ----a-w c:\windows\system32\SYS32DLL.exe
2009-05-05 01:05 . 2009-05-05 01:12 -------- d-----w c:\program files\OutlawGolf
2009-05-03 00:46 . 2009-05-03 00:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Gas Powered Games
2009-05-03 00:15 . 2009-05-03 00:15 4096 ----a-w c:\windows\d3dx.dat
2009-05-03 00:13 . 2009-05-03 00:13 -------- d-----w c:\windows\Fishing Craze
2009-05-03 00:13 . 2009-05-03 00:15 -------- d-----w c:\program files\Fishing Craze
2009-05-01 02:32 . 2009-05-01 02:32 -------- d-----w c:\windows\system32\AGEIA
2009-05-01 02:32 . 2009-05-01 02:32 -------- d-----w c:\program files\AGEIA Technologies
2009-05-01 02:31 . 2009-05-01 02:31 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-01 02:31 . 2009-05-01 02:31 -------- d-----w C:\NVIDIA
2009-05-01 02:08 . 2009-05-01 02:09 -------- d-----w c:\program files\GameShadow
2009-04-29 16:51 . 2009-04-29 16:51 -------- d-----w c:\documents and settings\Administrator\Application Data\Canon
2009-04-29 16:45 . 2008-04-14 04:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\program files\Canon
2009-04-29 16:40 . 2009-04-29 16:40 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-04-29 16:40 . 2008-02-06 09:00 216064 ----a-w c:\windows\system32\CNMLM8U.DLL
2009-04-29 16:40 . 2009-04-29 16:40 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information
2009-04-29 16:40 . 2007-03-15 18:12 188416 ----a-w c:\windows\system32\CNC470O.DLL
2009-04-29 16:40 . 2007-03-19 14:21 200704 ----a-w c:\windows\system32\CNC470L.DLL
2009-04-29 16:40 . 2007-03-23 20:30 1400832 ----a-w c:\windows\system32\CNC470C.DLL
2009-04-29 16:40 . 2007-03-23 20:29 98304 ----a-w c:\windows\system32\CNC470I.DLL
2009-04-29 16:40 . 2009-04-29 16:40 -------- d--h--w c:\program files\CanonBJ
2009-04-29 16:39 . 2008-04-14 04:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-29 16:18 . 2001-08-18 02:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-29 16:18 . 2001-08-18 02:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-29 16:18 . 2001-08-17 18:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-29 16:18 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-29 16:18 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-29 16:18 . 2008-04-14 09:39 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-29 16:16 . 2009-04-29 16:16 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-29 16:16 . 2009-04-29 16:16 -------- d-----w c:\windows\system32\XPSViewer
2009-04-29 16:16 . 2009-04-29 16:16 -------- d-----w c:\program files\MSBuild
2009-04-29 16:16 . 2009-04-29 16:16 -------- d-----w c:\program files\Reference Assemblies
2009-04-29 16:15 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-29 16:15 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-29 16:15 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 16:15 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 16:15 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-29 16:15 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-29 16:15 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 16:15 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-29 16:15 . 2009-04-29 16:15 -------- d-----w C:\85385b0f60231adae7108d001a51
2009-04-29 14:40 . 2006-09-28 20:03 15128 ----a-w c:\windows\system32\x3daudio1_1.dll
2009-04-29 14:40 . 2006-09-28 20:05 237848 ----a-w c:\windows\system32\xactengine2_4.dll
2009-04-29 14:40 . 2006-09-28 20:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-04-29 14:40 . 2006-07-28 13:30 236824 ----a-w c:\windows\system32\xactengine2_3.dll
2009-04-29 14:40 . 2006-07-28 13:30 62744 ----a-w c:\windows\system32\xinput1_2.dll
2009-04-29 14:32 . 2005-05-26 19:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-29 14:30 . 2009-04-29 14:30 -------- d-----w c:\program files\AeriaGames
2009-04-29 12:36 . 2009-04-29 12:54 -------- d-----w C:\AeriaGames
2009-04-29 01:26 . 2009-04-29 01:26 -------- d-----w C:\UT2004
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\documents and settings\All Users\Application Data\The Skins Factory
2009-04-27 21:13 . 2009-04-27 21:13 -------- d-----w c:\program files\Common Files\Scanner
2009-04-27 21:13 . 2009-04-27 21:16 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-27 14:58 . 2009-04-27 14:58 -------- d-----w c:\documents and settings\Administrator\Application Data\Skinux
2009-04-27 14:55 . 2009-04-27 14:55 -------- d-----w c:\program files\The Skins Factory
2009-04-27 14:54 . 2009-05-01 02:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-27 14:30 . 2009-04-27 14:30 -------- d-----w c:\program files\PixiePack Codec Pack
2009-04-27 14:28 . 2007-12-11 13:52 26784 ----a-w c:\windows\system32\drivers\tbhsd.sys
2009-04-27 14:28 . 2009-04-28 01:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Tunebite
2009-04-27 14:27 . 2009-04-27 14:27 -------- d-----w c:\program files\RapidSolution
2009-04-27 14:27 . 2009-05-01 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-04-27 14:14 . 2009-04-27 14:14 -------- d-----w c:\documents and settings\All Users\Application Data\Napster
2009-04-27 14:14 . 2009-04-27 14:14 -------- d-----w c:\program files\Napster
2009-04-27 14:10 . 2009-04-27 14:17 -------- d-sh--w c:\documents and settings\All Users\DRM
2009-04-27 03:00 . 2009-04-29 14:12 -------- d-----w c:\program files\ElcomSoft
2009-04-27 02:37 . 2009-04-27 02:37 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-04-27 02:36 . 2009-05-05 01:45 -------- d-----w c:\program files\AZPR
2009-04-27 02:16 . 2009-04-27 02:16 -------- d-----w c:\program files\Intelore
2009-04-27 00:46 . 2009-05-01 18:42 -------- d-----w c:\program files\Camgoo
2009-04-26 22:15 . 2000-05-11 05:00 90112 ------w c:\windows\Updreg.EXE
2009-04-26 22:15 . 1996-05-23 06:24 24976 ------w c:\windows\CTRES.DLL
2009-04-26 22:15 . 1998-06-05 06:00 84992 ------w c:\windows\system32\SFCVRT32.DLL
2009-04-26 22:15 . 1994-12-05 07:11 53552 ------w c:\windows\CTCCW.DLL
2009-04-26 22:15 . 1995-01-13 18:10 149504 ------w c:\windows\system32\MFCANS32.DLL
2009-04-26 22:15 . 1995-01-13 18:10 108032 ------w c:\windows\system32\MFCUIA32.DLL
2009-04-26 22:15 . 1998-10-20 20:05 54784 ------w c:\windows\system32\INETWH32.DLL
2009-04-26 22:15 . 1995-07-13 06:01 26768 ------w c:\windows\system32\CTL3D.DLL
2009-04-26 22:15 . 1995-08-30 06:02 82432 ------w c:\windows\system32\CTWFLT32.DLL
2009-04-26 22:15 . 1998-01-08 05:00 1048576 ------w c:\windows\system32\SFMAN.DAT
2009-04-26 22:15 . 2009-04-26 22:15 -------- d-----w c:\windows\system32\Defaults
2009-04-26 22:03 . 1999-12-17 05:00 6752 ------w c:\windows\system32\PFMODNT.SYS
2009-04-26 22:03 . 2009-04-26 22:04 -------- d-----w c:\program files\Creative
2009-04-26 17:29 . 2009-05-05 01:48 -------- d-----w c:\program files\Jack Games
2009-04-26 15:25 . 2009-04-26 15:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Xbins
2009-04-26 04:52 . 2009-04-26 04:52 36964 ----a-w c:\documents and settings\Administrator\V3InetGS.dll
2009-04-26 04:52 . 2009-04-26 04:52 141008 ----a-w c:\documents and settings\Administrator\V3Hunt.dll
2009-04-26 04:52 . 2009-04-26 04:52 27136 ----a-w c:\documents and settings\Administrator\mspatcha.dll
2009-04-26 04:52 . 2009-04-26 04:52 122980 ----a-w c:\documents and settings\Administrator\HSUpdate.exe
2009-04-26 04:52 . 2009-04-26 04:52 188512 ----a-w c:\documents and settings\Administrator\HSInst.dll
2009-04-26 04:52 . 2009-04-26 04:52 160 ----a-w c:\documents and settings\Administrator\HShield.dat
2009-04-26 03:13 . 2009-04-26 03:13 178273 ----a-w c:\documents and settings\Administrator\EGRNAP.dll
2009-04-26 03:11 . 2009-04-26 03:11 303104 ----a-w c:\documents and settings\Administrator\Win98sUpdateUtil.exe
2009-04-26 03:11 . 2009-04-26 05:10 -------- d-----w c:\documents and settings\Administrator\Resource
2009-04-26 02:52 . 2009-04-26 02:52 1019904 ----a-w c:\documents and settings\Administrator\Launcher.exe
2009-04-26 02:16 . 2009-04-26 02:16 -------- d-----w c:\program files\NetRatingsNetSight
2009-04-26 01:33 . 2001-08-17 16:19 3712 ----a-w c:\windows\system32\drivers\ctljystk.sys
2009-04-26 01:33 . 2008-04-14 04:15 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-04-26 01:33 . 2001-08-18 02:36 495616 ----a-w c:\windows\system32\sblfx.dll
2009-04-26 01:33 . 2001-08-18 02:36 256512 ----a-w c:\windows\system32\devcon32.dll
2009-04-26 01:33 . 2001-08-18 02:36 4096 ----a-w c:\windows\system32\ctwdm32.dll
2009-04-26 01:33 . 2001-08-18 02:36 24064 ----a-w c:\windows\system32\devldr32.exe
2009-04-26 01:33 . 2001-08-17 16:19 36480 ----a-w c:\windows\system32\drivers\sfmanm.sys
2009-04-26 01:33 . 2001-08-17 16:19 283904 ----a-w c:\windows\system32\drivers\emu10k1m.sys
2009-04-26 01:33 . 2001-08-17 16:19 6912 ----a-w c:\windows\system32\drivers\ctlfacem.sys
2009-04-25 00:48 . 2009-04-25 00:49 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-04-25 00:07 . 2009-04-28 12:09 -------- d-----w c:\documents and settings\Administrator\Application Data\Ahead
2009-04-25 00:06 . 2009-04-25 00:06 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-25 00:06 . 2009-04-25 00:06 -------- d-----w c:\program files\Nero
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 11:59 . 2009-04-19 15:35 -------- d-----w c:\program files\Realtek
2009-04-30 23:56 . 2009-04-19 15:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 17:25 . 2009-04-19 15:41 13664 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 04:52 . 2009-04-26 04:52 82060 ----a-w c:\documents and settings\Administrator\Bz32Ex.dll
2009-04-26 04:52 . 2009-04-26 04:52 37012 ----a-w c:\documents and settings\Administrator\AspINet.dll
2009-04-26 04:52 . 2009-04-26 04:52 153280 ----a-w c:\documents and settings\Administrator\AhnUpCtl.dll
2009-04-26 04:52 . 2009-04-26 04:52 147554 ----a-w c:\documents and settings\Administrator\AhnUpGS.dll
2009-04-26 04:34 . 2009-04-26 04:34 1896448 ----a-w c:\documents and settings\Administrator\RappelzConfig.exe
2009-04-26 03:39 . 2009-04-26 03:39 386048 ----a-w c:\documents and settings\Administrator\mss32.dll
2009-04-26 03:22 . 2009-04-26 03:22 131153 ----a-w c:\documents and settings\Administrator\v3pro32s.dll
2009-04-26 03:17 . 2009-04-26 03:17 3053568 ----a-w c:\documents and settings\Administrator\SFrame.exe
2009-04-26 03:15 . 2009-04-26 03:15 20480 ----a-w c:\documents and settings\Administrator\psapi.dll
2009-04-26 03:13 . 2009-04-26 03:13 1830912 ----a-w c:\documents and settings\Administrator\EhSvc.dll
2009-04-26 03:13 . 2009-04-26 03:13 95232 ----a-w c:\documents and settings\Administrator\EGRNAPX2.dll
2009-04-22 00:47 . 2009-04-20 21:30 -------- d-----w c:\program files\Winamp
2009-04-20 22:37 . 2009-04-19 15:29 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 21:33 . 2009-04-19 14:59 -------- d-----w c:\program files\Unlocker
2009-04-20 20:43 . 2009-04-19 15:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-19 15:52 . 2009-04-19 15:52 -------- d-----w c:\program files\Philips
2009-04-19 15:52 . 2009-04-19 15:52 -------- d-----w c:\program files\ArcSoft
2009-04-19 15:28 . 2009-04-19 15:28 0 ----a-w c:\windows\nsreg.dat
2009-04-19 15:10 . 2009-04-19 15:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-19 15:09 . 2009-04-19 15:09 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-19 15:09 . 2009-04-19 15:09 -------- d-----w c:\program files\OpenAL
2009-04-19 15:09 . 2009-04-19 15:09 -------- d-----w c:\program files\ACD Systems
2009-04-19 15:06 . 2009-04-19 15:06 -------- d-----w c:\program files\uTorrent
2009-04-19 15:02 . 2008-04-14 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-19 14:59 . 2009-04-19 14:59 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-19 14:59 . 2009-04-19 14:59 -------- d-----w c:\program files\HashTab Shell Extension
2009-04-19 14:59 . 2009-04-19 14:59 -------- d-----w c:\program files\Microsoft PowerToys
2009-03-27 12:14 . 2009-04-19 15:30 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-04-14 10:00 . 2009-04-27 14:08 73728 --sha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-12-30 04:52 361600 5AE1C2695F6523AD98B948F2887D8C5E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-03-16 13:53 87512 ----a-w c:\program files\oovootb\dtx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\dtx.dll" [2009-03-16 87512]
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"="SYS32DLL" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-04-06 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-04-06 2805248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin230.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin230.lnk
backup=c:\windows\pss\TrayMin230.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [5/4/2009 9:56 PM 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [5/4/2009 9:56 PM 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [5/4/2009 9:56 PM 41217]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [4/19/2009 11:52 AM 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [4/19/2009 11:52 AM 461056]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASPI32
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xmji8e7o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/default.aspx
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 3\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 19:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\avsda.dll
- - - - - - - > 'explorer.exe'(23508)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
Completion time: 2009-05-05 19:13
ComboFix-quarantined-files.txt 2009-05-05 23:13
ComboFix2.txt 2009-05-05 14:51
Pre-Run: 146,962,935,808 bytes free
Post-Run: 146,949,656,576 bytes free
301