ComboFix 09-07-31.04 - George Zamora 2009-08-01 17:03.3.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.639.316 [GMT -5:00]
Running from: c:\documents and settings\George Zamora\Desktop\Combo-Fix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\3a0721.msi
c:\windows\Installer\51091.msp
c:\windows\Installer\510ed.msi
c:\windows\Installer\b00a.msi
c:\windows\Installer\b010.msi
c:\windows\Installer\b016.msi
c:\windows\system32\cewmdms.dll
c:\windows\system32\drivers\cegbzypj.sys
c:\windows\system32\Drivers\ohgkd.sys
c:\windows\system32\drivers\ypvuknro.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YPVUKNRO
-------\Service_ypvuknro
-------\Service_otgqvggt


(((((((((((((((((((((((((   Files Created from 2009-07-01 to 2009-08-01  )))))))))))))))))))))))))))))))
.

2009-08-01 15:25 . 2009-08-01 15:25	--------	d-----w-	c:\program files\CCleaner
2009-07-30 03:38 . 2008-04-17 17:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2009-07-30 03:38 . 2009-03-19 21:32	23400	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-30 03:37 . 2009-07-30 03:37	--------	d-----w-	c:\program files\iPod
2009-07-30 03:37 . 2009-07-30 03:38	--------	d-----w-	c:\program files\iTunes
2009-07-30 03:37 . 2009-07-30 03:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-30 03:36 . 2009-07-30 03:36	--------	d-----w-	c:\program files\Bonjour
2009-07-30 03:34 . 2009-07-30 03:36	--------	d-----w-	c:\program files\QuickTime
2009-07-30 03:33 . 2009-07-30 03:33	--------	d-----w-	c:\documents and settings\George Zamora\Local Settings\Application Data\Apple
2009-07-30 03:33 . 2009-07-30 03:33	--------	d-----w-	c:\program files\Apple Software Update
2009-07-30 03:33 . 2009-07-30 03:38	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-07-30 03:32 . 2009-07-30 03:37	--------	d-----w-	c:\program files\Common Files\Apple
2009-07-30 03:32 . 2009-07-30 03:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple
2009-07-29 02:01 . 2009-07-29 02:01	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-25 15:24 . 2009-07-25 15:24	0	----a-w-	c:\windows\system32\drivers\ujst.sys
2009-07-13 19:22 . 2009-07-13 19:22	75048	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 22:35 . 2009-02-25 03:20	461576224	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-08-01 22:11 . 2009-02-25 03:20	5409020	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-31 23:19 . 2008-05-23 04:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-07-31 23:19 . 2008-08-08 03:36	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-07-30 03:34 . 2004-04-21 02:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-13 02:59 . 2006-10-31 03:11	--------	d-----w-	c:\documents and settings\George Zamora\Application Data\wsInspector
2009-06-29 16:12 . 2006-06-23 15:33	827392	----a-w-	c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 10:00	17408	----a-w-	c:\windows\system32\corpol.dll
2009-06-18 00:37 . 2009-06-18 00:37	--------	d-----w-	c:\documents and settings\George Zamora\Application Data\diag
2009-06-16 14:36 . 2002-08-29 10:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 10:00	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2005-08-30 04:02	1291264	----a-w-	c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2002-08-29 10:00	345600	----a-w-	c:\windows\system32\localspl.dll
2003-06-25 03:38 . 2003-06-25 03:27	16051496	-c--a-w-	c:\program files\AdbeRdr60_enu_full.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-02-28 1851128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\SYSTEM32\DRIVERS\cmdguard.sys [2009-02-28 1:51 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\SYSTEM32\DRIVERS\cmdhlp.sys [2009-02-28 1:51 PM 24336]
R1 is-I0263drv;is-I0263drv;c:\windows\SYSTEM32\DRIVERS\76349377.sys [2009-02-24 8:53 PM 148496]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 7:19 PM 13592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-01-03 7:45 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - YPVUKNRO
*Deregistered* - ypvuknro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
lxgxaxhn
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 04:23]

2009-08-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: airliners.net\www
Trusted Zone: cubagenweb.org\www
Trusted Zone: miami-dadeclerk.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 17:33
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\COMODO\COMODO Internet Security\crashrep.exe
.
**************************************************************************
.
Completion time: 2009-08-01 17:37 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-01 22:37
ComboFix2.txt  2009-02-21 13:05
ComboFix3.txt  2009-02-16 20:06

Pre-Run: 45,084,790,784 bytes free
Post-Run: 45,068,324,864 bytes free

168	--- E O F ---	2009-07-31 04:17