combofix 08-11-30.02 - a 12/02/2008 17:59:32.1 - ntfsx86
microsoft windows xp professional 5.1.2600.2.1256.1.1025.18.1468 [gmt 3:00]
running from: E:\combofix.exe
* created a new restore point
* resident av is active
warning -this machine does not have the recovery console installed !!
.
/wow section - stage 41
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\ie4 error log.txt
.
((((((((((((((((((((((((( files created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 15:03 320 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2008-12-02 15:03 --------- d-----w c:\documents and settings\all users\application data\stopzilla!
2008-12-02 14:59 --------- d-----w c:\documents and settings\a\application data\dmcache
2008-12-02 14:57 --------- d-----w c:\program files\crawler
2008-12-02 14:53 502,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-02 14:53 42,596,384 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-02 14:51 --------- d-----w c:\documents and settings\all users\application data\kaspersky lab
2008-12-02 14:14 --------- d-----w c:\documents and settings\all users\application data\siteguard
2008-12-02 13:22 --------- d-----w c:\program files\java
2008-11-30 16:41 --------- d-----w c:\program files\kaspersky lab
2008-11-30 16:41 --------- d-----w c:\program files\common files\kaspersky lab
2008-11-30 15:38 --------- d-----w c:\documents and settings\all users\application data\spyware terminator
2008-11-30 13:49 --------- d-----w c:\documents and settings\administrator\application data\spyware terminator
2008-11-30 13:28 --------- d-----w c:\program files\gamespy arcade
2008-11-30 13:21 --------- d-----w c:\documents and settings\a\application data\spyware terminator
2008-11-30 11:40 --------- d-----w c:\program files\spyware terminator
2008-11-30 11:07 --------- d-----w c:\program files\esetonlinescanner
2008-11-29 14:43 --------- d-----w c:\documents and settings\الضيوف\application data\iepro
2008-11-29 05:53 --------- d-----w c:\documents and settings\الضيوف\application data\pc suite
2008-11-29 04:28 0 ----a-w c:\osy3.sys
2008-11-29 04:27 --------- d-----w c:\documents and settings\all users\application data\prevx
2008-11-28 19:02 --------- d-----w c:\documents and settings\a\application data\prorat
2008-11-28 18:26 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-28 14:13 --------- d-----w c:\program files\dyndns updater
2008-11-28 14:13 --------- d-----w c:\documents and settings\all users\application data\dyndns
2008-11-28 10:49 --------- d-----w c:\documents and settings\all users\application data\yahoo!
2008-11-28 08:42 --------- d-----w c:\program files\winpcap
2008-11-27 09:04 --------- d-----w c:\program files\messenger plus! Live
2008-11-26 13:39 --------- d-----w c:\program files\no-ip
2008-11-25 17:03 7,926,561 ------w c:\persi0.sys
2008-11-25 17:03 --------- d-----w c:\program files\faronics
2008-11-24 15:13 --------- d-----w c:\documents and settings\a\application data\avant profiles
2008-11-24 15:11 --------- d-----w c:\program files\avant browser
2008-11-23 16:54 --------- d-----w c:\program files\video gif converter
2008-11-23 15:39 --------- d-----w c:\program files\google
2008-11-21 20:11 --------- d-----w c:\documents and settings\a\application data\free download manager
2008-11-21 16:48 --------- d-----w c:\documents and settings\a\application data\minidm
2008-11-20 16:31 --------- d-----w c:\program files\kelk 2000
2008-11-18 17:39 --------- d-----w c:\program files\gameshadow
2008-11-18 15:11 --------- d-----w c:\program files\elaborate bytes
2008-11-18 11:13 --------- d-----w c:\documents and settings\a\application data\hamachi
2008-11-15 04:18 --------- d-----w c:\documents and settings\all users\application data\pc suite
2008-11-15 04:18 --------- d-----w c:\documents and settings\a\application data\pc suite
2008-11-15 04:18 --------- d-----w c:\documents and settings\a\application data\nokia
2008-11-15 04:17 0 ---ha-w c:\windows\system32\drivers\msftwdf_kernel_01005_coinstaller_critical.wdf
2008-11-15 04:17 0 ---ha-w c:\windows\system32\drivers\msft_kernel_ccdcmb_01005.wdf
2008-11-15 04:10 --------- d-----w c:\program files\nokia
2008-11-15 04:10 --------- d-----w c:\program files\common files\pcsuite
2008-11-15 04:10 --------- d-----w c:\program files\common files\nokia
2008-11-15 04:09 --------- d-----w c:\program files\pc connectivity solution
2008-11-15 04:09 --------- d-----w c:\program files\difx
2008-11-15 04:04 --------- d-----w c:\documents and settings\all users\application data\installations
2008-11-15 03:36 --------- d-----w c:\documents and settings\a\application data\nokia multimedia player
2008-11-15 03:36 --------- d-----w c:\documents and settings\a\application data\datalayer
2008-11-13 14:38 --------- d-----w c:\documents and settings\administrator\application data\free upload manager
2008-11-13 12:46 --------- d-----w c:\documents and settings\administrator\application data\lavasoft
2008-11-12 12:42 --------- d-----w c:\program files\zeallsoft
2008-11-10 11:35 --------- d-----w c:\program files\aaalogo2008
2008-11-09 15:23 --------- d-----w c:\program files\internet download manager112211
2008-11-09 11:04 --------- d-----w c:\program files\common files\adobe
2008-11-09 11:01 --------- d--h--w c:\program files\installshield installation information
2008-11-08 07:53 --------- d-----w c:\documents and settings\a\application data\idm
2008-11-08 07:20 --------- d-----w c:\program files\stopzilla!
2008-11-08 04:43 --------- d-----w c:\program files\natural ambience
2008-11-07 18:30 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-07 18:30 --------- d-----w c:\program files\hamachi
2008-11-07 09:44 --------- d-----w c:\program files\common files\real
2008-11-06 09:40 --------- d-----w c:\program files\techsmith
2008-11-06 09:40 --------- d-----w c:\documents and settings\all users\application data\techsmith
2008-11-06 09:38 --------- d-----w c:\program files\common files\wise installation wizard
2008-11-02 17:38 --------- d-----w c:\program files\firefly studios
2008-11-02 17:38 --------- d-----w c:\program files\common files\installshield
2008-11-02 17:34 --------- d-----w c:\program files\managed directx (0900)
2008-10-31 14:48 --------- d-----w c:\documents and settings\a\application data\avira
2008-10-31 13:58 --------- d-----w c:\documents and settings\all users\application data\avira
2008-10-31 13:57 --------- d-----w c:\program files\avira
2008-10-30 15:37 --------- d-sh--r c:\program files\msncs
2008-10-29 16:17 --------- d-----w c:\documents and settings\a\application data\teamviewer
2008-10-28 13:55 --------- d-----w c:\documents and settings\a\application data\u3
2008-10-26 10:38 --------- d-----w c:\program files\messengerdiscovery
2008-10-25 02:56 --------- d-----w c:\documents and settings\localservice\application data\agi
2008-10-24 03:04 --------- d-----w c:\program files\windows live
2008-10-23 02:41 --------- d-----w c:\program files\microsoft silverlight
2008-10-22 19:49 --------- d-----w c:\documents and settings\all users\application data\winzip
2008-10-22 17:35 65,385 ----a-w c:\windows\bricopackuninst.cmd
2008-10-22 17:35 6,098 ----a-w c:\windows\bricopackfoldersdelete.cmd
2008-10-21 17:38 --------- d-----w c:\program files\webcammax
2008-10-21 13:25 --------- d-----w c:\documents and settings\all users\application data\microsoft help
2008-10-21 02:48 --------- d-----w c:\program files\the kmplayer1431
2008-10-20 12:39 --------- d-----w c:\program files\real_sc
2008-10-20 12:18 --------- d-----w c:\program files\windows media connect 2
2008-10-19 06:20 --------- d-----w c:\program files\circle developement
2008-10-19 03:59 --------- d-----w c:\program files\smarty uninstaller pro
2008-10-19 03:58 --------- d---a-w c:\documents and settings\all users\application data\temp
2008-10-18 18:01 --------- d-----w c:\program files\msecache
2008-10-16 10:43 --------- d-----w c:\documents and settings\all users\application data\wlinstaller
2008-10-16 10:08 --------- d-----w c:\program files\windows installer clean up
2008-10-15 18:22 --------- d-----w c:\documents and settings\all users\application data\ashampoo
2008-10-15 02:33 --------- d-----w c:\program files\windows defender
2008-10-15 02:30 --------- d-----w c:\program files\usb disk security
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_local_machine\~\browser helper s\{dbf9be6b-f17a-48da-9407-672bfc0299d2}]
09/15/2008 06:47 am 1784856 --a------ c:\program files\hotah\tbhota.dll
[hkey_local_machine\software\microsoft\internet explorer\toolbar]
"{dbf9be6b-f17a-48da-9407-672bfc0299d2}"= "c:\program files\hotah\tbhota.dll" [09/15/2008 06:47 am 1784856]
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{dbf9be6b-f17a-48da-9407-672bfc0299d2}"= "c:\program files\hotah\tbhota.dll" [09/15/2008 06:47 am 1784856]
[hkey_classes_root\clsid\{dbf9be6b-f17a-48da-9407-672bfc0299d2}]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"google update"="c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe" [09/07/2008 11:00 pm 133104]
"idman"="c:\program files\internet download manager112211\idman.exe" [11/09/2008 06:23 pm 2606512]
"msnmsgr"="c:\program files\windows live\messenger\msnmsgr.exe" [10/18/2007 11:34 am 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 am 15360]
"msmsgs"="c:\program files\messenger\msmsgs.exe" [08/04/2004 01:09 am 1667584]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avgnt"="c:\program files\avira\antivir personaledition premium\avgnt.exe" [06/12/2008 02:28 pm 266497]
"sunjavaupdatesched"="c:\program files\java\jre6\bin\jusched.exe" [12/02/2008 04:22 pm 136600]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"dwqueuedreporting"="c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" [08/24/2007 03:18 am 437160]
c:\documents and settings\a\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
ela-salaty.lnk - c:\program files\ela-salaty\salaty.exe [2007-03-05 5353984]
c:\documents and settings\all users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
dyndns updater tray icon.lnk - c:\program files\dyndns updater\dyntray.exe [2008-06-23 86016]
[hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon\notify\dflogon]
08/08/2004 03:19 pm 49152 c:\windows\system32\logondll.dll
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"vidc.x264"= x264vfw.dll
"vidc.3iv2"= 3ivxvfwcodec.dll
[hklm\~\startupfolder\c:^documents and settings^all users^قائمة ابدأ^البرامج^بدء التشغيل^adobe gamma loader.lnk]
path=c:\documents and settings\all users\قائمة ابدأ\البرامج\بدء التشغيل\adobe gamma loader.lnk
backup=c:\windows\pss\adobe gamma loader.lnkcommon startup
[hklm\~\startupfolder\c:^documents and settings^all users^قائمة ابدأ^البرامج^بدء التشغيل^kaspersky anti-hacker.lnk]
path=c:\documents and settings\all users\قائمة ابدأ\البرامج\بدء التشغيل\kaspersky anti-hacker.lnk
backup=c:\windows\pss\kaspersky anti-hacker.lnkcommon startup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^adobe media player.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\adobe media player.lnk
backup=c:\windows\pss\adobe media player.lnkstartup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^hamachi.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkstartup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^onenote 2007 screen clipper and launcher.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\onenote 2007 screen clipper and launcher.lnk
backup=c:\windows\pss\onenote 2007 screen clipper and launcher.lnkstartup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^rocketdock.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\rocketdock.lnk
backup=c:\windows\pss\rocketdock.lnkstartup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^transbar.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\transbar.lnk
backup=c:\windows\pss\transbar.lnkstartup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^ubericon.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\ubericon.lnk
backup=c:\windows\pss\ubericon.lnkstartup
[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^y'z shadow.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\y'z shadow.lnk
backup=c:\windows\pss\y'z shadow.lnkstartup
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
--a------ 01/11/2008 10:16 pm 39792 c:\program files\adobe\reader 8.0\reader\reader_sl.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 am 15360 c:\windows\system32\ctfmon.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 02/26/2008 07:45 pm 1430784 c:\program files\eset\eset smart security\egui.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\free download manager]
--a------ 05/20/2008 05:27 pm 2474031 c:\program files\free download manager\fdm.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\google desktop search]
--a------ 10/29/2008 05:24 pm 30192 c:\program files\google\google desktop search\googledesktop.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]
--a------ 08/24/2007 07:00 am 33648 c:\program files\microsoft office\office12\groovemonitor.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 11/28/2005 08:52 am 77824 c:\windows\system32\hkcmd.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 11/28/2005 08:55 am 118784 c:\windows\system32\igfxpers.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 11/28/2005 08:55 am 98304 c:\windows\system32\igfxtray.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\imekrmig6.1]
--a------ 09/19/2001 03:00 pm 44032 c:\windows\ime\imkr6_1\imekrmig.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\imjpmig8.1]
--a------ 08/03/2004 10:32 pm 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
--------- 08/04/2004 01:09 am 1667584 c:\program files\messenger\msmsgs.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
--a------ 07/09/2001 10:50 am 155648 c:\windows\system32\nerocheck.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]
--a------ 06/17/2008 04:00 pm 1249280 c:\program files\nokia\nokia pc suite 7\pcsync2.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\spywareterminator]
--a------ 11/28/2008 09:26 pm 2246144 c:\program files\spyware terminator\spywareterminatorshield.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\virtualclonedrive]
--a------ 06/30/2008 01:01 am 52168 c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\webcammaxmoniter]
--a------ 02/12/2008 05:34 pm 456024 c:\program files\webcammax\wcmmon.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\windows defender]
--a------ 11/03/2006 07:20 pm 866584 c:\program files\windows defender\msascui.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\alcmtr]
-ra------ 05/03/2005 01:43 pm 69632 c:\windows\alcmtr.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]
-ra------ 07/05/2007 11:08 am 16380416 c:\windows\rthdcpl.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\skytel]
-ra------ 06/15/2007 11:45 am 1826816 c:\windows\skytel.exe
[hkey_local_machine\software\microsoft\security center]
"antivirusoverride"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantihacker]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\windows live\\messenger\\msnmsgr.exe"=
"c:\\program files\\windows live\\messenger\\livecall.exe"=
"c:\\windows\\pchealth\\helpctr\\binaries\\helpctr.exe"=
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:tcp"= 3389:tcp

xpsp2res.dll,-22009
r0 deepfrz;deepfrz;c:\windows\system32\drivers\deepfrz.sys [2004-08-08 93568]
r0 klpf;klpf;c:\windows\system32\drivers\klpf.sys [2006-02-07 25075]
r0 klpid;klpid;c:\windows\system32\drivers\klpid.sys [2006-02-07 32214]
r0 szkg5;szkg;c:\windows\system32\drivers\szkg.sys [2008-10-08 49664]
r1 sp_rsdrv2;spyware terminator driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-28 142592]
r2 antivirwebservice;avira antivir premium webguard;"c:\program files\avira\antivir personaledition premium\avwebgrd.exe" [2008-10-31 258305]
r2 aveservice;avira antivir premium mailguard helper service;"c:\program files\avira\antivir personaledition premium\avesvc.exe" [2008-10-31 41217]
r2 camthwdm;webcammax, wdm video capture;c:\windows\system32\drivers\camthwdm.sys [2008-02-09 941784]
r2 dyndns updater;dyndns updater;c:\program files\dyndns updater\dynupsvc.exe [2008-06-23 65536]
r2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2008-10-03 56344]
s2 antivirmailservice;avira antivir premium mailguard;"c:\program files\avira\antivir personaledition premium\avmailc.exe" [2008-10-31 164097]
s3 ar5523;tp-link tl-wn620g 11g wireless adapter service;c:\windows\system32\drivers\ar5523.sys [2008-08-26 360288]
s3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-09-23 23296]
s3 avgfwfd;avg network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-09-23 23296]
s3 fsssvc;windows live family safety;"c:\program files\windows live\family safety\fsssvc.exe" []
s3 googledesktopmanager-090808-172447;google desktop manager 5.8.809.8522;"c:\program files\google\google desktop search\googledesktop.exe" [2008-09-13 30192]
s3 npf;winpcap packet driver (npf);c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
S of the 'scheduled tasks' folder
2008-12-02 c:\windows\tasks\googleupdatetaskuser.job
- c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe [09/07/2008 11:00 pm]
2008-12-02 c:\windows\tasks\mp scheduled scan.job
- c:\program files\windows defender\mpcmdrun.exe [11/03/2006 07:20 pm]
2008-12-02 c:\windows\tasks\user_feed_synchronization-{738fd7ae-daac-40a0-b176-ce1b011beb9a}.job
- c:\windows\system32\msfeedssync.exe [08/22/2008 03:05 am]
.
- - - - orphans removed - - - -
bho-{32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
toolbar-siteguard - (no file)
toolbar-{32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
webbrowser-{32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
hkcu-runonce-shockwave updater - c:\windows\system32\adobe\shockw~1\swhelp~1.exe -update -1100465 -mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; gtb5; mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) ; embedded web browser from:
infopath.2; .net
msconfigstartup-adsnwm - c:\windows\system32\adsnwm.exe
msconfigstartup-mspy2002 - c:\windows\system32\ime\pintlgnt\imscinst.exe
msconfigstartup-phime2002a - c:\windows\system32\ime\tintlgnt\tintsetp.exe
msconfigstartup-phime2002async - c:\windows\system32\ime\tintlgnt\tintsetp.exe
msconfigstartup-rocketdock - c:\windows\bricopacks\vista inspirat 2\rocketdock\rocketdock.exe
msconfigstartup-ubericon - c:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager.exe
msconfigstartup-uiwatcher - c:\program files\ashampoo\ashampoo uninstaller 3\uiwatcher.exe
.
------- supplementary scan -------
.
Firefox -: Profile - c:\documents and settings\a\application data\mozilla\firefox\profiles\k4k0ouvr.default\
firefox -: Prefs.js - search.defaulturl - hxxp://search.yahoo.com/search?ei=utf-8&fr=ytff-amo&p=
firefox -: Prefs.js - startup.homepage - hxxp://my.yahoo.com/
ff -: Plugin - c:\documents and settings\a\local settings\application data\google\update\1.2.131.27\npgoogleoneclick6.dll
ff -: Plugin - c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
ff -: Plugin - c:\program files\java\jre6\bin\new_plugin\npjp2.dll
ff -: Plugin - c:\program files\microsoft silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
ff -: Plugin - c:\program files\microsoft silverlight\2.0.31005.0\npctrl.dll
ff -: Plugin - c:\program files\mozilla firefox\plugins\npdeploytk.dll
ff -: Plugin - c:\program files\real\rhapsodyplayerengine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer,
rootkit scan 2008-12-02 18:03:41
windows 5.1.2600 service pack 2 ntfs
scanning hidden processes ...
Scanning hidden autostart entries ...
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- dlls loaded under running processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\logondll.dll
- - - - - - - > 'lsass.exe'(644)
c:\program files\common files\is3\anti-spyware\is3lsp.dll
.
------------------------ other running processes ------------------------
.
C:\program files\faronics\deep freeze\install c-0\df5serv.exe
c:\program files\common files\is3\anti-spyware\szserver.exe
c:\program files\windows defender\msmpeng.exe
c:\program files\avira\antivir personaledition premium\sched.exe
c:\program files\stopzilla!\stopzilla.exe
c:\program files\avira\antivir personaledition premium\avguard.exe
c:\windows\system32\crypserv.exe
c:\program files\eset\eset smart security\ekrn.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\spyware terminator\sp_rsser.exe
c:\windows\system32\dwwin.exe
c:\program files\internet download manager112211\iemonitor.exe
c:\program files\stopzilla!\stopzilla.exe
.
**************************************************************************
.
Completion time: 12/02/2008 18:09:16 - machine was rebooted
combofix-quarantined-files.txt 2008-12-02 15:09:11
pre-run: 7,758,938,112 bytes free
post-run: 8,894,971,904 bytes free
323 --- e o f --- 2008-11-08 19:37:57