ComboFix 09-01-13.04 - Force Commander 2009-01-15 10:53:20.

1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1404 [GMT -8:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\micr0st.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
H:\autorun.inf
H:\resycled
h:\resycled\boot.com
J:\Autorun.inf
J:\resycled
j:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15
)))))))))))))))))))))))))))))))
.

2009-01-15 10:50 . 2009-01-15 10:50 <DIR> d-------- c:\program files\Trend Micro

2009-01-14 22:39 . 2009-01-14 22:39 <DIR> d-------- c:\documents and settings\All
Users\Application Data\Lavasoft
2009-01-14 22:29 . 2009-01-14 22:29 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\Antispyware
2009-01-14 21:52 . 2009-01-14 21:52 <DIR> d--------
c:\windows\system32\drivers\Avg
2009-01-14 21:52 . 2009-01-14 21:52 97,928 --a------
c:\windows\system32\drivers\avgldx86.sys
2009-01-14 21:52 . 2009-01-14 21:52 76,040 --a------
c:\windows\system32\drivers\avgtdix.sys
2009-01-14 21:52 . 2009-01-14 21:52 10,520 --a------
c:\windows\system32\avgrsstx.dll
2009-01-14 00:19 . 2009-01-14 00:19 <DIR> d-------- c:\program files\File
Scavenger 3.0
2009-01-14 00:12 . 2009-01-14 00:12 <DIR> d-------- c:\program files\uTorrent
2009-01-14 00:12 . 2009-01-14 00:18 <DIR> d-------- c:\documents and
settings\David\Application Data\uTorrent
2009-01-13 11:55 . 2009-01-13 11:55 <DIR> d-------- c:\program files\Promise
Technology, Inc
2009-01-13 11:55 . 2009-01-13 11:55 <DIR> d-------- c:\program files\Promise
2009-01-13 11:55 . 2003-11-05 18:06 110,592 --a------
c:\windows\system32\ulutil2.dll
2009-01-13 11:55 . 2006-04-06 17:52 108,544 --a------
c:\windows\system32\drivers\ulsata2.sys
2009-01-13 11:55 . 2003-11-05 08:45 17,408 --a------
c:\windows\system32\drivers\bb-run.sys
2009-01-13 11:55 . 2004-06-29 14:25 7,680 --a------
 c:\windows\system32\drivers\dontgo.sys
2009-01-05 21:17 . 2009-01-13 21:57 <DIR> d-------- C:\Downloads
2009-01-05 16:34 . 2009-01-05 16:34 <DIR> d-------- c:\program files\Western
Digital
2009-01-05 16:24 . 2009-01-14 21:52 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-04 03:37 . 2009-01-04 04:53 <DIR> d-------- c:\program files\Super DVD
Ripper
2009-01-04 02:36 . 2009-01-04 02:36 <DIR> d-------- C:\WinFast WorkArea
2009-01-02 13:32 . 2009-01-02 13:33 <DIR> d-------- C:\WFDB
2009-01-02 13:32 . 2009-01-02 13:32 <DIR> d-------- c:\documents and settings\All
Users\Application Data\Ulead Systems
2009-01-02 13:32 . 2001-12-19 15:47 49,152 --a------
c:\windows\system32\TempDel.EXE
2009-01-02 13:32 . 2005-01-06 16:55 9,446 --a------
c:\windows\system32\drivers\WFIOCTL.sys
2009-01-02 13:25 . 2005-06-28 09:24 163,584 --a------
c:\windows\system32\drivers\cx88vid.sys
2009-01-02 13:24 . 2009-01-02 13:24 <DIR> d-------- c:\windows\system32\WinFox
2009-01-02 13:24 . 2009-01-02 13:25 <DIR> d-------- c:\windows\system32\WinFast
2009-01-02 13:24 . 2005-03-25 18:24 9,600 --a------
c:\windows\system32\drivers\WINFOXIO.sys
2009-01-02 13:14 . 2009-01-02 13:14 799 --a------
c:\windows\system\Cmicnfgp.ini
2009-01-02 12:39 . 2009-01-02 12:39 <DIR> d-------- c:\program files\Common
Files\Ulead Systems
2009-01-02 12:37 . 2009-01-02 12:37 <DIR> d-------- c:\program files\WinFast
2009-01-02 12:33 . 2009-01-02 12:33 <DIR> d-------- C:\WinFast
2009-01-02 12:33 . 2009-01-02 13:25 <DIR> d-------- c:\windows\system32\DX9
2009-01-02 00:18 . 2009-01-02 00:18 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\Red Alert 3
2008-12-29 17:49 . 2008-12-29 17:49 <DIR> d-------- c:\program files\eBay
2008-12-29 17:49 . 2008-12-29 17:49 <DIR> d-------- c:\documents and settings\All
Users\eBay
2008-12-28 22:52 . 2008-12-28 22:52 <DIR> d-------- c:\program files\Combined
Community Codec Pack
2008-12-28 20:00 . 2009-01-14 12:57 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-26 19:57 . 2008-12-26 19:57 <DIR> d-------- c:\documents and settings\All
Users\Application Data\Seagate
2008-12-26 19:56 . 2008-12-26 19:56 <DIR> d-------- c:\program files\Seagate
2008-12-26 19:56 . 2008-12-26 19:56 441,760 --a------
c:\windows\system32\drivers\timntr.sys
2008-12-26 19:56 . 2008-12-26 19:56 368,480 --a------
c:\windows\system32\drivers\tdrpman.sys
2008-12-26 19:56 . 2008-12-26 19:56 132,224 --a------
c:\windows\system32\drivers\snapman.sys
2008-12-26 19:56 . 2008-12-26 19:56 44,384 --a------
c:\windows\system32\drivers\tifsfilt.sys
2008-12-24 19:41 . 2008-12-24 19:41 <DIR> d---s---- c:\documents and
settings\David\UserData
2008-12-24 19:02 . 2008-12-24 19:02 <DIR> d-------- c:\documents and
settings\David\Application Data\FastStone
2008-12-24 16:42 . 2008-12-24 16:42 <DIR> d-------- c:\documents and
settings\David\Application Data\dvdcss
2008-12-23 19:10 . 2008-12-23 19:10 <DIR> d-------- c:\documents and
settings\David\Application Data\Red Alert 3
2008-12-23 18:54 . 2008-12-23 18:54 <DIR> d-------- c:\windows\Logs
2008-12-23 18:54 . 2008-12-23 18:54 <DIR> d-------- c:\program files\Electronic
Arts
2008-12-23 18:54 . 2008-05-30 14:11 3,850,760 --a------
c:\windows\system32\D3DX9_38.dll
2008-12-23 18:54 . 2007-07-19 18:14 3,727,720 --a------
c:\windows\system32\d3dx9_35.dll
2008-12-23 18:54 . 2008-05-30 14:11 1,491,992 --a------
c:\windows\system32\D3DCompiler_38.dll
2008-12-23 18:54 . 2007-07-19 18:14 1,358,192 --a------
c:\windows\system32\D3DCompiler_35.dll
2008-12-23 18:54 . 2008-05-30 14:11 467,984 --a------
c:\windows\system32\d3dx10_38.dll
2008-12-23 18:54 . 2007-07-19 18:14 444,776 --a------
c:\windows\system32\d3dx10_35.dll
2008-12-23 18:53 . 2008-12-23 19:04 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\DAEMON Tools
2008-12-23 18:52 . 2008-12-23 18:52 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\Aim
2008-12-21 22:32 . 2008-12-21 22:32 <DIR> d-------- c:\program files\Common
Files\Adobe
2008-12-21 22:31 . 2009-01-02 13:00 <DIR> d-------- c:\documents and
settings\Administrator
2008-12-21 22:14 . 2008-12-21 22:14 <DIR> d-------- c:\program files\Common
Files\Adobe AIR
2008-12-21 22:11 . 2008-12-21 22:23 <DIR> d-------- c:\documents and settings\All
Users\Application Data\Adobe(2)
2008-12-21 22:10 . 2008-12-21 22:11 <DIR> d-------- c:\program files\Common
Files\Adobe(2)
2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d-------- c:\documents and
settings\David\Application Data\Creative
2008-12-20 11:04 . 2008-12-20 11:04 <DIR> d-------- c:\documents and
settings\David\Application Data\vlc
2008-12-20 11:00 . 2008-12-20 11:00 <DIR> d-------- c:\program files\Winamp
2008-12-20 11:00 . 2008-12-20 11:02 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\Winamp
2008-12-20 10:58 . 2008-12-20 11:02 <DIR> d-------- c:\documents and
settings\David\Application Data\Winamp
2008-12-20 01:04 . 2008-12-20 01:04 <DIR> d-------- c:\documents and
settings\David\Application Data\Media Player Classic
2008-12-19 07:52 . 2008-12-21 12:31 <DIR> d--------
c:\windows\system32\CatRoot_bak
2008-12-18 21:48 . 2008-12-18 21:48 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\FaxCtr
2008-12-18 21:48 . 2008-12-18 21:48 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\DivX
2008-12-18 21:48 . 2008-12-18 21:48 <DIR> d-------- c:\documents and
settings\Force Commander\Application Data\ASUS
2008-12-18 21:48 . 2009-01-02 13:00 <DIR> d-------- c:\documents and
settings\Force Commander
2008-12-18 21:48 . 2009-01-14 12:44 69 --a------ c:\windows\NeroDigital.ini
2008-12-18 19:47 . 2008-12-18 19:47 <DIR> d-------- c:\documents and
settings\David\Application Data\FaxCtr
2008-12-18 19:47 . 2008-12-18 19:47 <DIR> d-------- c:\documents and settings\All
Users\Application Data\Creative
2008-12-18 18:51 . 2008-12-18 18:51 <DIR> d-------- c:\program files\AVG
2008-12-18 18:51 . 2009-01-14 21:52 <DIR> d-------- c:\documents and settings\All
Users\Application Data\avg8
2008-12-18 18:44 . 2009-01-15 01:11 <DIR> d-------- c:\program files\lx_cats
2008-12-18 18:43 . 2008-12-18 19:41 <DIR> d-------- c:\program files\Lexmark Fax
Solutions
2008-12-18 18:43 . 2008-12-18 18:43 <DIR> d-------- c:\documents and settings\All
Users\Application Data\FaxCtr
2008-12-18 18:43 . 2008-08-14 02:00 2,180,352 -----c---
c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-18 18:43 . 2008-08-14 01:58 2,136,064 -----c---
c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-18 18:43 . 2008-08-14 01:22 2,057,728 -----c---
c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-18 18:43 . 2008-08-14 01:22 2,015,744 -----c---
c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-18 18:43 . 2008-10-24 03:10 453,632 -----c---
c:\windows\system32\dllcache\mrxsmb.sys
2008-12-18 18:43 . 2005-12-23 06:18 339,968 --a------
c:\windows\system32\IMGMAN32.DLL
2008-12-18 18:43 . 2005-12-23 06:18 98,345 --a------
c:\windows\system32\IMHOST32.DLL
2008-12-18 18:43 . 2005-12-23 06:18 98,304 --a------
c:\windows\system32\IM31XPNG.DEL
2008-12-18 18:43 . 2005-12-23 06:18 69,632 --a------
c:\windows\system32\IM31XTIF.DEL
2008-12-18 18:43 . 2005-12-23 06:18 49,152 --a------
c:\windows\system32\IM31IMG.DIL
2008-12-18 18:43 . 2006-02-02 00:26 12,288 --a------
c:\windows\system32\LXPMONRC.DLL
2008-12-18 18:42 . 2008-12-18 18:42 <DIR> d-------- c:\program files\Lexmark
Toolbar
2008-12-18 18:42 . 2008-12-18 18:44 <DIR> d-------- c:\program files\Lexmark 3400
Series
2008-12-18 18:42 . 2008-12-18 18:42 <DIR> d-------- c:\program files\Abbyy
FineReader 6.0 Sprint
2008-12-18 18:37 . 2005-06-28 10:21 22,752 --a------
c:\windows\system32\spupdsvc.exe
2008-12-18 18:36 . 2008-12-18 19:36 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-18 18:30 . 2004-07-20 17:24 1,568,768 ---------
c:\windows\system32\ImagX7.dll
2008-12-18 18:30 . 2004-07-20 17:24 476,320 ---------
c:\windows\system32\ImagXpr7.dll
2008-12-18 18:30 . 2004-07-20 17:24 471,040 ---------
c:\windows\system32\ImagXRA7.dll
2008-12-18 18:30 . 2004-07-09 09:43 364,544 ---------
c:\windows\system32\TwnLib4.dll
2008-12-18 18:30 . 2004-07-20 17:24 262,144 ---------
c:\windows\system32\ImagXR7.dll
2008-12-18 18:30 . 2000-06-26 11:45 106,496 --a------
c:\windows\system32\TwnLib20.dll
2008-12-18 18:30 . 2001-06-26 08:15 38,912 ---------
c:\windows\system32\picn20.dll
2008-12-18 18:29 . 2008-12-18 18:31 <DIR> d-------- c:\program files\Common
Files\Ahead
2008-12-18 18:29 . 2008-12-18 18:30 <DIR> d-------- c:\program files\Ahead
2008-12-18 18:29 . 2001-07-09 11:50 155,648 --a------
c:\windows\system32\NeroCheck.exe
2008-12-18 18:16 . 2008-12-18 18:16 <DIR> d--h----- c:\program files\Creative
Installation Information
2008-12-18 18:16 . 2008-12-18 18:16 <DIR> d-------- c:\program files\Common
Files\Creative
2008-12-18 18:16 . 1999-12-13 09:01 44,032 ---------
c:\windows\system32\CTSVCCDA.EXE
2008-12-18 18:16 . 1999-11-18 09:00 25,088 ---------
c:\windows\system32\CTSVCCTL.EXE
2008-12-18 18:15 . 2008-12-18 18:16 <DIR> d-------- c:\program files\Creative
2008-12-18 18:14 . 2008-12-20 17:40 <DIR> d-------- c:\documents and
settings\David\Application Data\DivX
2008-12-18 18:13 . 2008-12-18 18:13 <DIR> d-------- c:\program files\Vodei
2008-12-18 18:13 . 2008-12-18 18:13 <DIR> d-------- c:\program files\DirectVobSub
2008-12-18 18:12 . 2008-12-18 18:12 <DIR> d-------- c:\program files\VideoLAN
2008-12-18 18:12 . 2008-12-18 18:12 <DIR> d-------- c:\program files\Gabest
2008-12-18 18:11 . 2008-12-18 18:11 <DIR> d-------- c:\program files\eRightSoft
2008-12-18 18:10 . 2009-01-15 00:58 <DIR> d-------- c:\program files\Steam
2008-12-18 18:10 . 2008-12-18 18:10 <DIR> d-------- c:\program files\Spybot -
Search & Destroy
2008-12-18 18:10 . 2008-12-25 13:45 <DIR> d-------- c:\documents and settings\All
Users\Application Data\Spybot - Search & Destroy
2008-12-18 18:09 . 2008-12-18 18:09 <DIR> d-------- c:\program files\Real
Alternative
2008-12-18 18:09 . 2008-12-18 18:09 <DIR> d-------- c:\program files\nKast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 21:14 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-02 21:14 102,400 ----a-w c:\windows\system32\OpenAL32.dll
2008-12-19 00:55 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:47 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-11-21 21:47 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w
c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-05 20:23 49,152 ----a-r c:\windows\system32\inetwh32.dll
2008-11-05 20:23 1,044,480 ----a-r c:\windows\system32\roboex32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-12-21 10:49 23,032 ----a-w c:\program files\mozilla
firefox\components\browserdirprovider(2).dll
2008-12-21 10:49 134,648 ----a-w c:\program files\mozilla
firefox\components\brwsrcmp(2).dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2004-03-12 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04
455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Cmaudio8788GX"="c:\windows\system\HsMgr.exe" [2008-07-11 200704]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896]
"CTCheck"="c:\program files\Creative\ZEN Media Explorer\CTCheck.exe" [2007-11-06
397312]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25
286720]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-06 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02
290816]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01
65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader
9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-14 1261336]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 c:\windows\system32\ulutil2.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized
Applications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 dontgo;Promise Removable Disk Control

Driver;c:\windows\system32\drivers\dontgo.sys [2009-01-13 7680]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-01-13 108544]
R1 AvgLdx86;AVG Free AVI Loader Driver
x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 97928]
R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys
[2008-12-18 1983424]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service -->
c:\windows\system32\lxcycoms.exe -service [?]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2009-01-02 9446]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
[2009-01-14 76040]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-14
875288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
\{330d6bf6-e1ac-11dd-9bd8-000129d8a911}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
\{63d2d7b5-c36f-11dd-b31b-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - "resycled\boot.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
\{63d2d7b7-c36f-11dd-b31b-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
\Shell\Open\command - h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
\{63d2d7b8-c36f-11dd-b31b-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
\{72b8857f-d3cb-11dd-a992-000129d8a911}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
\Shell\Open\command - i:\resycled\boot.com i:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
\{d934b22f-cd19-11dd-afce-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\Antispyware Scheduled Scan.job

- c:\program files\Antispyware\Antispyware.exe []

2009-01-15 c:\windows\Tasks\Antispyware Scheduled Scan.job

- c:\program files\Antispyware []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Antispyware - c:\program files\Antispyware\Antispyware.exe

HKLM-Run-MultiRes - c:\program files\MultiRes\MultiRes.exe
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Force Commander\Application
Data\Mozilla\Firefox\Profiles\wlta00p6.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla
Firefox\components\browserdirprovider(2).dll
FF - component: c:\program files\Mozilla Firefox\components\brwsrcmp(2).dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2009-01-15 10:54:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32
c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????
??????????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????????????????????????????????
????

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************
.
Completion time: 2009-01-15 10:54:47
ComboFix-quarantined-files.txt 2009-01-15 18:54:46

Pre-Run: 176,022,597,632 bytes free

Post-Run: 176,595,939,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="H:\WINDOWS" HELP

291 --- E O F --- 2008-12-19 03:36:44