Request for review of Combofix Log Please!

mushmixx · 06-Jul-2008, 05:03 PM #1

I recently encountered a virus/adware

(Trojan Vundo-variant, Adware.vundo-variant/small) on my laptop and attempted several ways of removing it by researching through the web. I used a few programs such as "Superantispyware" and "CCleaner".

I used ComboFix fix as a last resort and hoped that this solved my problem.

Can someone please review the combofix log file below and let me know if I have any additional problems I need to be aware of?

ComboFix 08-07-05.1
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.595 [GMT -4:00]
Running from: C:\Documents and Settings\Ameet\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\AyFeOXyb.ini
C:\WINDOWS\SYSTEM32\AyFeOXyb.ini2
C:\WINDOWS\system32\byXOeFyA.dll
C:\WINDOWS\system32\cayvnvrk.ini
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\jtpkmlng.ini
C:\WINDOWS\system32\linfawmm.ini
C:\WINDOWS\system32\ojnfdyxl.ini
C:\WINDOWS\SYSTEM32\orutv.bak1
C:\WINDOWS\SYSTEM32\orutv.bak2
C:\WINDOWS\SYSTEM32\orutv.ini2
C:\WINDOWS\system32\psuvaqkc.ini
C:\WINDOWS\system32\virus1.dll
C:\WINDOWS\SYSTEM32\xayGQXyb.ini
C:\WINDOWS\SYSTEM32\xayGQXyb.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_perfmons
-------\Service_Routing

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Documents and Settings\Ameet\Application Data\SUPERAntiSpyware.com
2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-04 19:58 . 2008-07-04 19:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 15:57 . 2008-07-04 15:57 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-07-04 15:57 . 2008-07-04 15:57 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-07-03 00:58 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-07-03 00:58 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-07-03 00:58 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-07-03 00:58 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-07-03 00:58 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-07-03 00:58 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-07-03 00:58 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-07-03 00:58 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-07-03 00:58 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-07-03 00:42 . 2008-07-03 00:42 4,904 --a------ C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP
2008-07-03 00:25 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-07-03 00:22 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-07-02 23:11 . 2008-04-13 20:12 1,306,624 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml6.dll
2008-07-02 23:10 . 2004-08-04 07:00 457,607 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mdlib.wmv
2008-07-02 23:10 . 2008-04-13 20:10 294,912 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msaud32.acm
2008-07-02 23:10 . 2008-04-13 20:09 290,816 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\l3codeca.acm
2008-07-02 23:10 . 2004-08-12 10:00 97,117 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplayer2.hlp
2008-07-02 23:10 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003196_.tmp
2008-07-02 23:10 . 2004-08-12 10:00 18,286 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplayer2.inf
2008-07-02 23:10 . 2004-08-04 07:00 5,971 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\events.js
2008-07-02 23:10 . 2004-08-04 07:00 2,778 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplogoh.gif
2008-07-02 23:10 . 2004-08-04 07:00 2,545 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplogo.gif
2008-07-02 23:10 . 2004-08-12 10:00 1,885 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplayer2.cnt
2008-07-02 22:14 . 2004-08-12 10:10 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xjis.nls
2008-07-02 22:12 . 2004-08-12 09:58 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-07-02 22:11 . 2008-04-13 20:09 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-07-02 22:10 . 2004-08-12 09:58 1,677,824 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-07-02 22:05 . 2008-07-02 22:05 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-07-02 22:04 . 2004-08-12 09:58 16,384 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\isignup.exe
2008-07-02 21:28 . 2004-08-12 10:06 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-07-02 21:28 . 2004-08-12 10:06 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2008-07-02 21:28 . 2004-08-12 09:58 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-07-02 21:28 . 2004-08-12 09:58 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2008-07-02 21:27 . 2004-08-12 10:02 1,086,058 -ra------ C:\WINDOWS\SET96.tmp
2008-07-02 21:27 . 2004-08-12 10:06 1,042,903 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\SP2.CAT
2008-07-02 21:27 . 2004-08-12 10:06 1,042,903 -ra------ C:\WINDOWS\SET93.tmp
2008-07-02 21:27 . 2004-08-12 10:02 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2008-07-02 21:27 . 2004-08-12 09:59 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2008-07-02 21:27 . 2004-08-12 10:01 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2008-07-02 21:27 . 2004-08-12 09:58 13,753 -ra------ C:\WINDOWS\SETA2.tmp
2008-07-02 21:27 . 2004-08-12 09:57 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2008-07-02 21:27 . 2004-08-12 09:57 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2008-07-02 21:27 . 2004-08-12 10:11 7,710 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2008-07-01 22:46 . 2008-07-01 22:51 17,359 --a------ C:\WINDOWS\setupapi.old
2008-07-01 22:34 . 2008-07-01 22:35 <DIR> d-------- C:\Program Files\CCleaner
2008-07-01 19:39 . 2008-07-01 19:39 <DIR> d-------- C:\Documents and Settings\Ameet\Application Data\dvdcss
2008-06-28 17:37 . 2008-06-28 17:37 <DIR> d-------- C:\fsaua.data
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 20:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-05 05:45 --------- d-----w C:\Documents and Settings\Ameet\Application Data\uTorrent
2008-07-04 19:52 --------- d-----w C:\Program Files\Starcraft
2008-07-04 19:49 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-07-04 19:49 --------- d--h--w C:\Documents and Settings\Ameet\Application Data\GTek
2008-07-04 19:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-02 02:34 --------- d-----w C:\Program Files\Yahoo!
2008-06-28 21:36 --------- d-----w C:\Program Files\Winamp Remote
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 01:10 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-04 01:10 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-04 01:10 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-04 01:10 --------- d-----w C:\Program Files\Symantec
2008-05-14 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-11 23:10 --------- d--h--w C:\Documents and Settings\Ameet\Application Data\Move Networks
2008-05-09 01:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-09 03:05 0 -c--a-w C:\Program Files\temp01
2006-06-17 03:40 248 -c--a-w C:\Documents and Settings\Ameet\n.bat
2006-06-17 03:40 128 -c--a-w C:\Documents and Settings\Ameet\dr.exe
2006-04-11 02:25 157 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 16:06 1135968 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-08-21 20:04 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 23:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-01 21:48 1392640 C:\WINDOWS\SYSTEM32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-02-14 12:01 51048 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a--c--- 2004-06-18 11:30 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2005-05-24 11:48 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a--c--- 2007-10-22 20:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 00:53 714608 C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-04-17 12:48 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-10-10 01:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2007-07-16 15:17 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"23270:TCP"= 23270:TCP:BitComet 23270 TCP
"23270:UDP"= 23270:UDP:BitComet 23270 UDP

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 12:02]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Ameet\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 gtermddo;gtermddo;C:\DOCUME~1\Ameet\LOCALS~1\Temp\gtermddo.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 00:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-06 07:36:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-03 01:28:59 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Ameet.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
MSConfigStartUp-DellSupport - C:\Program Files\DellSupport\DSAgnt.exe
MSConfigStartUp-PeerGuardian - C:\Program Files\PeerGuardian2\pg2.exe
MSConfigStartUp-YSearchProtection - C:\PROGRAM FILES\Yahoo!\SEARCH PROTECTION\SEARCHPROTECTION.EXE

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 16:21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-07-06 16:29:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 20:29:09

Pre-Run: 65,499,598,848 bytes free
Post-Run: 65,379,434,496 bytes free

305 --- E O F --- 2008-07-04 22:12:59

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)