There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Request for review of Combofix Log Please!


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
mushmixx's Avatar
Computer Specs
Junior Member with 1 posts.
  
Join Date: Jul 2008
Experience: Intermediate
06-Jul-2008, 05:03 PM #1
Request for review of Combofix Log Please!
I recently encountered a virus/adware (Trojan Vundo-variant, Adware.vundo-variant/small) on my laptop and attempted several ways of removing it by researching through the web. I used a few programs such as "Superantispyware" and "CCleaner".

I used ComboFix fix as a last resort and hoped that this solved my problem.

Can someone please review the combofix log file below and let me know if I have any additional problems I need to be aware of?

ComboFix 08-07-05.1
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.595 [GMT -4:00]
Running from: C:\Documents and Settings\Ameet\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\AyFeOXyb.ini
C:\WINDOWS\SYSTEM32\AyFeOXyb.ini2
C:\WINDOWS\system32\byXOeFyA.dll
C:\WINDOWS\system32\cayvnvrk.ini
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\jtpkmlng.ini
C:\WINDOWS\system32\linfawmm.ini
C:\WINDOWS\system32\ojnfdyxl.ini
C:\WINDOWS\SYSTEM32\orutv.bak1
C:\WINDOWS\SYSTEM32\orutv.bak2
C:\WINDOWS\SYSTEM32\orutv.ini2
C:\WINDOWS\system32\psuvaqkc.ini
C:\WINDOWS\system32\virus1.dll
C:\WINDOWS\SYSTEM32\xayGQXyb.ini
C:\WINDOWS\SYSTEM32\xayGQXyb.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_perfmons
-------\Service_Routing


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Documents and Settings\Ameet\Application Data\SUPERAntiSpyware.com
2008-07-04 19:59 . 2008-07-04 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-04 19:58 . 2008-07-04 19:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 15:57 . 2008-07-04 15:57 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-07-04 15:57 . 2008-07-04 15:57 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-07-03 00:58 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-07-03 00:58 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-07-03 00:58 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-07-03 00:58 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-07-03 00:58 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-07-03 00:58 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-07-03 00:58 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-07-03 00:58 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-07-03 00:58 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-07-03 00:42 . 2008-07-03 00:42 4,904 --a------ C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP
2008-07-03 00:25 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-07-03 00:22 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-07-02 23:11 . 2008-04-13 20:12 1,306,624 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml6.dll
2008-07-02 23:10 . 2004-08-04 07:00 457,607 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mdlib.wmv
2008-07-02 23:10 . 2008-04-13 20:10 294,912 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msaud32.acm
2008-07-02 23:10 . 2008-04-13 20:09 290,816 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\l3codeca.acm
2008-07-02 23:10 . 2004-08-12 10:00 97,117 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplayer2.hlp
2008-07-02 23:10 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003196_.tmp
2008-07-02 23:10 . 2004-08-12 10:00 18,286 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplayer2.inf
2008-07-02 23:10 . 2004-08-04 07:00 5,971 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\events.js
2008-07-02 23:10 . 2004-08-04 07:00 2,778 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplogoh.gif
2008-07-02 23:10 . 2004-08-04 07:00 2,545 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplogo.gif
2008-07-02 23:10 . 2004-08-12 10:00 1,885 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mplayer2.cnt
2008-07-02 22:14 . 2004-08-12 10:10 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xjis.nls
2008-07-02 22:12 . 2004-08-12 09:58 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-07-02 22:11 . 2008-04-13 20:09 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-07-02 22:10 . 2004-08-12 09:58 1,677,824 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-07-02 22:05 . 2008-07-02 22:05 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-07-02 22:05 . 2008-07-02 22:05 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-07-02 22:04 . 2004-08-12 09:58 16,384 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\isignup.exe
2008-07-02 21:28 . 2004-08-12 10:06 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-07-02 21:28 . 2004-08-12 10:06 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2008-07-02 21:28 . 2004-08-12 09:58 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-07-02 21:28 . 2004-08-12 09:58 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2008-07-02 21:27 . 2004-08-12 10:02 1,086,058 -ra------ C:\WINDOWS\SET96.tmp
2008-07-02 21:27 . 2004-08-12 10:06 1,042,903 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\SP2.CAT
2008-07-02 21:27 . 2004-08-12 10:06 1,042,903 -ra------ C:\WINDOWS\SET93.tmp
2008-07-02 21:27 . 2004-08-12 10:02 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2008-07-02 21:27 . 2004-08-12 09:59 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2008-07-02 21:27 . 2004-08-12 10:01 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2008-07-02 21:27 . 2004-08-12 09:58 13,753 -ra------ C:\WINDOWS\SETA2.tmp
2008-07-02 21:27 . 2004-08-12 09:57 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2008-07-02 21:27 . 2004-08-12 09:57 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2008-07-02 21:27 . 2004-08-12 10:11 7,710 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2008-07-01 22:46 . 2008-07-01 22:51 17,359 --a------ C:\WINDOWS\setupapi.old
2008-07-01 22:34 . 2008-07-01 22:35 <DIR> d-------- C:\Program Files\CCleaner
2008-07-01 19:39 . 2008-07-01 19:39 <DIR> d-------- C:\Documents and Settings\Ameet\Application Data\dvdcss
2008-06-28 17:37 . 2008-06-28 17:37 <DIR> d-------- C:\fsaua.data
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 20:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-05 05:45 --------- d-----w C:\Documents and Settings\Ameet\Application Data\uTorrent
2008-07-04 19:52 --------- d-----w C:\Program Files\Starcraft
2008-07-04 19:49 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-07-04 19:49 --------- d--h--w C:\Documents and Settings\Ameet\Application Data\GTek
2008-07-04 19:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-02 02:34 --------- d-----w C:\Program Files\Yahoo!
2008-06-28 21:36 --------- d-----w C:\Program Files\Winamp Remote
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 01:10 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-04 01:10 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-04 01:10 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-04 01:10 --------- d-----w C:\Program Files\Symantec
2008-05-14 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-11 23:10 --------- d--h--w C:\Documents and Settings\Ameet\Application Data\Move Networks
2008-05-09 01:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-09 03:05 0 -c--a-w C:\Program Files\temp01
2006-06-17 03:40 248 -c--a-w C:\Documents and Settings\Ameet\n.bat
2006-06-17 03:40 128 -c--a-w C:\Documents and Settings\Ameet\dr.exe
2006-04-11 02:25 157 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 16:06 1135968 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-08-21 20:04 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 23:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-01 21:48 1392640 C:\WINDOWS\SYSTEM32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-02-14 12:01 51048 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a--c--- 2004-06-18 11:30 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2005-05-24 11:48 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a--c--- 2007-10-22 20:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 00:53 714608 C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-04-17 12:48 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-10-10 01:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2007-07-16 15:17 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"23270:TCP"= 23270:TCP:BitComet 23270 TCP
"23270:UDP"= 23270:UDP:BitComet 23270 UDP

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 12:02]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Ameet\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 gtermddo;gtermddo;C:\DOCUME~1\Ameet\LOCALS~1\Temp\gtermddo.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 00:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-06 07:36:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-03 01:28:59 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Ameet.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
MSConfigStartUp-DellSupport - C:\Program Files\DellSupport\DSAgnt.exe
MSConfigStartUp-PeerGuardian - C:\Program Files\PeerGuardian2\pg2.exe
MSConfigStartUp-YSearchProtection - C:\PROGRAM FILES\Yahoo!\SEARCH PROTECTION\SEARCHPROTECTION.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 16:21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-07-06 16:29:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 20:29:09

Pre-Run: 65,499,598,848 bytes free
Post-Run: 65,379,434,496 bytes free

305 --- E O F --- 2008-07-04 22:12:59
Reply

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 11:40 AM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.