laff
@btcentralplus.com
| reply to laff
Re: [Vundo] Vundo removal
AM still unable to locate the malware log. I am being denied access to documents and settings and if I try to open mbam error 732(2) is showing. Here are the other results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:13, on 04/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »uk.red.clientapps.yahoo.com/cust···ide.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »uk.red.clientapps.yahoo.com/cust···hoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ddcYrRli.dll - C:\Windows\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 8005 bytes
ComboFix 08-05-01.3 - Lisa 2008-05-04 15:18:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1194 [GMT 1:00]
Running from: C:\Users\Lisa\Desktop\ComboFix.exe
Command switches used :: C:\Users\Lisa\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\Users\Lisa\AppData\Local\Temp\ddcYrRli.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SZKG5
-------\Service_szkg5
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 14:21 --------- d-----w C:\ProgramData\STOPzilla!
2008-05-04 14:21 --------- d-----w C:\ProgramData\Kontiki
2008-05-04 14:01 --------- d-----w C:\ProgramData\SITEguard
2008-05-04 09:32 --------- d-----w C:\Program Files\XoftSpySE
2008-05-04 07:08 --------- d-----w C:\Program Files\Trend Micro
2008-05-04 07:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-04 07:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 06:55 --------- d-----w C:\Program Files\iTunes
2008-05-04 06:50 --------- d-----w C:\Users\Lisa\AppData\Roaming\Azureus
2008-05-04 06:50 --------- d-----w C:\Program Files\STOPzilla!
2008-05-04 06:50 --------- d-----w C:\Program Files\Safari
2008-05-04 06:50 --------- d-----w C:\Program Files\QuickTime
2008-05-04 06:50 --------- d-----w C:\Program Files\iPod
2008-05-04 06:50 --------- d-----w C:\Program Files\DivX
2008-05-04 06:50 --------- d-----w C:\Program Files\Apple Software Update
2008-05-04 06:37 --------- d-----w C:\ProgramData\Grisoft
2008-05-03 22:45 --------- d-----w C:\ProgramData\Grisoft(951)
2008-05-03 20:49 --------- d-----w C:\Program Files\Google
2008-05-03 20:02 --------- d-----w C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2008-05-03 20:02 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-05-03 19:04 --------- d-----w C:\Program Files\Common Files\iS3
2008-05-03 17:01 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-03 14:39 --------- d-----w C:\ProgramData\Grisoft(74)
2008-05-03 13:58 --------- d-----w C:\ProgramData\Grisoft(106)
2008-05-03 13:36 --------- d-----w C:\ProgramData\TEMP
2008-05-03 13:36 --------- d-----w C:\ProgramData\PC Tools
2008-05-03 13:36 --------- d-----w C:\Program Files\ThreatFire
2008-05-03 11:33 --------- d-----w C:\ProgramData\Grisoft(108)
2008-05-03 11:05 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-05-03 11:04 --------- d-----w C:\ProgramData\avg8
2008-05-03 11:04 --------- d-----w C:\Program Files\AVG
2008-05-03 10:46 --------- d-----w C:\ProgramData\Lavasoft
2008-05-03 10:45 --------- d-----w C:\Program Files\Lavasoft
2008-05-02 14:23 --------- d-----w C:\Users\Lisa\AppData\Roaming\Apple Computer
2008-05-02 14:09 --------- d-----w C:\Program Files\iTunes(27)
2008-05-02 14:09 --------- d-----w C:\Program Files\iPod(26)
2008-05-02 14:08 --------- d-----w C:\Program Files\QuickTime(28)
2008-05-02 14:01 --------- d-----w C:\Program Files\Apple Software Update(1)
2008-03-11 22:39 691,545 ----a-w C:\Windows\unins000.exe
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 03:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 03:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-11-27 15:25 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [ ]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 14:26 4452352 C:\Windows\RtHDVCpl.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-14 23:13 185896]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-25 12:10 129560]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-25 12:10 154136]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-25 12:10 141848]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-28 00:11 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MSServer"="C:\Windows\system32\ddcDTKby.dll" [ ]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-03 12:04 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcYrRli.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71CE1E22-D3BF-43D4-88B9-F3BE9B27180F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5638DCBE-8B56-411F-A61E-2FE6B2CD9AF0}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2475D0CB-F233-40D9-9C9F-7E299CEE5AE5}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{F2FAFE83-B0D9-4B8B-9964-F415681E53FC}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{4C3CD3C9-CC85-4D84-9180-2A2BA86394EE}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{AC82F5DA-795E-45FD-965A-CD612B6BD45E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7D093470-FBAD-477E-8ECF-1567EDE13C64}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{63CB72BC-3069-4541-AE13-35E86C9B630D}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{37713B54-6072-40BE-851F-AAA289D93274}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{1A704448-96E8-428A-8C5E-E25658D130A5}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{715FDF81-1D5C-41C1-BB93-46C71D9BDC9E}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{F89977CF-B476-4C71-A4DD-D4528F5BDCB4}C:\\program files\\kontiki\\khost.exe"= UDP:C:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{9B663E61-EA48-4438-8863-A76F893BB274}C:\\program files\\kontiki\\khost.exe"= TCP:C:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{E10DA2A6-7BF7-421E-BF96-45C3DC491643}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{DA3B8ACB-1D8D-452D-982A-47D731C01907}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{EE7363F1-9714-433E-891B-CAF050662DDB}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{75E04C65-F108-4E01-97DD-DBC0D2C9CDA7}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{BD080E9A-798D-40A5-8074-91AA027509D1}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{0BF15E42-15C6-48AB-A9D7-846690393641}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{FE8459F4-4869-4307-8C3B-44FED415852C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A99F0EE1-A9CF-48B5-B271-601992871DC1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CB39DBE3-03C9-4A86-9189-98B4E845C915}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-03 12:05]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-03 12:04]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-25 12:10]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd3fc594-dd3b-11dc-b254-001d0978375e}]
\shell\AutoRun\command - K:\setupSNK.exe
*Newly Created Service* - SZKG5
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 15:16:18 C:\Windows\Tasks\User_Feed_Synchronization-{7E0D4AB1-DB41-4D4E-8CE5-64B8125A604C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-04 15:21:29
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-05-04 15:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 14:24:47
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
178 --- E O F --- 2008-05-04 07:04:06 |
