republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » [Vundo] Ran all spyware software.. still have Vundo..
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
Infected with CoolWebSearch and New Malware.z »
« [Trojan] trojan + vitrumonde  
AuthorAll Replies


Ap4mvp
Premium
join:2001-01-18
Chesterfield, MO		reply to Ap4mvp
Re: [Vundo] Ran all spyware software.. still have Vundo..

On second thinking the Combofix said something about not being able to run the program?
--
Uh-huh, and let me know when Elvis gets here.
to forum · permalink · · 2008-05-31 00:46:18 · Reply to this


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

 Combofix will reboot your computer. That is to be expected.

Delete Combofix.exe from your Desktop.
Download it again.

This time you will not use a CFScript file. Just double click Combofix.exe and let it run.

Post back the contents of C:\Combofix.txt when it reboots and then finishes.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · · 2008-05-31 00:59:21 · Reply to this


Ap4mvp
Premium
join:2001-01-18
Chesterfield, MO

 K that worked.. here ya go..

ComboFix 08-05-29.1 - Bry4n 2008-05-30 12:04:36.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1336 [GMT -5:00]
Running from: C:\Users\Bry4n\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf
C:\Windows\System32\effhPqss.ini
C:\Windows\System32\effhPqss.ini2
C:\Windows\system32\hqfluscd.ini
C:\Windows\System32\kTvCcLTv.ini
C:\Windows\System32\kTvCcLTv.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\ocklxenh.ini
C:\Windows\system32\qgmewliy.ini
C:\Windows\system32\sfkwipus.dll
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\Users\Bry4n\AppData\Roaming\Malwarebytes
2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\Users\All Users\Malwarebytes
2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\ProgramData\Malwarebytes
2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 20:47 . 2008-05-30 01:06 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-30 20:47 . 2008-05-30 01:06 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-30 20:45 . 2008-05-30 20:45 d-------- C:\Users\All Users\Hewlett-Packard
2008-05-30 20:45 . 2008-05-30 20:45 d-------- C:\ProgramData\Hewlett-Packard
2008-05-30 20:37 . 2007-03-28 14:01 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-05-30 20:35 . 2008-05-30 20:35 d-------- C:\Program Files\HP
2008-05-30 20:33 . 2008-05-30 20:33 d-------- C:\Users\All Users\HP
2008-05-30 20:33 . 2008-05-30 20:33 d-------- C:\ProgramData\HP
2008-05-30 20:33 . 2007-03-17 15:39 958,464 --a------ C:\Windows\System32\hpotiop4.dll
2008-05-30 20:33 . 2007-03-17 15:39 675,840 --a------ C:\Windows\System32\hpowiax4.dll
2008-05-30 20:33 . 2007-03-08 14:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-05-30 20:33 . 2007-03-08 14:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-05-30 20:33 . 2007-03-17 15:39 303,104 --a------ C:\Windows\System32\hpovst11.dll
2008-05-30 20:33 . 2007-03-31 00:29 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-05-30 20:33 . 2008-05-30 20:35 121,273 --a------ C:\Windows\hpoins15.dat
2008-05-30 20:33 . 2007-09-21 10:15 1,037 --------- C:\Windows\hpomdl15.dat
2008-05-30 19:20 . 2008-05-30 19:20 d-------- C:\Program Files\Trend Micro
2008-05-30 17:24 . 2008-05-30 17:24 d-------- C:\Windows\Sun
2008-05-30 17:03 . 2008-05-30 23:21 d-a------ C:\Users\All Users\TEMP
2008-05-30 17:03 . 2008-05-30 23:21 d-a------ C:\ProgramData\TEMP
2008-05-30 17:02 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-30 17:02 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-30 17:02 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-30 17:02 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-30 17:01 . 2008-05-30 17:01 d-------- C:\Users\Bry4n\AppData\Roaming\PC Tools
2008-05-30 17:01 . 2008-05-30 23:28 d-------- C:\Program Files\Spyware Doctor
2008-05-30 16:59 . 2008-05-30 17:04 d-------- C:\Program Files\Java
2008-05-30 16:59 . 2008-05-30 16:59 d-------- C:\Program Files\Common Files\Java
2008-05-30 16:09 . 2008-05-30 16:09 d-------- C:\Program Files\MSXML 4.0
2008-05-30 16:09 . 2008-05-30 16:12 d-------- C:\Program Files\EsetOnlineScanner
2008-05-30 14:40 . 2008-05-30 16:04 153 --a------ C:\Windows\wininit.ini
2008-05-30 14:07 . 2008-05-30 14:07 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-30 13:27 . 2008-05-30 18:01 d-------- C:\VundoFix Backups
2008-05-30 12:45 . 2008-05-30 12:47 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-30 12:45 . 2008-05-30 12:47 d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-30 12:45 . 2008-05-30 12:45 d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\Users\Default.LOG2
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\Users\Default.LOG1
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\ProgramData.LOG2
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\ProgramData.LOG1
2008-05-29 02:14 . 2008-05-30 20:25 2,375 --a------ C:\rollback.ini
2008-05-29 01:25 . 2008-05-29 01:25 d-------- C:\Users\All Users\CheckPoint
2008-05-29 01:25 . 2008-05-29 01:25 d-------- C:\ProgramData\CheckPoint
2008-05-29 01:25 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-05-29 00:46 . 2008-05-30 11:56 d-------- C:\Windows\Internet Logs
2008-05-29 00:30 . 2008-05-29 00:31 d-------- C:\Users\Bry4n\AppData\Roaming\MalwareRemovalBot
2008-05-28 22:08 . 2008-05-28 22:18 d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:08 . 2008-05-28 22:18 d-------- C:\ProgramData\Lavasoft
2008-05-28 22:08 . 2008-05-28 22:08 d-------- C:\Program Files\Lavasoft
2008-05-28 22:07 . 2008-05-28 22:07 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:22 . 2008-05-28 20:22 d-------- C:\Users\All Users\Hagel Technologies
2008-05-28 20:22 . 2008-05-28 20:22 d-------- C:\ProgramData\Hagel Technologies
2008-05-28 20:22 . 2008-05-28 20:22 d-------- C:\Program Files\DU Meter
2008-05-28 20:17 . 2008-05-30 11:53 69 --a------ C:\Windows\NeroDigital.ini
2008-05-28 20:14 . 2008-05-28 20:14 d-------- C:\Windows\WinAVI Video Converter 9.0
2008-05-28 20:14 . 2008-05-28 20:14 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-05-28 20:08 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-28 20:05 . 2008-05-28 20:05 d-------- C:\Program Files\Microsoft Works
2008-05-28 20:01 . 2008-05-28 20:01 d-------- C:\Windows\PCHEALTH
2008-05-28 20:01 . 2008-05-28 20:01 d-------- C:\Program Files\Microsoft.NET
2008-05-28 19:58 . 2008-05-28 19:58 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-28 19:57 . 2008-05-28 20:10 d-------- C:\Users\All Users\Microsoft Help
2008-05-28 19:57 . 2008-05-28 20:10 d-------- C:\ProgramData\Microsoft Help
2008-05-28 19:48 . 2008-05-28 19:54 d-------- C:\Users\Bry4n\AppData\Roaming\Ahead
2008-05-28 19:45 . 2008-05-28 19:45 d-------- C:\Users\All Users\Nero
2008-05-28 19:45 . 2008-05-28 19:45 d-------- C:\ProgramData\Nero
2008-05-28 19:45 . 2008-05-28 19:45 d-------- C:\Program Files\Nero
2008-05-28 19:45 . 2008-05-28 19:47 d-------- C:\Program Files\Common Files\Ahead
2008-05-28 19:33 . 2008-05-28 19:33 d-------- C:\Users\All Users\Adobe Systems
2008-05-28 19:33 . 2008-05-28 19:33 d-------- C:\ProgramData\Adobe Systems
2008-05-28 19:27 . 2008-05-28 19:27 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-28 19:24 . 2008-05-28 19:24 d-------- C:\Users\All Users\Adobe
2008-05-28 19:24 . 2008-05-28 19:27 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 19:20 . 2008-05-30 19:15 d-------- C:\Users\Bry4n\AppData\Roaming\iPhoneRingToneMaker
2008-05-28 19:20 . 2008-05-28 19:20 d-------- C:\Program Files\iPhoneRingToneMaker
2008-05-28 19:11 . 2008-05-28 19:11 d-------- C:\Windows\System32\Macromed
2008-05-28 19:11 . 2008-05-28 19:11 1,160 --a------ C:\Windows\mozver.dat
2008-05-28 19:04 . 2008-05-28 20:13 d-------- C:\Program Files\Microsoft Money 2007
2008-05-28 07:54 . 2008-05-30 11:52 d-------- C:\Program Files\Symantec
2008-05-28 07:54 . 2008-05-30 11:56 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-28 07:26 . 2008-05-30 11:56 d-------- C:\Users\All Users\Symantec
2008-05-28 07:26 . 2008-05-30 11:56 d-------- C:\ProgramData\Symantec
2008-05-28 07:16 . 2008-05-30 12:09 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-28 07:16 . 2008-05-28 07:16 1,409 --a------ C:\Windows\QTFont.for
2008-05-28 04:09 . 2008-05-28 04:09 694,784 --a------ C:\Windows\System32\localspl.dll
2008-05-28 04:08 . 2008-05-28 04:08 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-28 04:07 . 2008-05-28 04:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-28 04:07 . 2008-05-28 04:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-28 04:05 . 2008-05-28 04:05 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-05-28 04:05 . 2008-05-28 04:05 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-05-28 04:03 . 2008-05-28 04:03 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-28 04:03 . 2008-05-28 04:03 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-28 04:01 . 2008-05-28 04:01 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-28 04:00 . 2008-05-28 04:00 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-28 04:00 . 2008-05-28 04:00 414,208 --a------ C:\Windows\System32\msscp.dll
2008-05-28 04:00 . 2008-05-28 04:00 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-28 04:00 . 2008-05-28 04:00 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-28 04:00 . 2008-05-28 04:00 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-28 04:00 . 2008-05-28 04:00 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-28 03:59 . 2008-05-28 03:59 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-05-28 03:59 . 2008-05-28 03:59 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-05-28 03:59 . 2008-05-28 03:59 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-05-28 03:59 . 2008-05-28 03:59 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-05-28 03:59 . 2008-05-28 03:59 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-05-28 03:59 . 2008-05-28 03:59 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-05-28 03:59 . 2008-05-28 03:59 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-05-28 03:59 . 2008-05-28 03:59 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-05-28 03:59 . 2008-05-28 03:59 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-05-28 03:57 . 2008-05-28 03:57 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-28 03:57 . 2008-05-28 03:57 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-28 03:57 . 2008-05-28 03:57 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-28 03:57 . 2008-05-28 03:57 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-28 03:57 . 2008-05-28 03:57 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-28 03:57 . 2008-05-28 03:57 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-28 03:57 . 2008-05-28 03:57 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-28 03:57 . 2008-05-28 03:57 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-28 03:56 . 2008-05-28 03:56 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-05-28 03:55 . 2008-05-28 03:55 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-28 03:55 . 2008-05-28 03:55 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-05-28 03:55 . 2008-05-28 03:55 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-05-28 03:55 . 2008-05-28 03:55 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 01:05 --------- d-----w C:\Program Files\MSBuild
2008-05-28 12:14 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-28 09:10 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-28 09:10 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-28 09:10 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-28 09:09 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-28 09:09 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-28 09:08 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-28 09:08 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-28 09:08 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-28 09:08 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-28 08:48 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-28 08:48 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-28 08:48 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-28 08:48 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-28 08:48 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-28 08:48 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-28 08:48 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-28 08:36 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-28 08:36 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-28 08:36 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-28 08:36 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-28 08:36 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-28 08:32 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b7a6b19-a1d8-4366-8ae7-5157893bb823}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1349062-D1A1-40DB-83CD-68CADE84FC37}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 15:19 2582288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-05-28 01:18 454144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSServer"="rundll32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []

C:\Users\Bry4n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
iPhoneRingToneMaker.lnk - C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe [2008-05-28 19:20:53 1138176]
WinTidy.lnk - C:\Program Files\WinTidy\WinTidy.exe [2001-10-08 06:14:20 585216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{63D1F38F-4644-4620-87F7-A0DC6BA5719A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{36FC0908-280A-4B25-9579-F77E627046A5}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{87452224-DA98-47B7-9B1C-8E1090213B8F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A98384FF-001A-4DFA-8089-8675BA00B784}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2369248E-F421-472A-A8D3-758B714E6A3D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1A17C05F-6E59-4BA0-8D8B-94A721372DE5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B799F487-7BE5-45CC-9A7F-CADD9664F256}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6F1AE458-6338-4DD3-8DED-AD15E62F4213}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{746D6C7A-B5F8-4D20-82D8-AFAB8EBB1C69}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CFAE4B4B-A39A-48AF-828A-8DBDE3F0495B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6609C431-01D5-4346-8382-98D74F3F633B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\SETUP.EXE
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 15:14:50 C:\Windows\Tasks\MalwareRemovalBot Scheduled Scan.job"
- C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.ex
- C:\Program Files\MalwareRemovalBot
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-30 12:09:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-05-30 12:12:19 - machine was rebooted [Bry4n]
ComboFix-quarantined-files.txt 2008-05-30 17:12:12

Pre-Run: 83,671,408,640 bytes free
Post-Run: 83,721,551,872 bytes free

270 --- E O F --- 2008-05-30 21:13:36
--
Uh-huh, and let me know when Elvis gets here.
to forum · permalink · · 2008-05-31 01:14:29 · Reply to this
Forums » Up and Running » Security » Security CleanupInfected with CoolWebSearch and New Malware.z »
« [Trojan] trojan + vitrumonde  

Wednesday, 02-Dec 07:28:57 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [152] Comcast Releasing Promised Usage Meter
· [69] Baltimore To Ban Lazy Cable Installs
· [58] Latest Consumer Reports Survey Not Kind To AT&T
· [56] Broadband Killed The Game Console
· [52] Rogers Unveils The ISP Dream Model
· [45] ACTA: Global Three Strikes
· [41] Rural Carriers Quickly Embracing Fiber
· [35] Charter Exits Chapter 11
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [26] Vivendi Agrees, Comcast/NBC Deal Soon
Most people now reading
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Ooma changing features [VOIP Tech Chat]
· [Newsgroups] Newzleech down? [Filesharing Software]
· Windows 7 boot manager editing questions [Microsoft Help]
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· Security Software Updates - 1 Dec 2009 [Security]
· persistent connection to qw-in-f113.1e100.net on boot [Security]
· [Snow Leopard] NFS Mounts - no more Directory Utility [All Things Macintosh]
· My 2WIRE Router Keeps Disconnecting [2Wire]
· [ Classes] 3.2.2 Rogue [World of Warcraft]