Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » [Vundo] Ran all spyware software.. still have Vundo..
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
Infected with CoolWebSearch and New Malware.z »
« [Trojan] trojan + vitrumonde  
AuthorAll Replies


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

reply to Ap4mvp
Re: [Vundo] Ran all spyware software.. still have Vundo..

Combofix will reboot your computer. That is to be expected.

Delete Combofix.exe from your Desktop.
Download it again.

This time you will not use a CFScript file. Just double click Combofix.exe and let it run.

Post back the contents of C:\Combofix.txt when it reboots and then finishes.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · · 2008-05-31 00:59:21 · Reply to this


Ap4mvp
Premium
join:2001-01-18
Chesterfield, MO

 K that worked.. here ya go..

ComboFix 08-05-29.1 - Bry4n 2008-05-30 12:04:36.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1336 [GMT -5:00]
Running from: C:\Users\Bry4n\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf
C:\Windows\System32\effhPqss.ini
C:\Windows\System32\effhPqss.ini2
C:\Windows\system32\hqfluscd.ini
C:\Windows\System32\kTvCcLTv.ini
C:\Windows\System32\kTvCcLTv.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\ocklxenh.ini
C:\Windows\system32\qgmewliy.ini
C:\Windows\system32\sfkwipus.dll
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\Users\Bry4n\AppData\Roaming\Malwarebytes
2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\Users\All Users\Malwarebytes
2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\ProgramData\Malwarebytes
2008-05-30 20:47 . 2008-05-30 20:47 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 20:47 . 2008-05-30 01:06 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-30 20:47 . 2008-05-30 01:06 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-30 20:45 . 2008-05-30 20:45 d-------- C:\Users\All Users\Hewlett-Packard
2008-05-30 20:45 . 2008-05-30 20:45 d-------- C:\ProgramData\Hewlett-Packard
2008-05-30 20:37 . 2007-03-28 14:01 118,272 --a------ C:\Windows\System32\hpz3l5ha.dll
2008-05-30 20:35 . 2008-05-30 20:35 d-------- C:\Program Files\HP
2008-05-30 20:33 . 2008-05-30 20:33 d-------- C:\Users\All Users\HP
2008-05-30 20:33 . 2008-05-30 20:33 d-------- C:\ProgramData\HP
2008-05-30 20:33 . 2007-03-17 15:39 958,464 --a------ C:\Windows\System32\hpotiop4.dll
2008-05-30 20:33 . 2007-03-17 15:39 675,840 --a------ C:\Windows\System32\hpowiax4.dll
2008-05-30 20:33 . 2007-03-08 14:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-05-30 20:33 . 2007-03-08 14:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-05-30 20:33 . 2007-03-17 15:39 303,104 --a------ C:\Windows\System32\hpovst11.dll
2008-05-30 20:33 . 2007-03-31 00:29 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-05-30 20:33 . 2008-05-30 20:35 121,273 --a------ C:\Windows\hpoins15.dat
2008-05-30 20:33 . 2007-09-21 10:15 1,037 --------- C:\Windows\hpomdl15.dat
2008-05-30 19:20 . 2008-05-30 19:20 d-------- C:\Program Files\Trend Micro
2008-05-30 17:24 . 2008-05-30 17:24 d-------- C:\Windows\Sun
2008-05-30 17:03 . 2008-05-30 23:21 d-a------ C:\Users\All Users\TEMP
2008-05-30 17:03 . 2008-05-30 23:21 d-a------ C:\ProgramData\TEMP
2008-05-30 17:02 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-30 17:02 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-30 17:02 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-30 17:02 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-30 17:01 . 2008-05-30 17:01 d-------- C:\Users\Bry4n\AppData\Roaming\PC Tools
2008-05-30 17:01 . 2008-05-30 23:28 d-------- C:\Program Files\Spyware Doctor
2008-05-30 16:59 . 2008-05-30 17:04 d-------- C:\Program Files\Java
2008-05-30 16:59 . 2008-05-30 16:59 d-------- C:\Program Files\Common Files\Java
2008-05-30 16:09 . 2008-05-30 16:09 d-------- C:\Program Files\MSXML 4.0
2008-05-30 16:09 . 2008-05-30 16:12 d-------- C:\Program Files\EsetOnlineScanner
2008-05-30 14:40 . 2008-05-30 16:04 153 --a------ C:\Windows\wininit.ini
2008-05-30 14:07 . 2008-05-30 14:07 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-05-30 13:27 . 2008-05-30 18:01 d-------- C:\VundoFix Backups
2008-05-30 12:45 . 2008-05-30 12:47 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-30 12:45 . 2008-05-30 12:47 d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-30 12:45 . 2008-05-30 12:45 d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\Users\Default.LOG2
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\Users\Default.LOG1
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\ProgramData.LOG2
2008-05-29 08:14 . 2008-05-29 08:14 0 --ah----- C:\ProgramData.LOG1
2008-05-29 02:14 . 2008-05-30 20:25 2,375 --a------ C:\rollback.ini
2008-05-29 01:25 . 2008-05-29 01:25 d-------- C:\Users\All Users\CheckPoint
2008-05-29 01:25 . 2008-05-29 01:25 d-------- C:\ProgramData\CheckPoint
2008-05-29 01:25 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-05-29 00:46 . 2008-05-30 11:56 d-------- C:\Windows\Internet Logs
2008-05-29 00:30 . 2008-05-29 00:31 d-------- C:\Users\Bry4n\AppData\Roaming\MalwareRemovalBot
2008-05-28 22:08 . 2008-05-28 22:18 d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:08 . 2008-05-28 22:18 d-------- C:\ProgramData\Lavasoft
2008-05-28 22:08 . 2008-05-28 22:08 d-------- C:\Program Files\Lavasoft
2008-05-28 22:07 . 2008-05-28 22:07 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:22 . 2008-05-28 20:22 d-------- C:\Users\All Users\Hagel Technologies
2008-05-28 20:22 . 2008-05-28 20:22 d-------- C:\ProgramData\Hagel Technologies
2008-05-28 20:22 . 2008-05-28 20:22 d-------- C:\Program Files\DU Meter
2008-05-28 20:17 . 2008-05-30 11:53 69 --a------ C:\Windows\NeroDigital.ini
2008-05-28 20:14 . 2008-05-28 20:14 d-------- C:\Windows\WinAVI Video Converter 9.0
2008-05-28 20:14 . 2008-05-28 20:14 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-05-28 20:08 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-28 20:05 . 2008-05-28 20:05 d-------- C:\Program Files\Microsoft Works
2008-05-28 20:01 . 2008-05-28 20:01 d-------- C:\Windows\PCHEALTH
2008-05-28 20:01 . 2008-05-28 20:01 d-------- C:\Program Files\Microsoft.NET
2008-05-28 19:58 . 2008-05-28 19:58 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-28 19:57 . 2008-05-28 20:10 d-------- C:\Users\All Users\Microsoft Help
2008-05-28 19:57 . 2008-05-28 20:10 d-------- C:\ProgramData\Microsoft Help
2008-05-28 19:48 . 2008-05-28 19:54 d-------- C:\Users\Bry4n\AppData\Roaming\Ahead
2008-05-28 19:45 . 2008-05-28 19:45 d-------- C:\Users\All Users\Nero
2008-05-28 19:45 . 2008-05-28 19:45 d-------- C:\ProgramData\Nero
2008-05-28 19:45 . 2008-05-28 19:45 d-------- C:\Program Files\Nero
2008-05-28 19:45 . 2008-05-28 19:47 d-------- C:\Program Files\Common Files\Ahead
2008-05-28 19:33 . 2008-05-28 19:33 d-------- C:\Users\All Users\Adobe Systems
2008-05-28 19:33 . 2008-05-28 19:33 d-------- C:\ProgramData\Adobe Systems
2008-05-28 19:27 . 2008-05-28 19:27 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-28 19:24 . 2008-05-28 19:24 d-------- C:\Users\All Users\Adobe
2008-05-28 19:24 . 2008-05-28 19:27 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 19:20 . 2008-05-30 19:15 d-------- C:\Users\Bry4n\AppData\Roaming\iPhoneRingToneMaker
2008-05-28 19:20 . 2008-05-28 19:20 d-------- C:\Program Files\iPhoneRingToneMaker
2008-05-28 19:11 . 2008-05-28 19:11 d-------- C:\Windows\System32\Macromed
2008-05-28 19:11 . 2008-05-28 19:11 1,160 --a------ C:\Windows\mozver.dat
2008-05-28 19:04 . 2008-05-28 20:13 d-------- C:\Program Files\Microsoft Money 2007
2008-05-28 07:54 . 2008-05-30 11:52 d-------- C:\Program Files\Symantec
2008-05-28 07:54 . 2008-05-30 11:56 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-28 07:26 . 2008-05-30 11:56 d-------- C:\Users\All Users\Symantec
2008-05-28 07:26 . 2008-05-30 11:56 d-------- C:\ProgramData\Symantec
2008-05-28 07:16 . 2008-05-30 12:09 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-28 07:16 . 2008-05-28 07:16 1,409 --a------ C:\Windows\QTFont.for
2008-05-28 04:09 . 2008-05-28 04:09 694,784 --a------ C:\Windows\System32\localspl.dll
2008-05-28 04:08 . 2008-05-28 04:08 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-28 04:07 . 2008-05-28 04:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-28 04:07 . 2008-05-28 04:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-28 04:05 . 2008-05-28 04:05 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-05-28 04:05 . 2008-05-28 04:05 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-05-28 04:03 . 2008-05-28 04:03 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-28 04:03 . 2008-05-28 04:03 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-28 04:01 . 2008-05-28 04:01 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-28 04:00 . 2008-05-28 04:00 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-28 04:00 . 2008-05-28 04:00 414,208 --a------ C:\Windows\System32\msscp.dll
2008-05-28 04:00 . 2008-05-28 04:00 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-28 04:00 . 2008-05-28 04:00 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-28 04:00 . 2008-05-28 04:00 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-28 04:00 . 2008-05-28 04:00 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-28 03:59 . 2008-05-28 03:59 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-05-28 03:59 . 2008-05-28 03:59 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-05-28 03:59 . 2008-05-28 03:59 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-05-28 03:59 . 2008-05-28 03:59 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-05-28 03:59 . 2008-05-28 03:59 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-05-28 03:59 . 2008-05-28 03:59 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-05-28 03:59 . 2008-05-28 03:59 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-05-28 03:59 . 2008-05-28 03:59 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-05-28 03:59 . 2008-05-28 03:59 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-05-28 03:57 . 2008-05-28 03:57 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-28 03:57 . 2008-05-28 03:57 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-28 03:57 . 2008-05-28 03:57 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-28 03:57 . 2008-05-28 03:57 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-28 03:57 . 2008-05-28 03:57 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-28 03:57 . 2008-05-28 03:57 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-28 03:57 . 2008-05-28 03:57 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-28 03:57 . 2008-05-28 03:57 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-28 03:56 . 2008-05-28 03:56 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-05-28 03:55 . 2008-05-28 03:55 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-28 03:55 . 2008-05-28 03:55 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-05-28 03:55 . 2008-05-28 03:55 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-05-28 03:55 . 2008-05-28 03:55 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 01:05 --------- d-----w C:\Program Files\MSBuild
2008-05-28 12:14 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-28 12:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-28 09:10 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-28 09:10 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-28 09:10 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-28 09:09 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-28 09:09 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-28 09:08 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-28 09:08 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-28 09:08 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-28 09:08 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-28 08:48 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-28 08:48 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-28 08:48 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-28 08:48 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-28 08:48 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-28 08:48 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-28 08:48 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-28 08:36 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-28 08:36 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-28 08:36 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-28 08:36 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-28 08:36 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-28 08:32 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b7a6b19-a1d8-4366-8ae7-5157893bb823}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1349062-D1A1-40DB-83CD-68CADE84FC37}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 15:19 2582288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-05-28 01:18 454144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSServer"="rundll32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 04:45 222208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []

C:\Users\Bry4n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
iPhoneRingToneMaker.lnk - C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe [2008-05-28 19:20:53 1138176]
WinTidy.lnk - C:\Program Files\WinTidy\WinTidy.exe [2001-10-08 06:14:20 585216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{63D1F38F-4644-4620-87F7-A0DC6BA5719A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{36FC0908-280A-4B25-9579-F77E627046A5}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{87452224-DA98-47B7-9B1C-8E1090213B8F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A98384FF-001A-4DFA-8089-8675BA00B784}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2369248E-F421-472A-A8D3-758B714E6A3D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1A17C05F-6E59-4BA0-8D8B-94A721372DE5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B799F487-7BE5-45CC-9A7F-CADD9664F256}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6F1AE458-6338-4DD3-8DED-AD15E62F4213}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{746D6C7A-B5F8-4D20-82D8-AFAB8EBB1C69}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CFAE4B4B-A39A-48AF-828A-8DBDE3F0495B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6609C431-01D5-4346-8382-98D74F3F633B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\SETUP.EXE
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 15:14:50 C:\Windows\Tasks\MalwareRemovalBot Scheduled Scan.job"
- C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.ex
- C:\Program Files\MalwareRemovalBot
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-30 12:09:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-05-30 12:12:19 - machine was rebooted [Bry4n]
ComboFix-quarantined-files.txt 2008-05-30 17:12:12

Pre-Run: 83,671,408,640 bytes free
Post-Run: 83,721,551,872 bytes free

270 --- E O F --- 2008-05-30 21:13:36
--
Uh-huh, and let me know when Elvis gets here.
to forum · permalink · · 2008-05-31 01:14:29 · Reply to this
Forums » Up and Running » Security » Security CleanupInfected with CoolWebSearch and New Malware.z »
« [Trojan] trojan + vitrumonde  

Thursday, 10-Dec 08:07:54 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [119] AT&T Launching New 24 Mbps U-Verse Tier
· [82] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [68] AT&T Hints At Usage-Based iPhone Data Pricing
· [66] Sprint Poised For A Turnaround?
· [66] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [51] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [45] Microwaving Your Innards Is Not 'Extreme'
Most people now reading
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Cross Server Dungeon Experience [World of Warcraft]
· Icecrown 5-man strats [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· The aftermath [World of Warcraft]
· Extjs grid combo box. [Webmasters and Developers]
· Lawyers Claim Palin Hack Suspect's PC Had Spyware [Security]
· SB6120 Firmware update [Comcast HSI]