dolphindolphin
2009-01-31, 22:52
I performed a combo-fix scan and it seemed to rid my comp of vundu and maybe some smitfraud. Can someone help me to review the log?
ComboFix 09-01-31.01 - matthew 2009-01-31 15:20:06.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.812 [GMT -5:00]
Running from: c:\documents and settings\matthew\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\998.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\cvjxsyai.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaexcpacvp.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\senekakdlicybo.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekarulhrqak.dll
c:\windows\system32\senekavbrrnvxj.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\uucvxyjr.job
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\i386\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-26 21:43 . 2009-01-26 21:43 <DIR> d-------- C:\jcreator
2009-01-26 21:23 . 2009-01-26 21:23 <DIR> d-------- c:\documents and settings\matthew\Application Data\JCreator
2009-01-26 21:23 . 2009-01-26 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\JCreator
2009-01-26 21:21 . 2009-01-26 21:43 <DIR> d-------- c:\program files\Xinox Software
2009-01-26 16:41 . 2009-01-26 16:41 <DIR> d-------- c:\program files\Sun
2009-01-22 20:03 . 2009-01-28 11:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-22 20:03 . 2009-01-22 20:03 1,409 --a------ c:\windows\QTFont.for
2009-01-22 15:15 . 2009-01-22 15:15 133,120 --a------ c:\windows\ozohaxov.dll
2009-01-21 23:31 . 2009-01-21 23:31 <DIR> d-------- c:\documents and settings\matthew\Application Data\QuosaDDM
2009-01-21 17:38 . 2009-01-21 17:38 0 --a------ c:\windows\VPC32.INI
2009-01-21 16:16 . 2009-01-31 15:27 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-01-21 16:16 . 2004-03-04 23:46 83,168 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-21 16:16 . 2004-03-04 23:46 82,832 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 15:06 . 2009-01-21 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-20 17:19 . 2009-01-21 15:14 <DIR> d-------- C:\norton
2009-01-19 23:21 . 2009-01-19 23:21 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2009-01-19 23:21 . 2009-01-19 23:21 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-19 23:20 . 2006-03-09 09:58 1,060,424 --a------ c:\windows\system32\WdfCoInstaller01000.dll
2009-01-19 23:20 . 2007-12-06 18:12 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2009-01-19 23:10 . 2009-01-20 16:04 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-19 23:10 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-19 23:08 . 2008-08-14 04:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-19 23:08 . 2008-08-14 04:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-19 23:08 . 2008-08-14 04:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-19 23:08 . 2008-08-14 04:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-19 23:05 . 2008-10-24 06:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-19 22:46 . 2005-12-13 16:40 135,168 --a------ c:\windows\system32\igfxres.dll
2009-01-19 22:31 . 2004-08-04 05:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-01-19 22:30 . 2004-08-04 05:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-19 22:29 . 2004-08-04 05:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-01-19 22:28 . 2004-08-04 05:00 829,440 --a--c--- c:\windows\system32\dllcache\inetmgr.dll
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-19 22:24 . 2004-08-04 05:00 214,528 --a--c--- c:\windows\system32\dllcache\icwconn1.exe
2009-01-19 22:24 . 2004-08-04 05:00 86,016 --a--c--- c:\windows\system32\dllcache\icwconn2.exe
2009-01-19 22:24 . 2004-08-04 05:00 32,768 --a--c--- c:\windows\system32\dllcache\icwdl.dll
2009-01-19 22:24 . 2004-08-04 05:00 20,480 --a--c--- c:\windows\system32\dllcache\inetwiz.exe
2009-01-19 22:24 . 2004-08-04 05:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-19 16:18 . 2009-01-19 16:18 <DIR> d-------- c:\windows\dell
2009-01-17 21:29 . 2009-01-17 21:35 1,893 --a------ c:\windows\bcmwltrytmp.reg
2009-01-17 20:21 . 2009-01-17 20:21 3,706 --a------ c:\windows\setupapi.old
2009-01-16 15:46 . 2009-01-16 15:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-15 22:40 . 2009-01-15 22:40 <DIR> d-------- c:\documents and settings\matthew\Application Data\SUPERAntiSpyware.com
2009-01-15 22:24 . 2009-01-15 22:24 <DIR> d-------- c:\program files\CCleaner
2009-01-15 19:17 . 2009-01-15 19:33 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-01-15 19:01 . 2009-01-15 19:01 <DIR> d-------- c:\program files\Alwil Software
2009-01-14 23:23 . 2009-01-14 23:23 <DIR> d-------- c:\windows\system32\xp2
2009-01-14 23:23 . 2009-01-15 00:13 <DIR> d-------- c:\windows\system32\pnUZ
2009-01-14 23:23 . 2009-01-14 23:23 <DIR> d-------- c:\temp\tmp90
2009-01-14 23:13 . 2009-01-31 15:24 1,104 --a------ c:\windows\ogivnsip
2009-01-07 23:05 . 2009-01-07 23:06 <DIR> d-------- c:\program files\Pidgin
2009-01-03 11:39 . 2009-01-03 11:38 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-10 17:32 . 2009-01-20 17:19 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 20:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-31 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 19:57 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-01-31 19:20 --------- d-----w c:\documents and settings\matthew\Application Data\.purple
2009-01-30 03:52 --------- d-----w c:\documents and settings\matthew\Application Data\gtk-2.0
2009-01-28 02:50 --------- d-----w c:\documents and settings\matthew\Application Data\Move Networks
2009-01-27 01:32 --------- d-----w c:\program files\Java
2009-01-21 21:17 --------- d-----w c:\program files\Symantec
2009-01-21 21:17 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-21 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-18 03:38 --------- d-----w c:\program files\McAfee.com
2009-01-18 03:38 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-16 03:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-16 01:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 21:29 --------- d-----w c:\program files\Google
2009-01-12 21:25 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-08 04:05 --------- d-----w c:\program files\Common Files\GTK
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-02 03:49 --------- d-----w c:\program files\DivX
2008-10-04 19:42 0 ----a-w c:\documents and settings\matthew\Application Data\wklnhst.dat
2006-10-25 00:09 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-23 185872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"Xqitayotevokom"="c:\windows\ozohaxov.dll" [2009-01-22 133120]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-21 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-09-27 671744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3bkxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nortel\\IP Softphone 2050\\i2050.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\123CopyDVDGold\\123CopyDVD\\123CopyDVD.exe"=
"c:\\Program Files\\123CopyDVDGold\\123Movies2PSP\\123Movies2PSP.exe"=
"c:\\Program Files\\123CopyDVDGold\\123Movies2IPOD\\123Movies2IPOD.exe"=
"c:\\Program Files\\123Movies2PSP\\123Movies2PSP.exe"=
"c:\\Program Files\\123CopyDVD Gold\\123CopyDVD.exe"=
"c:\\Program Files\\123CopyDVD Gold\\123Movies2Portable.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\matthew\\Desktop\\Halo\\Halo.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:systerm
R4 i2050QoSSvc;Nortel IP Softphone 2050 QoS;c:\program files\Nortel\IP Softphone 2050\i2050QosSvc.exe [2006-01-19 94208]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-09-27 3712]
S0 ati3bkxx;ati3bkxx;c:\windows\system32\Drivers\ati3bkxx.sys --> c:\windows\system32\Drivers\ati3bkxx.sys [?]
S0 ogivnsip;ogivnsip;c:\windows\system32\drivers\usfgngsn.sys []
S1 imapii;imapii;c:\windows\system32\drivers\imapii.sys --> c:\windows\system32\drivers\imapii.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-09-21 26488]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-26 24652]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-02-19 106496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3046bc6d-7ebd-11dd-a708-0016cffd9282}]
\Shell\AutoRun\command - G:\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{723a20c8-71fb-11dd-a6ed-0016cffd9282}]
\Shell\AutoRun\command - f:\wd_windows_tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e17ecb8e-b4f3-11dd-a755-0016cffd9282}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{24CFC443-A856-4D14-B4F4-B4C5D639B3C8} - c:\windows\system32\opnkkiFy.dll
HKLM-Run-pkqyqam - c:\windows\system32\pkqyqam.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-Vfacikav - c:\windows\Ihiza.dll
Notify-pmnkKbcB - pmnkKbcB.dll
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
FF - ProfilePath - c:\documents and settings\matthew\Application Data\Mozilla\Firefox\Profiles\cz1wtqex.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAG4AAAB5mFEJvUnPOqjCVLgwJb8w7TBP7sdEz8nStt5EC_YFAt34l5FxlryKK32y9_nZ-8yIGUbmqcejNrg0Nz0V3oQWeNhpBEQ581vRylSz3W7m1txKgHnxMVEXPbf8ephxYxrgjP3vPsMk98YpSbxbqwsE&zx=1oslomljjjkwq
FF - plugin: c:\documents and settings\matthew\Application Data\Mozilla\Firefox\Profiles\cz1wtqex.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 15:27:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\usfgngsn.sys 25088 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-315157010-2508857612-2295585215-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91105896-B5B6-A2CC-4332-3902A2E7544B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gadgkgpgieadjb"=hex:63,61,66,63,69,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-31 15:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-31 20:33:25
Pre-Run: 66,361,335,808 bytes free
Post-Run: 65,592,033,280 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
294 --- E O F --- 2009-01-20 04:30:33
ComboFix 09-01-31.01 - matthew 2009-01-31 15:20:06.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.812 [GMT -5:00]
Running from: c:\documents and settings\matthew\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\998.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\cvjxsyai.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaexcpacvp.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\senekakdlicybo.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekarulhrqak.dll
c:\windows\system32\senekavbrrnvxj.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\uucvxyjr.job
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\i386\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-26 21:43 . 2009-01-26 21:43 <DIR> d-------- C:\jcreator
2009-01-26 21:23 . 2009-01-26 21:23 <DIR> d-------- c:\documents and settings\matthew\Application Data\JCreator
2009-01-26 21:23 . 2009-01-26 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\JCreator
2009-01-26 21:21 . 2009-01-26 21:43 <DIR> d-------- c:\program files\Xinox Software
2009-01-26 16:41 . 2009-01-26 16:41 <DIR> d-------- c:\program files\Sun
2009-01-22 20:03 . 2009-01-28 11:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-22 20:03 . 2009-01-22 20:03 1,409 --a------ c:\windows\QTFont.for
2009-01-22 15:15 . 2009-01-22 15:15 133,120 --a------ c:\windows\ozohaxov.dll
2009-01-21 23:31 . 2009-01-21 23:31 <DIR> d-------- c:\documents and settings\matthew\Application Data\QuosaDDM
2009-01-21 17:38 . 2009-01-21 17:38 0 --a------ c:\windows\VPC32.INI
2009-01-21 16:16 . 2009-01-31 15:27 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-01-21 16:16 . 2004-03-04 23:46 83,168 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-21 16:16 . 2004-03-04 23:46 82,832 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 15:06 . 2009-01-21 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-20 17:19 . 2009-01-21 15:14 <DIR> d-------- C:\norton
2009-01-19 23:21 . 2009-01-19 23:21 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2009-01-19 23:21 . 2009-01-19 23:21 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-19 23:20 . 2006-03-09 09:58 1,060,424 --a------ c:\windows\system32\WdfCoInstaller01000.dll
2009-01-19 23:20 . 2007-12-06 18:12 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2009-01-19 23:10 . 2009-01-20 16:04 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-19 23:10 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-19 23:08 . 2008-08-14 04:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-19 23:08 . 2008-08-14 04:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-19 23:08 . 2008-08-14 04:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-19 23:08 . 2008-08-14 04:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-19 23:05 . 2008-10-24 06:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-19 22:46 . 2005-12-13 16:40 135,168 --a------ c:\windows\system32\igfxres.dll
2009-01-19 22:31 . 2004-08-04 05:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-01-19 22:30 . 2004-08-04 05:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-19 22:29 . 2004-08-04 05:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-01-19 22:28 . 2004-08-04 05:00 829,440 --a--c--- c:\windows\system32\dllcache\inetmgr.dll
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-19 22:25 . 2009-01-19 22:25 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-19 22:24 . 2004-08-04 05:00 214,528 --a--c--- c:\windows\system32\dllcache\icwconn1.exe
2009-01-19 22:24 . 2004-08-04 05:00 86,016 --a--c--- c:\windows\system32\dllcache\icwconn2.exe
2009-01-19 22:24 . 2004-08-04 05:00 32,768 --a--c--- c:\windows\system32\dllcache\icwdl.dll
2009-01-19 22:24 . 2004-08-04 05:00 20,480 --a--c--- c:\windows\system32\dllcache\inetwiz.exe
2009-01-19 22:24 . 2004-08-04 05:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-19 16:18 . 2009-01-19 16:18 <DIR> d-------- c:\windows\dell
2009-01-17 21:29 . 2009-01-17 21:35 1,893 --a------ c:\windows\bcmwltrytmp.reg
2009-01-17 20:21 . 2009-01-17 20:21 3,706 --a------ c:\windows\setupapi.old
2009-01-16 15:46 . 2009-01-16 15:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-15 22:40 . 2009-01-15 22:40 <DIR> d-------- c:\documents and settings\matthew\Application Data\SUPERAntiSpyware.com
2009-01-15 22:24 . 2009-01-15 22:24 <DIR> d-------- c:\program files\CCleaner
2009-01-15 19:17 . 2009-01-15 19:33 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-01-15 19:01 . 2009-01-15 19:01 <DIR> d-------- c:\program files\Alwil Software
2009-01-14 23:23 . 2009-01-14 23:23 <DIR> d-------- c:\windows\system32\xp2
2009-01-14 23:23 . 2009-01-15 00:13 <DIR> d-------- c:\windows\system32\pnUZ
2009-01-14 23:23 . 2009-01-14 23:23 <DIR> d-------- c:\temp\tmp90
2009-01-14 23:13 . 2009-01-31 15:24 1,104 --a------ c:\windows\ogivnsip
2009-01-07 23:05 . 2009-01-07 23:06 <DIR> d-------- c:\program files\Pidgin
2009-01-03 11:39 . 2009-01-03 11:38 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-10 17:32 . 2009-01-20 17:19 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 20:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-31 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-31 19:57 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-01-31 19:20 --------- d-----w c:\documents and settings\matthew\Application Data\.purple
2009-01-30 03:52 --------- d-----w c:\documents and settings\matthew\Application Data\gtk-2.0
2009-01-28 02:50 --------- d-----w c:\documents and settings\matthew\Application Data\Move Networks
2009-01-27 01:32 --------- d-----w c:\program files\Java
2009-01-21 21:17 --------- d-----w c:\program files\Symantec
2009-01-21 21:17 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-21 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-18 03:38 --------- d-----w c:\program files\McAfee.com
2009-01-18 03:38 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-16 03:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-16 01:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 21:29 --------- d-----w c:\program files\Google
2009-01-12 21:25 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-08 04:05 --------- d-----w c:\program files\Common Files\GTK
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-02 03:49 --------- d-----w c:\program files\DivX
2008-10-04 19:42 0 ----a-w c:\documents and settings\matthew\Application Data\wklnhst.dat
2006-10-25 00:09 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-23 185872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"Xqitayotevokom"="c:\windows\ozohaxov.dll" [2009-01-22 133120]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-21 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-09-27 671744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3bkxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nortel\\IP Softphone 2050\\i2050.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\123CopyDVDGold\\123CopyDVD\\123CopyDVD.exe"=
"c:\\Program Files\\123CopyDVDGold\\123Movies2PSP\\123Movies2PSP.exe"=
"c:\\Program Files\\123CopyDVDGold\\123Movies2IPOD\\123Movies2IPOD.exe"=
"c:\\Program Files\\123Movies2PSP\\123Movies2PSP.exe"=
"c:\\Program Files\\123CopyDVD Gold\\123CopyDVD.exe"=
"c:\\Program Files\\123CopyDVD Gold\\123Movies2Portable.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\matthew\\Desktop\\Halo\\Halo.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:systerm
R4 i2050QoSSvc;Nortel IP Softphone 2050 QoS;c:\program files\Nortel\IP Softphone 2050\i2050QosSvc.exe [2006-01-19 94208]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-09-27 3712]
S0 ati3bkxx;ati3bkxx;c:\windows\system32\Drivers\ati3bkxx.sys --> c:\windows\system32\Drivers\ati3bkxx.sys [?]
S0 ogivnsip;ogivnsip;c:\windows\system32\drivers\usfgngsn.sys []
S1 imapii;imapii;c:\windows\system32\drivers\imapii.sys --> c:\windows\system32\drivers\imapii.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-09-21 26488]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-26 24652]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-02-19 106496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3046bc6d-7ebd-11dd-a708-0016cffd9282}]
\Shell\AutoRun\command - G:\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{723a20c8-71fb-11dd-a6ed-0016cffd9282}]
\Shell\AutoRun\command - f:\wd_windows_tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e17ecb8e-b4f3-11dd-a755-0016cffd9282}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{24CFC443-A856-4D14-B4F4-B4C5D639B3C8} - c:\windows\system32\opnkkiFy.dll
HKLM-Run-pkqyqam - c:\windows\system32\pkqyqam.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-Vfacikav - c:\windows\Ihiza.dll
Notify-pmnkKbcB - pmnkKbcB.dll
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
FF - ProfilePath - c:\documents and settings\matthew\Application Data\Mozilla\Firefox\Profiles\cz1wtqex.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAG4AAAB5mFEJvUnPOqjCVLgwJb8w7TBP7sdEz8nStt5EC_YFAt34l5FxlryKK32y9_nZ-8yIGUbmqcejNrg0Nz0V3oQWeNhpBEQ581vRylSz3W7m1txKgHnxMVEXPbf8ephxYxrgjP3vPsMk98YpSbxbqwsE&zx=1oslomljjjkwq
FF - plugin: c:\documents and settings\matthew\Application Data\Mozilla\Firefox\Profiles\cz1wtqex.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 15:27:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\usfgngsn.sys 25088 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-315157010-2508857612-2295585215-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91105896-B5B6-A2CC-4332-3902A2E7544B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gadgkgpgieadjb"=hex:63,61,66,63,69,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-31 15:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-31 20:33:25
Pre-Run: 66,361,335,808 bytes free
Post-Run: 65,592,033,280 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
294 --- E O F --- 2009-01-20 04:30:33