ComboFix 08-03-05.1 - Owner 2008-03-09 21:02:55.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.204 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\DOCUME~1\Owner\LOCALS~1\Temp\pfsvgae.sys
C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
C:\Program Files\q330994.exe
C:\StubInstaller.exe
C:\WINDOWS\cvchost.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\WINDOWS\msstasks.exe
C:\WINDOWS\mssys.com
C:\WINDOWS\mstasks1.exe
C:\WINDOWS\mstaskss.exe
C:\WINDOWS\ntldr.exe
C:\WINDOWS\rocky.exe
C:\WINDOWS\seksdialer.exe
C:\WINDOWS\system\system.exe
C:\WINDOWS\system\wmscrop.exe
C:\WINDOWS\system32\cuukntgs.ini2
C:\WINDOWS\system32\dmcompo.dll
C:\WINDOWS\system32\drivers\snkwevbj.sys
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\jac.dll
C:\WINDOWS\system32\mcc.exe
C:\WINDOWS\system32\mrdrvxrb.ini2
C:\WINDOWS\system32\nghwonhb.dll
C:\WINDOWS\system32\nmgthfuv.ini2
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\scchk32.exe
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\wfqiiows.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\q330994.exe
C:\StubInstaller.exe
C:\WINDOWS\cvchost.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\WINDOWS\msstasks.exe
C:\WINDOWS\mssys.com
C:\WINDOWS\mstasks1.exe
C:\WINDOWS\mstaskss.exe
C:\WINDOWS\ntldr.exe
C:\WINDOWS\OIS
C:\WINDOWS\rocky.exe
C:\WINDOWS\seksdialer.exe
C:\WINDOWS\system\system.exe
C:\WINDOWS\system\wmscrop.exe
C:\WINDOWS\system32\cuukntgs.ini2
C:\WINDOWS\system32\dmcompo.dll
C:\WINDOWS\system32\drivers\snkwevbj.sys
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\jac.dll
C:\WINDOWS\system32\mcc.exe
C:\WINDOWS\system32\mrdrvxrb.ini2
C:\WINDOWS\system32\nmgthfuv.ini2
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\wfqiiows.ini2
.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.
2008-03-05 23:03 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-05 21:35 . 2008-03-05 21:35 279 --a------ C:\Shortcut to Local Disk (C).lnk
2008-02-28 23:22 . 2008-02-28 23:22
d-------- C:\VundoFix Backups
2008-02-27 08:54 . 2008-02-27 08:54 d-------- C:\Program Files\Trend Micro
2008-02-27 00:58 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-27 00:42 . 2008-02-27 02:22 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-27 00:42 . 2008-02-27 00:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-27 00:42 . 2008-02-27 00:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-27 00:42 . 2008-02-27 00:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-26 20:27 . 2008-02-26 20:27 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 20:26 . 2008-03-06 08:50 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-26 20:26 . 2008-02-26 20:26 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 20:26 . 2008-02-26 20:26 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-26 01:30 . 2008-02-26 01:30 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-26 01:19 . 2008-02-26 01:19 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-26 01:18 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-23 22:36 . 2008-02-23 22:40 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-23 19:26 . 2008-02-23 19:25 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-23 19:26 . 2008-02-23 19:26 2,541 --a------ C:\WINDOWS\unins000.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 01:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-06 03:03 --------- d-----w C:\Program Files\Java
2008-03-05 22:03 --------- d-----w C:\Program Files\LimeWire
2008-02-29 04:55 --------- d-----w C:\Program Files\Viewpoint
2008-02-29 04:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-27 06:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-27 06:06 --------- d-----w C:\Program Files\QuickTime
2008-02-27 05:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-27 05:52 --------- d-----w C:\Program Files\Google
2008-02-26 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 19:41 --------- d-----w C:\Program Files\Samsung
2008-02-23 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 02:40 --------- d-----w C:\Program Files\Corel
2008-02-07 02:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-02-06 21:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-06-22 01:38 10,220 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
.
------- Sigcheck -------
8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-12 14:06:49 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2004-08-12 14:06:49 C:\WINDOWS\system32\dllcache\svchost.exe
2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-12 14:10:27 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2004-08-12 14:10:27 C:\WINDOWS\system32\dllcache\ws2_32.dll
01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
----a-w 502,272 2004-08-12 14:09:30 C:\WINDOWS\system32\winlogon.exe
-c--a-w 502,272 2004-08-12 14:09:30 C:\WINDOWS\system32\dllcache\winlogon.exe
558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2004-08-12 14:01:38 C:\WINDOWS\system32\dllcache\ndis.sys
-c--a-w 182,912 2004-08-12 14:01:38 C:\WINDOWS\system32\drivers\ndis.sys
4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2004-08-12 13:58:08 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2004-08-12 13:58:08 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BBB5BBF-B79B-4635-94C3-9B5B629C3FC3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 23:24 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 12:39 1310720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-26 22:43 282624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-16 10:39 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 22:18 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" [2005-03-21 15:00 78848]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 12:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=4y1j82lpsrdecdr.dll.dll.dll.dll.dll.dll.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^winlogin.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
backup=C:\WINDOWS\pss\winlogin.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
--a------ 2002-09-24 16:39 147456 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2004-08-12 10:04 11776 C:\WINDOWS\system32\regsvr32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-02-20 18:45 28672 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2004-04-15 04:32 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-08-13 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 19:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-12 23:25 1831424 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 22:36 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1139706769\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodManager]
C:\Program Files\iPod\bin\iPodManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-12-20 21:54 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 21:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-26 22:43 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-12 23:24 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2004-11-15 20:40 95456 C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"navapsvc"=3 (0x3)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPodService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139706769\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139706769\\ee\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb48502-36a6-11d9-8ad4-0011114656b0}]
\Shell\AutoRun\command - LinksysConnectPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 21:09:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-03-09 21:14:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 01:13:55
ComboFix2.txt 2008-03-07 00:17:45
ComboFix3.txt 2008-03-06 02:13:32
ComboFix4.txt 2008-03-06 01:49:47
ComboFix5.txt 2008-02-29 05:25:36
.
2008-02-23 22:19:59 --- E O F ---