VundoFix reports that there's no traces of Vundo left. However, I'd really appreciate it if someone could look over my HijackThis and ComboFix logs to make sure.
Here's HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:36 PM, on 2/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Users\Cory\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F1DF91D0-44CC-4E1A-8E59-5FBAA897DB2C} - C:\Windows\system32\rqrrq.dll (file missing)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [PMCallCenter] C:\Program Files\PrettyMay Call Center for Skype\PMCallCenter.exe
O4 - HKLM\..\Run: [Skype Recorder] "C:\Program Files\Skype Recorder\Skype Recorder.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
--
End of file - 6093 bytes
And here's CF:
ComboFix 08-02-25.3 - Cory 2008-02-26 13:10:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1491 [GMT -5:00]
Running from: C:\Users\Cory\Desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\aarjarrk.dll
C:\Windows\system32\aggscqtx.dll
C:\Windows\System32\ehkkj.ini
C:\Windows\System32\ehkkj.ini2
C:\Windows\system32\gpgeiadi.dll
C:\Windows\system32\grecorder.dll
C:\Windows\system32\gupbidok.dll
C:\Windows\System32\gvswgqxn.ini
C:\Windows\System32\hkkmp.ini
C:\Windows\System32\hkkmp.ini2
C:\Windows\System32\jkhmqcvn.ini
C:\Windows\system32\jkkhe.dll
C:\Windows\system32\lmncilug.dll
C:\Windows\system32\mwmhgdjo.dll
C:\Windows\system32\pmkkh.dll
C:\Windows\System32\qrrqr.ini
C:\Windows\System32\qrrqr.ini2
C:\Windows\system32\quesfpec.dll
C:\Windows\system32\quesfpec.dllbox
C:\Windows\system32\wdvknrxh.dll
C:\Windows\System32\xtqcsgga.ini
C:\Windows\system32\yabbb.dll
C:\Windows\system32\zbsiluoe.dll
C:\Windows\system32\zbsiluoe.dllbox
.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 12:52 . 2008-02-26 12:52 <DIR> d-------- C:\Users\Cory\AppData\Roaming\SUPERAntiSpyware.com
2008-02-26 12:52 . 2008-02-26 12:52 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-26 12:52 . 2008-02-26 12:52 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-26 12:52 . 2008-02-26 12:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-26 12:36 . 2008-02-26 12:36 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-02-26 12:27 . 2008-02-26 12:27 <DIR> d-------- C:\_OTMoveIt
2008-02-26 12:09 . 2008-02-26 12:36 <DIR> d-------- C:\VundoFix Backups
2008-02-26 08:17 . 2008-02-26 08:29 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-26 08:17 . 2008-02-26 08:29 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-26 08:17 . 2008-02-26 08:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 07:49 . 2008-02-26 12:40 68,230 --a------ C:\Windows\BM0418746f.xml
2008-02-26 07:49 . 2008-02-26 13:05 22 --a------ C:\Windows\pskt.ini
2008-02-25 17:19 . 2008-02-25 17:20 321,600 --a------ C:\Windows\System32\rqrrq.dll.bak
2008-02-25 16:35 . 2008-02-25 16:35 <DIR> d-------- C:\Program Files\HyCam2
2008-02-24 22:04 . 2008-02-24 22:05 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-02-24 06:16 . 2008-02-24 06:16 <DIR> d-------- C:\Users\Cory\AppData\Roaming\FLV Extract
2008-02-23 22:19 . 2008-02-24 05:26 <DIR> d-------- C:\Users\Cory\AppData\Roaming\Pamela
2008-02-23 22:19 . 2008-02-23 22:19 <DIR> d-------- C:\Program Files\Pamela
2008-02-23 22:19 . 2008-02-23 22:19 180,224 --a------ C:\Windows\System32\RemoteControl.dll
2008-02-23 02:34 . 2008-02-23 02:34 <DIR> d-------- C:\Program Files\vixy.net
2008-02-22 21:21 . 2008-02-22 21:21 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-02-18 11:34 . 2008-02-18 11:37 <DIR> d-------- C:\Program Files\Spheres Of Chaos
2008-02-15 16:47 . 2008-02-26 07:36 <DIR> d-------- C:\Users\Cory\AppData\Roaming\RightLoad
2008-02-15 16:47 . 2008-02-15 16:47 <DIR> d-------- C:\Program Files\Rightload
2008-02-12 22:30 . 2008-02-13 12:05 <DIR> d-------- C:\Program Files\Skype Recorder
2008-02-12 22:06 . 2008-02-12 22:10 <DIR> d-------- C:\Users\All Users\PMCallCenter
2008-02-12 22:06 . 2008-02-12 22:10 <DIR> d-------- C:\ProgramData\PMCallCenter
2008-02-12 13:02 . 2008-02-12 13:03 <DIR> d-------- C:\Program Files\Synaesthete
2008-02-09 19:38 . 2008-02-26 07:36 <DIR> d-------- C:\Users\Cory\AppData\Roaming\gtk-2.0
2008-02-09 19:16 . 2008-02-26 12:52 <DIR> d-------- C:\Users\Cory\AppData\Roaming\.purple
2008-02-09 19:15 . 2008-02-09 19:15 <DIR> d-------- C:\Program Files\Pidgin
2008-02-09 19:15 . 2008-02-09 19:15 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-02-09 19:15 . 2008-02-09 19:15 <DIR> d-------- C:\Program Files\Aspell
2008-02-09 18:44 . 2008-02-09 19:25 <DIR> d-------- C:\Program Files\Trillian
2008-02-09 18:28 . 2008-02-09 18:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-09 18:28 . 2008-02-09 18:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-09 18:28 . 2008-02-09 18:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-09 18:28 . 2008-02-09 18:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-09 18:27 . 2008-02-09 18:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-09 18:27 . 2008-02-09 18:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-09 18:27 . 2008-02-09 18:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-02-09 18:26 . 2008-02-09 18:26 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-09 18:26 . 2008-02-09 18:26 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-02-09 17:52 . 2008-02-09 18:38 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-04 16:03 . 2008-02-04 16:03 <DIR> d-------- C:\ES
2008-02-04 08:32 . 2008-02-17 01:11 232,073,317 --a------ C:\Windows\MEMORY.DMP
2008-02-04 07:23 . 2008-02-26 07:36 <DIR> d-------- C:\Program Files\IrfanView
2008-02-03 18:15 . 2008-02-03 18:15 <DIR> d-------- C:\Program Files\DivX
2008-02-03 12:54 . 2008-02-26 09:16 <DIR> d-------- C:\Users\Cory\AppData\Roaming\skypePM
2008-02-03 12:54 . 2008-02-03 12:54 32 --a------ C:\Users\All Users\ezsid.dat
2008-02-03 12:54 . 2008-02-03 12:54 32 --a------ C:\ProgramData\ezsid.dat
2008-02-03 12:53 . 2008-02-26 12:04 <DIR> d-------- C:\Users\Cory\AppData\Roaming\Skype
2008-02-03 12:52 . 2008-02-03 12:52 <DIR> d-------- C:\Users\All Users\Skype
2008-02-03 12:52 . 2008-02-03 12:52 <DIR> d-------- C:\ProgramData\Skype
2008-02-03 12:52 . 2008-02-03 12:52 <DIR> d-------- C:\Program Files\Skype
2008-02-03 12:52 . 2008-02-03 12:52 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-26 19:23 . 2008-01-26 19:23 <DIR> d-------- C:\Program Files\RndLabs
2008-01-26 03:16 . 2008-01-26 03:16 <DIR> d-------- C:\Program Files\Google Video
2008-01-26 02:54 . 2008-01-26 02:54 <DIR> d-------- C:\Users\Cory\AppData\Roaming\Intervideo
2008-01-26 02:54 . 2008-01-26 02:55 <DIR> d-------- C:\Users\All Users\InterVideo
2008-01-26 02:54 . 2008-01-26 02:55 <DIR> d-------- C:\ProgramData\InterVideo
2008-01-26 02:54 . 2008-01-26 02:54 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-01-26 02:53 . 2008-01-26 02:53 <DIR> d-------- C:\Program Files\InterVideo
2008-01-26 02:52 . 2007-11-27 16:26 <DIR> d-------- C:\Windows\System32\GameBridge
2008-01-26 02:46 . 2004-06-24 09:00 585,728 --a------ C:\Windows\System32\drivers\msvcr80.dll
2008-01-26 02:46 . 2004-06-24 09:02 528,384 --a------ C:\Windows\System32\drivers\msvcp80.dll
2008-01-26 02:46 . 2005-09-07 22:02 149,471 --a------ C:\Windows\System32\drivers\gbclcnvt.ax
2008-01-26 02:46 . 2005-05-23 21:41 114,688 --a------ C:\Windows\System32\drivers\gbcpntfy.ax
2008-01-26 02:46 . 2005-05-23 21:43 110,592 --a------ C:\Windows\System32\drivers\gbtvrate.dll
2008-01-26 02:46 . 2005-09-15 01:15 61,440 --a------ C:\Windows\System32\drivers\gbaudmgr.ax
2008-01-26 02:46 . 2005-05-23 21:44 28,672 --a------ C:\Windows\System32\drivers\gbproppg.ax
2008-01-26 02:46 . 2005-10-22 01:53 13,704 --a------ C:\Windows\System32\drivers\avcgbdr.in_
2008-01-26 02:46 . 2005-10-22 01:08 3,504 --a------ C:\Windows\System32\drivers\avcgbfl.in_
2008-01-26 02:42 . 2005-09-26 14:08 125,568 --a------ C:\Windows\System32\drivers\avcgbdr.sys
2008-01-26 02:42 . 2005-10-26 12:14 19,712 --a------ C:\Windows\System32\drivers\avcgbfl.sys
2008-01-26 02:31 . 2008-01-26 02:31 <DIR> d-------- C:\Program Files\Adaptec
2008-01-26 02:30 . 2004-06-24 09:00 585,728 --------- C:\Windows\System32\msvcr80.dll
2008-01-26 02:30 . 2004-06-24 09:02 528,384 --------- C:\Windows\System32\msvcp80.dll
2008-01-26 02:30 . 2005-09-07 22:02 149,471 --------- C:\Windows\System32\gbclcnvt.ax
2008-01-26 02:30 . 2005-05-23 21:41 114,688 --------- C:\Windows\System32\gbcpntfy.ax
2008-01-26 02:30 . 2005-05-23 21:43 110,592 --------- C:\Windows\System32\gbtvrate.dll
2008-01-26 02:30 . 2005-09-15 01:15 61,440 --------- C:\Windows\System32\gbaudmgr.ax
2008-01-26 02:30 . 2005-05-23 21:44 28,672 --------- C:\Windows\System32\gbproppg.ax
2008-01-26 02:30 . 2005-09-24 00:49 16,382 --------- C:\Windows\System32\drivers\makoaudc.rom
2008-01-26 02:30 . 2005-05-23 21:45 14,264 --------- C:\Windows\System32\drivers\makoaudb.rom
2008-01-26 02:24 . 2000-06-16 06:26 31,744 --a------ C:\Windows\System32\huffyuv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:52 --------- d-----w C:\Users\Cory\AppData\Roaming\.purple
2008-02-26 17:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 17:06 27,240 ----a-w C:\Users\Cory\AppData\Roaming\nvModes.dat
2008-02-26 12:36 --------- d-----w C:\Users\Cory\AppData\Roaming\Winamp
2008-02-26 01:03 --------- d-----w C:\Users\Cory\AppData\Roaming\OpenOffice.org2
2008-02-25 14:00 --------- d-----w C:\Users\Cory\AppData\Roaming\uTorrent
2008-02-24 06:37 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-23 19:34 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-23 19:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-23 19:27 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 01:34 --------- d-----w C:\Program Files\Steam
2008-02-09 23:42 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-09 22:52 --------- d-----w C:\ProgramData\Viewpoint
2008-02-04 13:37 --------- d-----w C:\Program Files\Starcraft
2008-01-30 22:29 --------- d-----w C:\ProgramData\CyberLink
2008-01-26 07:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 23:27 --------- d-----w C:\Program Files\The Wonderful End of the World Trial
2008-01-23 03:36 --------- d-----w C:\Program Files\Project64 1.6
2008-01-20 13:32 --------- d-----w C:\Program Files\Romcenter
2008-01-20 06:27 --------- d-----w C:\Users\Cory\AppData\Roaming\cYo
2008-01-20 06:27 --------- d-----w C:\Program Files\ComicRack
2008-01-20 06:13 --------- d-----w C:\Program Files\CDisplayEx
2008-01-20 05:57 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-01-20 05:57 --------- d-----w C:\Program Files\OpenAL
2008-01-20 05:49 96 --sha-r C:\Windows\system32\drivers\OP_CACHE.ATR
2008-01-20 05:49 48 --sha-r C:\Windows\system32\drivers\OP_CACHE.IDX
2008-01-20 05:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 05:49 --------- d-----w C:\Program Files\Windows Mail
2008-01-20 05:49 --------- d-----w C:\Program Files\Windows Journal
2008-01-20 05:49 --------- d-----w C:\Program Files\Windows Defender
2008-01-20 05:49 --------- d-----w C:\Program Files\Winamp
2008-01-20 05:49 --------- d-----w C:\Program Files\QuickTime
2008-01-20 05:46 --------- d-----w C:\Program Files\uTorrent
2008-01-20 05:40 --------- d-----w C:\Program Files\Bluetack
2008-01-20 05:39 --------- d-----w C:\Program Files\Gargoyle
2008-01-20 05:39 --------- d-----w C:\Program Files\earthlink totalaccess
2008-01-20 05:39 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-20 05:39 --------- d-----w C:\Program Files\Common Files\Steam
2008-01-20 05:39 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 05:39 --------- d-----w C:\Program Files\Audiosurf
2008-01-20 05:39 --------- d-----w C:\Program Files\Audacity
2008-01-20 05:39 --------- d-----w C:\Program Files\Apple Software Update
2008-01-19 04:48 --------- d-----w C:\Program Files\SEGA
2008-01-18 05:19 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-18 05:18 --------- d-----w C:\Program Files\Acro Software
2008-01-17 23:45 --------- d-----w C:\ProgramData\Apple Computer
2008-01-17 23:45 --------- d-----w C:\ProgramData\Apple
2008-01-17 14:39 --------- d-----w C:\ProgramData\Lavasoft
2008-01-17 14:39 --------- d-----w C:\Program Files\Lavasoft
2008-01-11 08:33 --------- d-----w C:\Program Files\Winnydows
2008-01-01 17:31 --------- d-----w C:\Users\Cory\AppData\Roaming\uk.co.planetside
2008-01-01 07:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-01 07:51 --------- d-----w C:\Program Files\Java
2007-12-31 07:19 --------- d-----w C:\Users\Cory\AppData\Roaming\CyberLink
2007-12-31 03:17 --------- d-----w C:\Users\Cory\AppData\Roaming\PeerNetworking
2007-12-30 15:16 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-12-30 15:06 --------- d-----w C:\Users\Cory\AppData\Roaming\Roxio
2007-12-30 15:06 --------- d-----w C:\ProgramData\Sonic
2007-12-29 16:58 --------- d-----w C:\Users\Cory\AppData\Roaming\HP
2007-12-29 16:58 --------- d-----w C:\ProgramData\HP
2007-12-27 20:06 --------- d-----w C:\Program Files\Roxio
2007-12-27 16:05 --------- d-----w C:\Program Files\ZD Soft
2007-12-26 16:37 --------- d-----w C:\Program Files\Flagship Studios
2007-12-26 07:13 --------- d-----w C:\Program Files\Vongo
2007-12-26 07:13 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-12-26 06:48 --------- d-----w C:\ProgramData\AOL OCP
2007-12-26 06:46 --------- d-----w C:\ProgramData\Symantec
2007-12-26 06:41 --------- d-----w C:\Program Files\SP38015
2007-12-26 06:40 --------- d-----w C:\ProgramData\AOL
2007-12-26 01:05 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 01:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-26 00:44 --------- d-----w C:\ProgramData\WildTangent
2007-12-26 00:43 --------- d-----w C:\ProgramData\Hewlett-Packard
2007-12-26 00:43 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-26 00:42 --------- d-----w C:\Users\Cory\AppData\Roaming\Hewlett-Packard
2007-12-26 00:39 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6500 Notebook PC_Y5335KV_0U_QCNF7384DR1_E436786-002_4A_I30D2_SQuanta_V79.1D_F.22_T070817_WV3-0_L409_M2046_J200_7Intel_86FB_92.20_#071226_N10EC8136;80864229_(GS804UA#ABA)_XMO
BILE_CN10_Z.MRK
2007-12-26 00:32 --------- d-sh--w C:\ProgramData\Templates
2007-12-26 00:32 --------- d-sh--w C:\ProgramData\Start Menu
2007-12-26 00:32 --------- d-sh--w C:\ProgramData\Favorites
2007-12-26 00:32 --------- d-sh--w C:\ProgramData\Documents
2007-12-26 00:32 --------- d-sh--w C:\ProgramData\Desktop
2007-12-26 00:32 --------- d-sh--w C:\ProgramData\Application Data
2007-12-26 00:18 --------- d-----w C:\Users\Cory\AppData\Roaming\LAIM
2007-12-26 00:14 621,056 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-25 15:14 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1DF91D0-44CC-4E1A-8E59-5FBAA897DB2C}]
C:\Windows\system32\rqrrq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 09:16 171464]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 15:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 22:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 12:50 4390912 C:\Windows\RtHDVCpl.exe]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 20:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 13:38 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 18:12 317128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 05:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 05:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 05:27 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-09-27 05:00 106496]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-09-27 03:47 266240]
"PMCallCenter"="C:\Program Files\PrettyMay Call Center for Skype\PMCallCenter.exe" [ ]
"Skype Recorder"="C:\Program Files\Skype Recorder\Skype Recorder.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{45C2A50F-8F4A-496E-AF02-D0207525BF5A}"= C:\Windows\system32\yabbb.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 13:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 01:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-03-20 17:23 1773568 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\laim]
C:\Program Files\AIM Lite\aimlite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-25 08:15 1266936 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 10:16 37376 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-02 07:34 1004136 C:\Program Files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C5262C04-670E-407D-A7E8-F81B5E3ABE94}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{63CDDBBA-EAEC-475F-BC35-608C7ED5E6CB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{454464FF-A4B1-4479-A732-227306BAE003}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{99A41779-6DE4-4A4C-A5A6-7386CCF9C71E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C08C3D4-4C2A-47B9-A337-EB42F6123705}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{03896419-8B25-4710-9CEF-5234C43D08E6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5C165A40-2C81-4544-8A77-01A9F766954D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F4B3E9A-3E1C-4B98-B3E7-E3FAEFE06AC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F0680875-B6D1-4AC0-8501-BA4836C8F4DC}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9F4B1FCE-2400-4C08-9993-355A8DE0076B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{823FC835-75FE-4EE7-8105-E92906CC16E5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{22DF08C6-E072-419A-8F5C-DEBD9980D5A4}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{51778265-92CE-4001-9228-44A1EFF8F12F}C:\program files\aim6\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM|Desc=AIM
"UDP Query User{B918F36B-69A1-4E7D-9045-5FFB45E56CD1}C:\program files\aim6\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM|Desc=AIM
"{C58CCA7C-0924-47B6-9292-EB8939900F43}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{1DD32F77-DB36-4702-B02B-213E9B550D9D}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C15E7FA9-694F-4998-8137-D769309ABF48}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{37B4870C-B8A1-42A6-832E-C5EBD88B6360}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {71147865-9F2B-4375-81FF-7040448863D3},{7F82E9EA-52E0-4D8F-8D6E-3BE7AF6CBD09}
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-13 13:52]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 07:49]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 16:28]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 02:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-12-25 08:15]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 13:19:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2008-02-26 13:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 18:23:02
Thanks in advance!
Sign In
Create Account
