Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Used Combo-Fix - Now what? ;)


  • Please log in to reply

#1
lblevins

lblevins

    New Member

  • Member
  • Pip
  • 2 posts
Hi - I browsed thru other topics that looked very familiar as far as viruses on my cmputer - the whole Skynet thing was driving me insane...and ran Combo Fix which deleted a lot...but now what do I do? Is that it? Thx SOOOOOO much for all your help - Lori

ComboFix 09-07-29.01 - Lori 07/29/2009 13:25.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.555 [GMT -4:00]
Running from: c:\documents and settings\Lori\My Documents\My Music\iTunes\iTunes Music\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-725345543-573735546-2146956053-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\run.log
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\SKYNETdlvngwuj.sys
c:\windows\system32\drivers\TDSSmhlt.sys
c:\windows\system32\SKYNETblhtavym.dat
c:\windows\system32\SKYNETetkqpqqr.dat
c:\windows\system32\SKYNETkmnsftlw.dll
c:\windows\system32\SKYNETlog.dat
c:\windows\system32\SKYNETxorwuxdo.dll
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSScfmn.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxcp.dll
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoity.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoql.dll
c:\windows\system32\TDSSxhyf.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETpruwudqv
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-28 22:18 . 2009-07-29 16:43 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-28 22:10 . 2009-06-27 18:35 1008896 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-28 22:08 . 2009-07-28 22:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-28 22:08 . 2009-07-28 22:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-28 22:08 . 2009-07-28 22:08 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-28 22:08 . 2009-07-28 22:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-28 22:08 . 2009-07-29 12:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-28 22:08 . 2009-07-28 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-28 22:07 . 2009-07-28 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-28 22:03 . 2009-07-28 22:03 -------- d-----w- c:\documents and settings\Lori\Application Data\AVG8
2009-07-20 20:37 . 2009-07-20 20:37 -------- d-----w- c:\program files\Windows Defender
2009-07-18 19:59 . 2009-07-18 19:59 -------- d-----w- c:\program files\MSXML 6.0
2009-07-18 13:15 . 2009-07-18 13:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-07-18 13:15 . 2009-07-18 13:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-07-18 13:15 . 2009-07-18 13:15 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-18 13:14 . 2007-02-12 15:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-07-18 13:14 . 2007-02-12 15:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-07-18 13:14 . 2009-07-18 13:14 -------- d-----w- c:\documents and settings\James\Application Data\Intel
2009-07-18 13:14 . 2009-07-18 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-07-18 13:14 . 2009-07-18 13:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-07-18 13:13 . 2009-07-18 13:13 -------- d-----w- c:\documents and settings\Lori\Application Data\Dell
2009-07-18 13:12 . 2009-07-18 13:12 -------- d-----w- c:\documents and settings\Lori\Application Data\Intel
2009-07-18 13:00 . 2009-07-18 13:01 -------- d-----w- c:\documents and settings\Lori\Local Settings\Application Data\Deployment
2009-07-14 18:06 . 2009-07-14 18:06 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-07 18:33 . 2009-07-07 18:33 -------- d-----w- c:\windows\McAfee.com
2009-06-30 12:59 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 12:44 . 2005-10-25 16:32 14138 ----a-w- c:\documents and settings\Lori\Application Data\wklnhst.dat
2009-07-29 01:01 . 2006-09-16 02:59 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-22 12:34 . 2009-01-12 18:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-14 18:06 . 2009-06-27 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 17:36 . 2009-06-27 02:05 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-06-27 02:05 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 21:21 . 2006-03-18 14:34 -------- d-----w- c:\documents and settings\Lori\Application Data\Share-to-Web Upload Folder
2009-07-03 17:09 . 2004-08-19 20:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 13:05 . 2005-11-03 20:29 -------- d-----w- c:\documents and settings\Lori\Application Data\Yahoo!
2009-06-30 13:05 . 2005-10-20 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-06-30 13:05 . 2005-10-20 13:06 -------- d-----w- c:\program files\Yahoo!
2009-06-30 13:05 . 2005-10-20 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-30 12:51 . 2007-02-26 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-30 01:39 . 2005-10-23 00:00 -------- d-----w- c:\program files\McAfee
2009-06-29 14:11 . 2005-10-13 19:44 -------- d-----w- c:\program files\McAfee.com
2009-06-29 13:30 . 2009-06-29 13:30 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes
2009-06-28 00:14 . 2009-06-28 00:14 -------- d-----w- c:\program files\AVG
2009-06-27 13:21 . 2005-10-13 19:26 -------- d-----w- c:\program files\Java
2009-06-27 13:20 . 2009-06-27 13:20 152576 ----a-w- c:\documents and settings\Lori\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-27 02:05 . 2009-06-27 02:05 -------- d-----w- c:\documents and settings\Lori\Application Data\Malwarebytes
2009-06-27 02:05 . 2009-06-27 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 14:55 . 2004-08-19 20:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-19 20:49 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 02:45 . 2009-06-16 02:45 -------- d-----w- c:\documents and settings\Lori\Application Data\SecondLife
2009-06-03 19:24 . 2004-08-19 20:49 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:44 . 2004-08-19 20:49 344064 ----a-w- c:\windows\system32\localspl.dll
2005-10-19 20:39 . 2005-10-19 20:39 251 -c--a-w- c:\program files\wt3d.ini
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-10 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-10 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-10 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-10 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-10 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-10 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-10 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-10 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-10 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-10 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-10 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-10 10:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 03:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll
[-] 2004-08-10 10:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-10 10:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-10 10:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll

[-] 2004-08-10 10:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2004-08-10 10:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-10 10:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2004-08-10 10:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-10 10:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-10 10:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-10 10:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll

[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-10 10:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasauto.dll
[-] 2004-08-10 10:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-10 10:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 18:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-28 1948440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-13 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-28 22:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Lori^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Lori\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [5/30/2007 10:10 PM 149376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/28/2009 6:08 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/28/2009 6:08 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/28/2009 6:07 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/28/2009 6:07 PM 298776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-07-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-29 c:\windows\Tasks\User_Feed_Synchronization-{EEE51812-6829-474A-8960-B644596F1D48}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 13:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-29 13:39
ComboFix-quarantined-files.txt 2009-07-29 17:39

Pre-Run: 20,248,354,816 bytes free
Post-Run: 20,901,982,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

251 --- E O F --- 2009-07-29 13:14
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP