hello,
I followed the next step of creating the btach file and executed it and then downloaded the combofix.exe and executed this too. It asked me to disable the Norton Internet Security system but I could not do it because I am installing everything in the safe mode where the norton internet full system is not activated. Anyways, the combofix ran and after rebooting it loaded the combofix.txt
The combofix.txt is as follows:-
ComboFix 09-10-01.05 - Administrator 10/02/2009 23:28.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3186 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ajay\Application Data\amehi.com
c:\documents and settings\Ajay\Application Data\ehomody.dll
c:\documents and settings\Ajay\Application Data\ipikasyz.com
c:\documents and settings\Ajay\Application Data\ipizonoli.inf
c:\documents and settings\Ajay\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Ajay\Application Data\qedo.com
c:\documents and settings\Ajay\Application Data\selydygyh.scr
c:\documents and settings\Ajay\Application Data\tutoxepe.dl
c:\documents and settings\Ajay\Application Data\uhobybocu.pif
c:\documents and settings\Ajay\Application Data\uvuqefoxop.lib
c:\documents and settings\Ajay\Local Settings\Application Data\ifitodaqer.pif
c:\documents and settings\Ajay\Local Settings\Application Data\opaqehihi.scr
c:\documents and settings\Ajay\Local Settings\Application Data\yhoz.dll
c:\documents and settings\Ajay\Local Settings\Application Data\yryqasyfug.sys
c:\documents and settings\All Users\Application Data\agyfi.sys
c:\documents and settings\All Users\Application Data\nerupo.com
c:\documents and settings\All Users\Application Data\wemixewili.bat
c:\documents and settings\All Users\Documents\agoxi.inf
c:\documents and settings\All Users\Documents\asuz.ban
c:\documents and settings\All Users\Documents\lahi.com
c:\documents and settings\All Users\Documents\maxo.com
c:\documents and settings\All Users\Documents\ofala._dl
c:\documents and settings\All Users\Documents\puquqi.sys
c:\documents and settings\All Users\Documents\qivopydaly.scr
c:\documents and settings\All Users\Documents\zelefyxo.dll
c:\program files\Common Files\ewyjisuw.vbs
c:\program files\Common Files\jyxuju.ban
c:\program files\Common Files\muki.dll
c:\program files\Common Files\ocedyfobi.com
c:\program files\Common Files\oleh.bat
c:\program files\Common Files\wiko.scr
c:\program files\Common Files\yfuqijicy.bin
c:\program files\Common Files\ypip.reg
c:\windows\azoryfepah._dl
c:\windows\ceniligamu.sys
c:\windows\feviw.ban
c:\windows\fywylyvy.sys
c:\windows\gohafev.exe
c:\windows\igikenuf.exe
c:\windows\irufejak.bin
c:\windows\jygogi.inf
c:\windows\oqugom.scr
c:\windows\otacu.dll
c:\windows\parutovaw.pif
c:\windows\puqem.sys
c:\windows\system32\_scui.cpl
c:\windows\system32\bikurifo.exe
c:\windows\system32\boserote.dll
c:\windows\system32\drivers\gasfkyhdkfnwnq.sys
c:\windows\system32\dunuwopo.dll
c:\windows\system32\gasfkycxeaopej.dat
c:\windows\system32\gasfkylsvngyuj.dll
c:\windows\system32\gasfkyofheqftq.dll
c:\windows\system32\gavapufa.dll
c:\windows\system32\ginekufu.dll
c:\windows\system32\ixarimyt.sys
c:\windows\system32\jinuwif.vbs
c:\windows\system32\juwufajo.dll.tmp
c:\windows\system32\lisuhufu.dll.tmp
c:\windows\system32\lutovute.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\mehoheri.exe
c:\windows\system32\musesiwo.dll
c:\windows\system32\nayazika.exe
c:\windows\system32\ninoleli.dll.tmp
c:\windows\system32\riha.sys
c:\windows\system32\riqinonaj.vbs
c:\windows\system32\sehaniju.dll
c:\windows\system32\sosarure.exe
c:\windows\system32\suwumuwo.dll
c:\windows\system32\tejonubo.dll
c:\windows\system32\uvonaba.vbs
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wukoraga.dll
c:\windows\system32\zehire.reg
c:\windows\ucepasy.scr
c:\windows\ulin._dl
c:\windows\ydosicok.sys
c:\windows\yxikere.bat
c:\windows\zetysopac.reg
c:\windows\zigyjy.sys
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-10-03 01:36 . 2008-04-14 12:00 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-10-02 22:27 . 2009-10-02 22:30 -------- d-----w- c:\program files\winlog
2009-10-02 16:39 . 2009-10-02 16:39 -------- d-----w- c:\documents and settings\Ajay\Application Data\Malwarebytes
2009-10-02 03:55 . 2009-10-02 03:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 02:18 . 2009-10-02 02:19 -------- d--h--w- c:\windows\PIF
2009-10-02 01:36 . 2009-10-02 01:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-02 01:36 . 2009-10-02 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 00:23 . 2009-10-02 00:23 -------- d-----w- c:\windows\ERUNT
2009-10-02 00:16 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-10-01 14:42 . 2009-06-04 01:36 -------- d-----w- c:\documents and settings\Manisha\Application Data\Wave Systems Corp
2009-10-01 14:40 . 2009-10-01 14:40 -------- d-----w- c:\documents and settings\Ajay\Local Settings\Application Data\Symantec
2009-10-01 14:34 . 2009-10-01 14:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-01 12:48 . 2009-10-01 12:48 -------- d-----r- c:\program files\Norton Support
2009-10-01 12:45 . 2009-10-01 12:45 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-01 12:45 . 2009-10-01 12:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-10-01 12:41 . 2009-10-01 12:41 17189 ----a-w- c:\windows\system32\zexo.dat
2009-10-01 12:39 . 2009-10-01 12:39 25088 --sha-w- c:\documents and settings\LocalService\ntuser.dll
2009-10-01 12:32 . 2009-10-01 12:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-01 11:54 . 2009-10-01 11:54 458752 ----a-w- c:\windows\system32\pump.exe
2009-10-01 11:52 . 2009-10-02 22:30 0 ----a-w- c:\windows\win32k.sys
2009-10-01 11:51 . 2009-10-01 11:54 25088 --sha-w- c:\windows\system32\calc.dll
2009-10-01 11:51 . 2009-10-01 11:51 25088 --sha-w- c:\documents and settings\Ajay\ntuser.dll
2009-10-01 11:50 . 2009-10-01 11:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-29 13:06 . 2009-09-29 13:06 -------- d-----w- C:\Manisha
2009-09-09 11:49 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 01:36 . 2009-06-10 21:35 0 ----a-w- c:\documents and settings\Ajay\Local Settings\Application Data\WavXMapDrive.bat
2009-10-02 14:32 . 2009-07-02 14:32 51200 --sha-w- c:\windows\system32\bokuwavi.dll
2009-10-02 14:32 . 2009-07-02 14:32 91136 --sha-w- c:\windows\system32\turepare.dll
2009-10-02 01:03 . 2009-07-02 01:02 50688 --sha-w- c:\windows\system32\pulobuha.dll
2009-10-02 00:42 . 2009-10-02 00:42 17461 ----a-w- c:\program files\Common Files\huracubiho._sy
2009-10-01 19:04 . 2009-06-04 01:12 81629 ----a-w- c:\windows\system32\nvModes.dat
2009-10-01 19:03 . 2009-10-01 14:42 0 ----a-w- c:\documents and settings\Manisha\Local Settings\Application Data\WavXMapDrive.bat
2009-10-01 16:46 . 2009-10-01 16:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-10-01 13:02 . 2009-07-01 13:02 91136 --sha-w- c:\windows\system32\pujojiwu.dll
2009-10-01 12:41 . 2009-10-01 12:41 18770 ----a-w- c:\program files\Common Files\remulige.lib
2009-10-01 12:41 . 2009-10-01 12:41 11892 ----a-w- c:\documents and settings\Ajay\Application Data\gigyha.dat
2009-10-01 12:41 . 2009-10-01 12:41 10299 ----a-w- c:\documents and settings\Ajay\Application Data\hetujadyw.dat
2009-09-14 03:35 . 2009-08-08 03:43 -------- d-----w- c:\documents and settings\Ajay\Application Data\vlc
2009-09-10 22:35 . 2009-06-10 21:39 -------- d-----w- c:\program files\Symantec
2009-09-10 22:35 . 2009-06-10 21:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-10 22:35 . 2009-06-10 21:39 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-10 22:35 . 2009-06-10 21:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-10 22:35 . 2009-06-10 21:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-10 12:57 . 2009-06-04 01:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 04:43 . 2009-06-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Examsoft
2009-08-30 00:43 . 2009-06-10 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-22 07:21 . 2009-06-10 21:39 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-21 11:34 . 2009-06-04 01:26 20648 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 11:22 . 2009-06-04 01:36 20648 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 12:00 . 2009-08-12 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-12 12:00 . 2009-08-12 12:00 -------- d-----w- c:\documents and settings\Ajay\Application Data\CyberLink
2009-08-08 14:26 . 2009-06-04 01:32 -------- d-----w- c:\program files\Microsoft
2009-08-08 14:26 . 2009-06-04 01:32 -------- d-----w- c:\program files\Windows Live
2009-08-08 03:42 . 2009-08-08 03:42 -------- d-----w- c:\program files\VideoLAN
2009-08-05 09:01 . 2008-04-25 16:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:03 . 2009-08-05 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-05 03:01 . 2009-08-05 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-05 03:01 . 2009-08-05 02:59 -------- d-----w- c:\program files\Yahoo!
2009-08-05 03:00 . 2009-08-05 03:00 -------- d-----w- c:\documents and settings\Ajay\Application Data\Yahoo!
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-28 20:47 . 2009-06-11 00:12 100950 ----a-w- c:\windows\jgzr.dat
2009-07-17 19:01 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2008-04-25 16:16 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"calc"="c:\windows\system32\calc.dll" [2009-10-01 25088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-08-28 90112]
c:\documents and settings\Ajay\Start Menu\Programs\Startup\
scandisk.dll [2009-10-1 25088]
scandisk.lnk - c:\windows\system32\rundll32.exe [2008-4-25 33280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-6-10 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-3 50688]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [9/8/2009 6:04 PM 310320]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/4/2009 12:05 AM 244368]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 6:04 PM 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [9/8/2009 6:04 PM 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/16/2009 5:52 PM 329080]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/8/2009 6:04 PM 117640]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/4/2009 12:05 AM 112512]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/4/2009 12:05 AM 32808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 4:00 AM 102448]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/4/2009 12:05 AM 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/4/2009 12:05 AM 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/4/2009 12:05 AM 280096]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/3/2009 9:29 PM 232744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.18/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{31379e36-bdca-4833-9762-245844c20d72} - ginekufu.dll
HKLM-Run-rumemajow - c:\windows\system32\lutovute.dll
HKLM-Run-dafotojazu - sehaniju.dll
SharedTaskScheduler-{f7d2201e-8ba2-487a-ae11-0a2e14206a3f} - c:\windows\system32\lutovute.dll
SSODL-rayulekag-{f7d2201e-8ba2-487a-ae11-0a2e14206a3f} - c:\windows\system32\lutovute.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-02 23:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1298724602-3524121627-213368549-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,42,36,81,f7,f5,4c,46,8a,be,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,42,36,81,f7,f5,4c,46,8a,be,da,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1240)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\system32\NetProvCredMan.dll
- - - - - - - > 'explorer.exe'(1440)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
Completion time: 2009-10-03 23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 03:36
Pre-Run: 233,593,384,960 bytes free
Post-Run: 233,497,063,424 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
350 --- E O F --- 2009-09-10 12:21