lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

TROJAN.VUNDO.H Removal

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

TROJAN.VUNDO.H Removal




Reply
Page 3 of 3 12 3
 
Thread Tools
  #21  
Old 16th Feb 2009, 20:28
Member Group
  
Default TROJAN.VUNDO.H Removal

ComboFix 09-02-15.01 - Saliq 2009-02-16 22:11:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.239 [GMT -5:00]
Running from: c:\documents and settings\Saliq\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Saliq\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MarketBrowser
c:\program files\MarketBrowser\lmt\bbpdsrc
c:\program files\MarketBrowser\lmt\bigfont.cnf
c:\program files\MarketBrowser\lmt\expo.cnf
c:\program files\MarketBrowser\lmt\expo.mac
c:\program files\MarketBrowser\lmt\exposrv.cnf
c:\program files\MarketBrowser\lmt\Exposrv.dll
c:\program files\MarketBrowser\lmt\expowin.cnf
c:\program files\MarketBrowser\lmt\favorits.txt
c:\program files\MarketBrowser\lmt\feat.mac
c:\program files\MarketBrowser\lmt\featdesc.txt
c:\program files\MarketBrowser\lmt\feathlp.txt
c:\program files\MarketBrowser\lmt\featprd.mnu
c:\program files\MarketBrowser\lmt\featreq.txt
c:\program files\MarketBrowser\lmt\featsrc.mnu
c:\program files\MarketBrowser\lmt\lmtdlg.exe
c:\program files\MarketBrowser\lmt\lmtunzip.dll
c:\program files\MarketBrowser\lmt\lmtzip.dll
c:\program files\MarketBrowser\lmt\macros\matype.mac
c:\program files\MarketBrowser\lmt\macros\mov.mac
c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
c:\program files\MarketBrowser\lmt\mbappver.txt
c:\program files\MarketBrowser\lmt\mbauth.xpl
c:\program files\MarketBrowser\lmt\mbbasi.txt
c:\program files\MarketBrowser\lmt\mbclick.xpl
c:\program files\MarketBrowser\lmt\mbdata.cnf
c:\program files\MarketBrowser\lmt\mbiecolr.ico
c:\program files\MarketBrowser\lmt\mbiegray.ico
c:\program files\MarketBrowser\lmt\mbiname.txt
c:\program files\MarketBrowser\lmt\mbinslst.txt
c:\program files\MarketBrowser\lmt\mbinsver.txt
c:\program files\MarketBrowser\lmt\mbprep.txt
c:\program files\MarketBrowser\lmt\mbreset.mac
c:\program files\MarketBrowser\lmt\mbsmfav.xpl
c:\program files\MarketBrowser\lmt\mbweb.fld
c:\program files\MarketBrowser\lmt\mbwebcon.xpl
c:\program files\MarketBrowser\lmt\mbwebsvc.xpl
c:\program files\MarketBrowser\lmt\mktbrws.cnf
c:\program files\MarketBrowser\lmt\mktbrws.exe
c:\program files\MarketBrowser\lmt\mktbrws.mac
c:\program files\MarketBrowser\lmt\msvcrt.dll
c:\program files\MarketBrowser\lmt\msvcrt40.dll
c:\program files\MarketBrowser\lmt\nsget.mac
c:\program files\MarketBrowser\lmt\oncrpc.dll
c:\program files\MarketBrowser\lmt\palette.mac
c:\program files\MarketBrowser\lmt\pdc.mac
c:\program files\MarketBrowser\lmt\pdsite.xpl
c:\program files\MarketBrowser\lmt\pdwebmk.xpl
c:\program files\MarketBrowser\lmt\pickd.mac
c:\program files\MarketBrowser\lmt\pickd.xpl
c:\program files\MarketBrowser\lmt\pickdcfg.xpl
c:\program files\MarketBrowser\lmt\pickdint
c:\program files\MarketBrowser\lmt\pickdmk.xpl
c:\program files\MarketBrowser\lmt\pickdqq.xpl
c:\program files\MarketBrowser\lmt\pickdsrc
c:\program files\MarketBrowser\lmt\pickdtfm
c:\program files\MarketBrowser\lmt\rotate3d.scr
c:\program files\MarketBrowser\lmt\rover.cnf
c:\program files\MarketBrowser\lmt\semenus\advpref.mnu
c:\program files\MarketBrowser\lmt\semenus\bandhilo.mnu
c:\program files\MarketBrowser\lmt\semenus\bandpct.mnu
c:\program files\MarketBrowser\lmt\semenus\bandstd.mnu
c:\program files\MarketBrowser\lmt\semenus\business.mnu
c:\program files\MarketBrowser\lmt\semenus\cmpchoic.mnu
c:\program files\MarketBrowser\lmt\semenus\cpi.mnu
c:\program files\MarketBrowser\lmt\semenus\custcomp.mnu
c:\program files\MarketBrowser\lmt\semenus\delfave.mnu
c:\program files\MarketBrowser\lmt\semenus\dmov.mnu
c:\program files\MarketBrowser\lmt\semenus\emailopt.mnu
c:\program files\MarketBrowser\lmt\semenus\employ.mnu
c:\program files\MarketBrowser\lmt\semenus\exchange.mnu
c:\program files\MarketBrowser\lmt\semenus\expwma.mnu
c:\program files\MarketBrowser\lmt\semenus\faststoc.mnu
c:\program files\MarketBrowser\lmt\semenus\frbstls1.mnu
c:\program files\MarketBrowser\lmt\semenus\ftpid.mnu
c:\program files\MarketBrowser\lmt\semenus\gdp.mnu
c:\program files\MarketBrowser\lmt\semenus\getemail.mnu
c:\program files\MarketBrowser\lmt\semenus\housing.mnu
c:\program files\MarketBrowser\lmt\semenus\irates.mnu
c:\program files\MarketBrowser\lmt\semenus\loans.mnu
c:\program files\MarketBrowser\lmt\semenus\macd.mnu
c:\program files\MarketBrowser\lmt\semenus\mbactiv.mnu
c:\program files\MarketBrowser\lmt\semenus\mbautop.mnu
c:\program files\MarketBrowser\lmt\semenus\mbbmadd.mnu
c:\program files\MarketBrowser\lmt\semenus\mblongnm.mnu
c:\program files\MarketBrowser\lmt\semenus\medprc.mnu
c:\program files\MarketBrowser\lmt\semenus\mfdx.mnu
c:\program files\MarketBrowser\lmt\semenus\mktmon2.mnu
c:\program files\MarketBrowser\lmt\semenus\mom.mnu
c:\program files\MarketBrowser\lmt\semenus\monetary.mnu
c:\program files\MarketBrowser\lmt\semenus\mov1.mnu
c:\program files\MarketBrowser\lmt\semenus\mov1s.mnu
c:\program files\MarketBrowser\lmt\semenus\mov2.mnu
c:\program files\MarketBrowser\lmt\semenus\mov3.mnu
c:\program files\MarketBrowser\lmt\semenus\newfave.mnu
c:\program files\MarketBrowser\lmt\semenus\numcols.mnu
c:\program files\MarketBrowser\lmt\semenus\pctr.mnu
c:\program files\MarketBrowser\lmt\semenus\pdatt.mnu
c:\program files\MarketBrowser\lmt\semenus\pdatt2.mnu
c:\program files\MarketBrowser\lmt\semenus\pdatt3.mnu
c:\program files\MarketBrowser\lmt\semenus\pdattdef.mnu
c:\program files\MarketBrowser\lmt\semenus\pdattsct.mnu
c:\program files\MarketBrowser\lmt\semenus\pdcustm2.mnu
c:\program files\MarketBrowser\lmt\semenus\pdcustm4.mnu
c:\program files\MarketBrowser\lmt\semenus\pdcustom.mnu
c:\program files\MarketBrowser\lmt\semenus\pdreret.mnu
c:\program files\MarketBrowser\lmt\semenus\ppi.mnu
c:\program files\MarketBrowser\lmt\semenus\prefport.mnu
c:\program files\MarketBrowser\lmt\semenus\prefprt2.mnu
c:\program files\MarketBrowser\lmt\semenus\prntpref.mnu
c:\program files\MarketBrowser\lmt\semenus\pv.mnu
c:\program files\MarketBrowser\lmt\semenus\pvolx.mnu
c:\program files\MarketBrowser\lmt\semenus\removewn.mnu
c:\program files\MarketBrowser\lmt\semenus\reserves.mnu
c:\program files\MarketBrowser\lmt\semenus\roc.mnu
c:\program files\MarketBrowser\lmt\semenus\rsi.mnu
c:\program files\MarketBrowser\lmt\semenus\sar.mnu
c:\program files\MarketBrowser\lmt\semenus\shutpref.mnu
c:\program files\MarketBrowser\lmt\semenus\simpcht.mnu
c:\program files\MarketBrowser\lmt\semenus\slowstoc.mnu
c:\program files\MarketBrowser\lmt\semenus\sprd.mnu
c:\program files\MarketBrowser\lmt\semenus\stdcomp.mnu
c:\program files\MarketBrowser\lmt\semenus\studydat.mnu
c:\program files\MarketBrowser\lmt\semenus\trend.mnu
c:\program files\MarketBrowser\lmt\semenus\ultos.mnu
c:\program files\MarketBrowser\lmt\semenus\usrcustm.mnu
c:\program files\MarketBrowser\lmt\semenus\vol.mnu
c:\program files\MarketBrowser\lmt\semenus\volume.mnu
c:\program files\MarketBrowser\lmt\semenus\webpref.mnu
c:\program files\MarketBrowser\lmt\semenus\weekly.mnu
c:\program files\MarketBrowser\lmt\semenus\winbox.mnu
c:\program files\MarketBrowser\lmt\semenus\winipref.mnu
c:\program files\MarketBrowser\lmt\semenus\wksprop.mnu
c:\program files\MarketBrowser\lmt\smalfont.cnf
c:\program files\MarketBrowser\lmt\start.bmp
c:\program files\MarketBrowser\lmt\starttan.bmp
c:\program files\MarketBrowser\lmt\support.mac
c:\program files\MarketBrowser\lmt\system.mac
c:\program files\MarketBrowser\lmt\system.xpl
c:\program files\MarketBrowser\lmt\tech.mac
c:\program files\MarketBrowser\lmt\tech3.mac
c:\program files\MarketBrowser\lmt\techovl.mac
c:\program files\MarketBrowser\lmt\touch.exe
c:\program files\MarketBrowser\lmt\try.bmp
c:\program files\MarketBrowser\lmt\trytan.bmp
c:\program files\MarketBrowser\lmt\urllist.txt
c:\program files\MarketBrowser\lmt\winbox.mac
c:\program files\MarketBrowser\lmt\xpl\corrmat.xpl
c:\program files\MarketBrowser\lmt\xpl\matype.xpl
c:\program files\MarketBrowser\lmt\xpl\mov.xpl
c:\program files\MarketBrowser\lmt\xpl\nsget.xpl
c:\program files\MarketBrowser\lmt\xpl\tech.xpl
c:\program files\MarketBrowser\lmt\xpl\winbox.xpl
c:\program files\MarketBrowser\lmt\xpwfile.ico

.
((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-15 23:00 . 2009-02-15 23:00 <DIR> d-------- c:\program files\Trend Micro
2009-02-15 22:48 . 2009-02-15 22:48 <DIR> d-------- c:\program files\CCleaner
2009-02-15 22:33 . 2009-02-15 22:33 61,440 --a------ c:\windows\system32\drivers\jumdgyx.sys
2009-02-15 12:42 . 2009-02-15 12:42 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-15 12:42 . 2009-02-15 12:42 <DIR> d-------- c:\documents and settings\Saliq\Application Data\SUPERAntiSpyware.com
2009-02-15 12:42 . 2009-02-15 12:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 12:41 . 2009-02-15 12:41 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-15 09:34 . 2009-02-15 09:34 <DIR> d-------- c:\program files\Lavasoft
2009-02-15 04:10 . 2009-02-15 04:10 2,713 ---hs---- c:\windows\system32\wikegivi.exe
2009-02-14 21:44 . 2009-02-14 22:08 <DIR> d-------- c:\program files\a-squared Free
2009-02-14 19:58 . 2009-02-15 09:23 <DIR> d-------- c:\program files\The Cleaner Demo
2009-02-14 19:58 . 2009-02-14 19:58 5,376 --a------ c:\windows\system32\drivers\MS1000.sys
2009-02-14 19:57 . 2009-02-14 19:57 <DIR> d-------- c:\documents and settings\Saliq\Application Data\TrojanHunter
2009-02-14 19:54 . 2009-02-14 19:55 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-02-14 15:52 . 2009-02-14 15:54 496,836 --a------ C:\lxcgunst.csv
2009-02-14 15:26 . 2009-02-14 15:26 <DIR> d-------- c:\documents and settings\Administrator
2009-02-11 18:39 . 2009-02-11 18:39 <DIR> d-------- c:\program files\Schweser2008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-16 15:04 --------- d-----w c:\documents and settings\Saliq\Application Data\U3
2009-02-16 14:51 --------- d-----w c:\program files\Viewpoint
2009-02-16 14:51 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-15 14:34 --------- d-----w c:\documents and settings\Saliq\Application Data\Lavasoft
2009-02-15 14:31 --------- d-----w c:\program files\Bonjour
2009-02-15 14:29 --------- d-----w c:\program files\PokerStars
2009-02-15 14:28 --------- d-----w c:\program files\PartyGaming
2009-02-14 17:57 --------- d-----w c:\program files\Total Video Converter
2009-02-14 16:58 --------- d-----w c:\documents and settings\Saliq\Application Data\Skype
2009-02-14 14:43 --------- d-----w c:\documents and settings\Saliq\Application Data\skypePM
2009-02-12 13:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-01 20:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-01 20:31 --------- d-----w c:\program files\Microsoft Works
2009-01-30 03:53 --------- d-----w c:\program files\Lx_cats
2009-01-30 01:40 --------- d-----w c:\program files\Apple Software Update
2009-01-28 11:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 16:25 --------- d-----w c:\program files\iTunes
2009-01-11 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-11 16:24 --------- d-----w c:\program files\iPod
2009-01-11 16:24 --------- d-----w c:\program files\Common Files\Apple
2009-01-11 16:20 --------- d-----w c:\program files\QuickTime
2009-01-02 22:45 --------- d-----w c:\program files\Skype
2009-01-02 22:45 --------- d-----w c:\program files\Common Files\Skype
2009-01-02 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-31 16:14 --------- d-----w c:\documents and settings\Saliq\Application Data\EPSON
2008-12-24 23:29 --------- d--h--w c:\documents and settings\Saliq\Application Data\Move Networks
2008-12-24 23:22 --------- d-----w c:\program files\DivX
2006-05-30 23:25 56 --sh--r c:\windows\system32\936D996ADC.sys
2007-04-03 21:01 88 -csh--r c:\windows\system32\DC6A996D93.sys
2007-04-03 21:01 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-27 00:33 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080 827\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-16_10.23.11.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-17 03:17:51 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2005-04-05 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Saliq\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-25 110592]
LClock.lnk - c:\program files\LClock\LClock.exe [2004-09-19 65536]
UberIcon.lnk - c:\program files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
YzShadow.lnk - c:\program files\YzShadow\YzShadow.exe [2002-09-30 151552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-25 110592]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Saliq^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2]
--a--c--- 2006-12-08 10:58 1546544 c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-10-05 03:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-08-22 16:28 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Sun\\Creator2_1\\java\\bin\\java.exe"=
"c:\\Program Files\\Sun\\Creator2_1\\SunAppServer8\\lib\\appser v.exe"=
"c:\\Program Files\\Sun\\Creator2_1\\java\\jre\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-13 99376]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2006-08-06 72576]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [2008-01-12 23888]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-09-17 42112]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - 6to4
*Deregistered* - a2free
*Deregistered* - AOL ACS
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - Bonjour Service
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - lxcg_device
*Deregistered* - MDM
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SmcService
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - Symantec AntiVirus
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-16 c:\windows\Tasks\iTunes.job
- c:\documents and settings\All Users\Start Menu\Programs\iTunes\iTunes.lnk [2009-02-16 04:24]

2009-02-13 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-11-11 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
FF - ProfilePath - c:\documents and settings\Saliq\Application Data\Mozilla\Firefox\Profiles\l8ojpuia.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&quer y=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query =
FF - plugin: c:\documents and settings\Saliq\Application Data\Mozilla\Firefox\Profiles\l8ojpuia.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 22:19:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-837775763-1522542022-1759965914-1006\Software\Local AppWizard-Generated Applications\MMDiag]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-837775763-1522542022-1759965914-1006\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,02,00,0 0,00,00,00,00,00,b0,e2,2b,d8,
64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a ,11,00,00,1a,00,00,00,01,\
"Upgrade"=dword:00000001

[HKEY_USERS\S-1-5-21-837775763-1522542022-1759965914-1006\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-837775763-1522542022-1759965914-1006\Software\MusicMatch, Inc.\Musicmatch for WMP]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\Digital Line Detect]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\NetWaiting]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39 F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@="AcroAccess.AcrobatAccess.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39 F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39 F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@="{C523F390-9C83-11D3-9094-00104BD0D535}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39 F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroAccess.AcrobatAccess"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3F5 78A46-082A-4C83-947A-CC7FF8B4A089}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3F5 78A46-082A-4C83-947A-CC7FF8B4A089}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{3F5 78A46-082A-4C83-947A-CC7FF8B4A089}\TypeLib]
@DACL=(02 0000)
@="{54635C92-DFAF-4A99-8802-92FB068A6154}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8 A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8 A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8 A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8 A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8 A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8 A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\MMJB.M3U\shell]
@DACL=(02 0000)
@="Play"

[HKEY_LOCAL_MACHINE\software\Classes\MMJB.MMZ\shell]
@DACL=(02 0000)
@="Install"

[HKEY_LOCAL_MACHINE\software\Classes\MMJB.MP3\shell]
@DACL=(02 0000)
@="Play"

[HKEY_LOCAL_MACHINE\software\Classes\MMJB.WAV\shell]
@DACL=(02 0000)
@="Play"

[HKEY_LOCAL_MACHINE\software\Classes\MMJB.WMA\shell]
@DACL=(02 0000)
@="Play"

[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMAT CH Jukebox\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Creative Tech\Installation]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\ PROSet\SupportTabKey]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\ SyncLayer\8023Adapters]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\ WMI]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEM ENT]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME _PASSWORD_DISABLE]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTI VEXINSTALL]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILE DOWNLOAD]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILE CHECK]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVI GATE_URL]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\Start Page]
@DACL=(02 0000)
"Home_Page"="http://www.dell.com"
"Help_Page"="http://support.dell.com"

[HKEY_LOCAL_MACHINE\software\Microsoft\Java VM\System Properties]
@DACL=(02 0000)
"http.agent"="Java 1.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ 10.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=DQZ9X91 \00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06???\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'?????"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ services\MTVN]
@DACL=(02 0000)
"FriendlyName"="URGE"
"ImageLargeURL"="http://store.urge.com/sitewide/wmp/img/urge_tmp.png"
"ImageMenuURL"="http://store.urge.com/sitewide/wmp/img/wmpdms_menuicon.jpg"
"ContentPartner"="true"
"ImageSmallURL"="http://store.urge.com/sitewide/wmp/img/error_logo.png"
"Task1ButtonText"="URGE"
"Task1ButtonTip"="URGE"
"Type"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
@SACL=
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Netscape Online\DellWrapper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\WildTangent\CDA]
@DACL=(02 0000)
"PersistentInstall"=dword:00000000
"Directory"="c:\\Program Files\\WildTangent\\Apps\\CDA\\"
"Version"="5.1.0.40"
"MonitorSettings"="0,5,40 0,60,120 3,5,120 3,60,1200 5,86400,21000000 6,86400,500000000 8,5,120 8,60,200 9,5,40 9,60,200 12,5,120 12,60,200 5,1800,500000"
"FileName0400"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0401"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0402"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0403"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0404"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0405"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0406"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0407"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0408"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0409"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0490"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0500"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"FileName0501"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"
"LaunchCmd"="\"c:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" \"c:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0501.dll\" "
"StartupCmd"="\"c:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"c:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0501.dll\" "
"FileName0502"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAEngine0501.dll"

[HKEY_LOCAL_MACHINE\software\WildTangent\CDA\Contro lPanel\DMMP]
@DACL=(02 0000)
"name"="Multiplayer"
"order"="40"
"url"="DMMP/index.html"

[HKEY_LOCAL_MACHINE\software\WildTangent\ComponentR epository]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\WildTangent\GameChanne l]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\WildTangent\LFS]
@DACL=(02 0000)
"AppConfig"="AppConfig"
"Scripts"="Scripts"
"CDAData"="CDAData"
"TaskStore"="TaskStore"
"WTRoot"="c:\\Program Files\\WildTangent"
"Components"=""
"Apps"="c:\\Program Files\\WildTangent\\Apps"

[HKEY_LOCAL_MACHINE\software\WildTangent\LicenseSto res]
@DACL=(02 0000)
"WT"="c:\\Program Files\\WildTangent\\LicenseStores\\WT\\"

[HKEY_LOCAL_MACHINE\software\WildTangent\WebDriverP ackages]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\WildTangent\WebDriverP ackages\Distributed Multiplayer]
@DACL=(02 0000)
"name"="Multiplayer Support"
"version"="3.0.2.001"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\a-squared Free\a2service.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\lxcgcoms.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-02-16 22:26:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 03:26:14
ComboFix2.txt 2009-02-16 15:26:26

Pre-Run: 65,527,853,056 bytes free
Post-Run: 65,484,218,368 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
658 --- E O F --- 2008-11-13 14:23:37
  #22  
Old 17th Feb 2009, 07:21
Member Group
  
Default TROJAN.VUNDO.H Removal

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3859 (20090217)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=4e0511b15445a04bbfe82f6ec2330005
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-17 07:42:42
# local_time=2009-02-17 02:42:42 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=905516
# found=2
# scan_time=14727
C:\Program Files\Morpheus\morpheustoolbar.exe Win32/Toolbar.AskSBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Morpheus\mymorpheusToolbar.exe Win32/Toolbar.AskSBar application (unable to clean - deleted) 00000000000000000000000000000000
  #23  
Old 17th Feb 2009, 09:56
Moderator Group
  
Default TROJAN.VUNDO.H Removal

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.
__________________
  #24  
Old 17th Feb 2009, 10:00
Member Group
  
Default TROJAN.VUNDO.H Removal

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.42
a-squared Free 4.0
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Ad-Aware SE Plus
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
AIM 6
AIM Toolbar
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Calculator Powertoy for Windows XP
CCleaner (remove only)
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copernic Desktop Search 2
Corel Paint Shop Pro X
Corel Photo Album 6
Daily Alarm Clock 1.11
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EducateU
ELIcon
EphPod
EPSON Printer Software
EPSON TWAIN 5
Foxit Reader
Games, Music, & Photos Launcher
Graboid Video 1.2
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iColorFolder
Instant Wireless USB Adapter
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Lexmark 2300 Series
Lexmark Fax Solutions
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
MCU
Mega Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Morpheus 5.4 (remove only)
Motorola Software Update
Move Networks Media Player for Internet Explorer
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
myTunes Redux 1.0
Nero 7 Demo
NetWaiting
NetZeroInstallers
Ohio Life and Health CompuCram
Pack Vista-NuoveXT ShellPack v1
PDFill PDF Editor with FREE PDF Writer and Tools
PDFill PDF Writer
PrimoPDF
PrimoPDF Redistribution Package
QuickTime
RealPlayer
Revo Uninstaller 1.71
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SchweserPro Level 1 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Skype™ 3.8
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy 1.4
StreamPlug Player
Sun Download Manager 2.0 (web)
Sun Java Studio Creator 2 Update 1
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
Total Video Converter 3.10
TrojanHunter 5.0
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb944965)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Word 2007 (KB934173)
VideoLAN VLC media player 0.8.6d
Virtual Desktop Manager Powertoy for Windows XP
WebCyberCoach 3.2 Dell
WebFldrs XP
WinAce Archiver
WinAce Archiver 2.0
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
YOU DON'T KNOW JACK V1.0
  #25  
Old 17th Feb 2009, 10:19
Moderator Group
  
Default TROJAN.VUNDO.H Removal

Quote:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 12 is the only version of Java you need. Older versions are vulnerable to malware.

Download JavaRa
  • Unzip the file and open the JavaRa.exe
  • Click Remove Older Versions
  • JavaRa will search for and remove any outdated version of Java and remove any that are found.
  • Click Additional Tasks
  • Place a check next to Remove Useless JRE Files and click Go
  • Exit JavaRa
  • Delete the JavaRa files from the Desktop

Now check Add/Remove Programs ot be sure only Java(TM) 6 Update 12 is installed. Uninstall any others.

----------

Time to do some cleanup and secure the work you have done.
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


-----

How is the computer running now?
__________________
  #26  
Old 17th Feb 2009, 22:49
Member Group
  
Default TROJAN.VUNDO.H Removal

The computer hasn't detected any virus or any other trojan. Thank you so much for all the help. This has been a very easy and helpful experience!
  #27  
Old 18th Feb 2009, 09:14
Moderator Group
  
Default TROJAN.VUNDO.H Removal

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
Reply
Page 3 of 3 12 3

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help... Can't Get Rid of TROJAN.VUNDO.H. sukun Virus, Spyware & Security 1 2nd May 2009 16:27
I Can't Get Rid of TROJAN.VUNDO.H from my PC theprodigycmb Virus, Spyware & Security 13 16th Mar 2009 16:40
Trojan.Vundo.H Removal. Need Help Please. SpL Virus, Spyware & Security 10 27th Feb 2009 17:29
Need Help w/ Trojan.Vundo H! Nicholas02 Virus, Spyware & Security 22 22nd Dec 2008 17:59
Trojan.vundo.h , trojan.agent , adware.mirar + MORE! :( sillyarfer Virus, Spyware & Security 1 14th Dec 2008 09:59
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.