Tech Support Forum - View Single Post

centurian · 08-30-2008, 06:14 AM

It worked!!

ComboFix 08-08-28.06 - One 2008-08-30 21:51:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT 10:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\bin.clearspring.com
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\interclick.com
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\interclick.com\ud.sol
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ROTW

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-15 23:36 . 2008-08-15 23:36 <DIR> d-------- C:\Program Files\Avira
2008-08-15 23:36 . 2008-08-15 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-14 23:43 . 2008-08-14 23:43 250 --a------ C:\WINDOWS\gmer.ini
2008-08-14 23:25 . 2008-08-14 23:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 23:25 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 23:25 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 23:12 . 2008-05-02 00:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-02 21:53 . 2008-08-02 21:53 <DIR> d-------- C:\Deckard
2008-07-30 23:13 . 2008-07-30 23:13 <DIR> d-------- C:\ie-spyad_zo
2008-07-27 23:26 . 2008-07-27 23:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-21 00:11 . 2008-07-21 00:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-20 23:07 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-20 23:07 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-16 22:38 . 2008-08-10 23:16 <DIR> d-------- C:\Program Files\Panda Security
2008-07-14 22:54 . 2008-07-19 21:02 <DIR> d-------- C:\Documents and Settings\Two\Application Data\Spyware Terminator
2008-07-14 00:37 . 2008-07-14 01:00 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-14 00:13 . 2008-07-14 00:13 <DIR> d-------- C:\HaxFix
2008-07-14 00:13 . 2008-08-10 23:18 466,502 --a------ C:\HaxFix.exe
2008-07-08 06:32 . 2008-07-08 06:32 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 03:19 --------- d-----w C:\Documents and Settings\One\Application Data\Canon
2008-08-25 13:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 12:55 --------- d-----w C:\Program Files\Java
2008-07-23 13:10 --------- d-----w C:\Program Files\Spyware Terminator
2008-07-19 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-02 21:22 98304]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-14 21:00 1817600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"VTTimer"="VTTimer.exe" [2006-08-03 16:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-08-25 15:52 176128 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 07:01 544768 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2003-05-02 10:31 24576 c:\APPS\ABoard\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 13:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 02:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-09-15 21:17 81920 c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-02 21:22 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
--a------ 2004-04-16 14:53 249856 C:\WINDOWS\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 13:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 13:39]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-14 21:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-07-05 06:33]
.
Contents of the 'Scheduled Tasks' folder

2004-12-17 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 13:00]

2004-12-17 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 13:00]

2008-08-30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C589FB80-3B7F-484B-B209-9D78088D82CC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.powerup.com.au/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 22:00:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Completion time: 2008-08-30 22:08:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 12:07:57

Pre-Run: 24,932,560,896 bytes free
Post-Run: 24,964,927,488 bytes free

155 --- E O F --- 2008-08-15 13:55:15

08-30-2008, 06:14 AM	#24 (permalink)
centurian Registered User Join Date: Jul 2008 Posts: 14 OS: XP	Re: Need to remove haxdoor It worked!! ComboFix 08-08-28.06 - One 2008-08-30 21:51:29.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT 10:00] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\bin.clearspring.com C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\bin.clearspring.com\clearspring.sol C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\interclick.com C:\Documents and Settings\One\Application Data\macromedia\Flash Player\#SharedObjects\P9FKCP87\interclick.com\ud.sol C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\One\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ROTW ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-15 23:36 . 2008-08-15 23:36 <DIR> d-------- C:\Program Files\Avira 2008-08-15 23:36 . 2008-08-15 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-14 23:43 . 2008-08-14 23:43 250 --a------ C:\WINDOWS\gmer.ini 2008-08-14 23:25 . 2008-08-14 23:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-14 23:25 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-14 23:25 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-13 23:12 . 2008-05-02 00:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-02 21:53 . 2008-08-02 21:53 <DIR> d-------- C:\Deckard 2008-07-30 23:13 . 2008-07-30 23:13 <DIR> d-------- C:\ie-spyad_zo 2008-07-27 23:26 . 2008-07-27 23:33 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-21 00:11 . 2008-07-21 00:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-20 23:07 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-20 23:07 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-16 22:38 . 2008-08-10 23:16 <DIR> d-------- C:\Program Files\Panda Security 2008-07-14 22:54 . 2008-07-19 21:02 <DIR> d-------- C:\Documents and Settings\Two\Application Data\Spyware Terminator 2008-07-14 00:37 . 2008-07-14 01:00 <DIR> d-------- C:\Program Files\Exterminate It! 2008-07-14 00:13 . 2008-07-14 00:13 <DIR> d-------- C:\HaxFix 2008-07-14 00:13 . 2008-08-10 23:18 466,502 --a------ C:\HaxFix.exe 2008-07-08 06:32 . 2008-07-08 06:32 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 03:19 --------- d-----w C:\Documents and Settings\One\Application Data\Canon 2008-08-25 13:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-18 12:55 --------- d-----w C:\Program Files\Java 2008-07-23 13:10 --------- d-----w C:\Program Files\Spyware Terminator 2008-07-19 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-02 21:22 98304] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-14 21:00 1817600] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "VTTimer"="VTTimer.exe" [2006-08-03 16:53 53248 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2006-08-25 15:52 176128 C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-29 07:01 544768 C:\WINDOWS\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD] --a------ 2003-05-02 10:31 24576 c:\APPS\ABoard\ABOARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 13:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-14 02:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-09-15 21:17 81920 c:\APPS\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-11-02 21:22 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook] --a------ 2004-04-16 14:53 249856 C:\WINDOWS\system32\Keyhook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 13:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 13:39] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-14 21:00] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-07-05 06:33] . Contents of the 'Scheduled Tasks' folder 2004-12-17 C:\WINDOWS\Tasks\Registration reminder 1.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 13:00] 2004-12-17 C:\WINDOWS\Tasks\Registration reminder 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 13:00] 2008-08-30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C589FB80-3B7F-484B-B209-9D78088D82CC}.job - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.powerup.com.au/ O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 22:00:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Sygate\SPF\Smc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Spyware Terminator\sp_rsser.exe . ************************************************************************ . Completion time: 2008-08-30 22:08:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-30 12:07:57 Pre-Run: 24,932,560,896 bytes free Post-Run: 24,964,927,488 bytes free 155 --- E O F --- 2008-08-15 13:55:15