The .zip file has been submitted. Please find the OnlineScanReprt and the latest ComboFix's log. I had no problems running the tests besides the fact that my McAfee does not give me the ability to stop, the only option I had is to uninstall. I also received a message informing me about newer version of ComboFix, but decided against upgrading at this time.
The only strange thing I experience is that msconfig's startup does not let me to apply any changes - tells me I need the Admin privileges. Everything else seems to be OK so far.
Thanks again.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 09:20:51
Records in database: 1441946
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 50122
Threat name: 7
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 01:25:43
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\giv\TNK53C0.exe.vir Infected: Trojan.Win32.Agent.asjk 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: Trojan-Downloader.Win32.Agent.arwj 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: Trojan.Win32.Agent.asjz 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: Trojan.Win32.Agent.asjk 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\Qoobox\Quarantine\[4]-Submit_2008-12-07@9.29.zip Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
The selected area was scanned.
ComboFix 08-12-05.06 - Owner 2008-12-07 9:30:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.671 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\iexplore.htm
c:\windows\system.bak
c:\windows\system32\dllcache\atidrab.dll
c:\windows\system32\dllcache\OLD17C.tmp
c:\windows\system32\dllcache\OLD1B.tmp
c:\windows\system32\dllcache\OLD371.tmp
c:\windows\system32\dllcache\OLD3B1.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\uVN23L.exe
c:\windows\iexplore.htm
c:\windows\system.bak
c:\windows\system32\awtsSmjK.dll
c:\windows\system32\azcruaso.exe
c:\windows\system32\ddcATlJC.dll
c:\windows\system32\dllcache\atidrab.dll
c:\windows\system32\dllcache\OLD17C.tmp
c:\windows\system32\dllcache\OLD1B.tmp
c:\windows\system32\dllcache\OLD371.tmp
c:\windows\system32\dllcache\OLD3B1.tmp
c:\windows\system32\gi3
c:\windows\system32\giv
c:\windows\system32\giv\TNK53C0.exe
c:\windows\system32\hgGabYSj.dll
c:\windows\system32\hgGaxyYQ.dll
c:\windows\system32\hyzebryr.exe
c:\windows\system32\iifecaYq.dll
c:\windows\system32\iitkjhnousmet.exe
c:\windows\system32\IN
c:\windows\system32\LSHPRN.EXE
c:\windows\system32\mlJCtusq.dll
c:\windows\system32\op8
c:\windows\system32\TEC
c:\windows\system32\urqPfGAr.dll
c:\windows\system32\vi
c:\windows\system32\vtUkhfec.dll
c:\windows\system32\zeriweno.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_8adc79fa
-------\Service_atinpdxxx
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-06 14:01 . 2008-12-06 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-12-06 13:57 . 2008-12-06 13:57 <DIR> d-------- c:\program files\Secunia
2008-12-01 17:58 . 2008-12-04 20:18 250 --a------ c:\windows\gmer.ini
2008-12-01 07:40 . 2008-12-01 07:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-01 01:02 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-01 01:02 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2008-12-01 01:02 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-01 01:02 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-01 01:02 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2008-12-01 01:01 . 2002-08-28 22:59 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2008-12-01 01:01 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2008-12-01 01:01 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2008-12-01 01:01 . 2003-03-31 07:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-12-01 01:01 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-01 01:01 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2008-12-01 01:01 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-12-01 01:01 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-12-01 01:01 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-01 00:59 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2008-12-01 00:58 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2008-12-01 00:57 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2008-12-01 00:56 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-01 00:55 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2008-12-01 00:54 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2008-12-01 00:53 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2008-12-01 00:52 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-01 00:51 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-12-01 00:50 . 2003-03-31 07:00 10,129,408 --a--c--- c:\windows\system32\dllcache\OLD374.tmp
2008-12-01 00:49 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-01 00:48 . 2001-08-17 12:17 629,952 --a--c--- c:\windows\system32\dllcache\eqn.sys
2008-12-01 00:47 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-12-01 00:46 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-01 00:45 . 2003-03-31 07:00 838,144 --a--c--- c:\windows\system32\dllcache\OLD17F.tmp
2008-12-01 00:44 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-01 00:43 . 2001-08-17 12:48 289,664 --a--c--- c:\windows\system32\dllcache\atimpab.sys
2008-12-01 00:42 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2008-12-01 00:41 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2008-12-01 00:22 . 2008-12-01 00:22 <DIR> d-------- c:\program files\NCH Swift Sound
2008-11-30 18:52 . 2008-11-30 18:52 <DIR> d-------- c:\program files\Sierra Online
2008-11-30 18:39 . 2008-12-01 00:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\DeepBurner Pro
2008-11-30 18:37 . 2008-11-30 18:37 <DIR> d-------- c:\program files\Astonsoft
2008-11-30 16:26 . 2008-12-01 09:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 16:26 . 2008-12-01 17:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 15:30 . 2008-11-30 15:30 <DIR> d-------- c:\program files\Sierra On-Line
2008-11-30 15:18 . 2008-12-03 21:42 151 --a------ c:\windows\wininit.ini
2008-11-30 12:08 . 2008-11-30 15:31 <DIR> d-------- C:\SIERRA
2008-11-30 12:07 . 2008-11-30 12:07 <DIR> d-------- c:\documents and settings\Owner\WINDOWS
2008-11-30 12:07 . 1997-06-02 12:32 314,880 --a------ c:\windows\IsUninst.exe
2008-11-30 12:07 . 2008-11-30 15:30 418 --a------ c:\windows\SIERRA.INI
2008-11-30 11:26 . 2008-11-30 11:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\ImgBurn
2008-11-30 11:26 . 2008-11-30 11:26 176,324,608 --a------ C:\Image.iso
2008-11-30 11:24 . 2008-11-30 11:24 <DIR> d-------- c:\program files\ImgBurn
2008-11-30 11:00 . 2008-11-30 11:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\InfraRecorder
2008-11-30 00:03 . 2008-11-30 00:03 <DIR> dr-h----- c:\documents and settings\Owner\Application Data\SecuROM
2008-11-30 00:02 . 2008-11-30 00:02 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-29 12:58 . 2008-11-29 13:45 <DIR> d-------- C:\Old
2008-11-29 12:55 . 2008-11-29 13:46 <DIR> d-------- c:\program files\DOSBox-0.72
2008-11-24 19:16 . 2008-11-24 19:16 <DIR> dr-h----- C:\MSOCache
2008-11-21 08:29 . 2008-11-21 08:29 <DIR> d-------- C:\iEntertainment Network
2008-11-20 19:41 . 2008-11-20 19:41 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-20 19:41 . 2004-04-30 09:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys
2008-11-20 19:41 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys
2008-11-18 19:11 . 2008-11-18 19:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Babylon
2008-11-18 19:11 . 2008-11-18 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon
2008-11-18 08:36 . 2008-11-18 08:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2008-11-17 23:22 . 2008-11-17 23:22 <DIR> d-------- c:\program files\FreeGamePick.com
2008-11-15 09:10 . 2008-11-15 09:10 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-11-13 20:45 . 2008-11-13 20:45 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-13 20:44 . 2008-11-13 20:45 <DIR> d-------- c:\program files\QuickTime
2008-11-13 20:44 . 2008-11-13 20:44 <DIR> d-------- c:\program files\Apple Software Update
2008-11-13 20:44 . 2008-11-15 09:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-13 20:44 . 2008-11-13 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-09 09:29 . 2008-11-09 09:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-09 09:19 . 2008-11-09 09:22 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-09 09:06 . 2008-11-13 03:08 <DIR> d-------- c:\program files\NOS
2008-11-09 09:06 . 2008-11-13 03:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 05:43 33,832 ----a-w c:\windows\system32\upcrnhqy.exe
2008-11-30 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 17:17 --------- d-----w c:\program files\eMule
2008-11-29 19:57 --------- d-----w c:\documents and settings\Owner\Application Data\Vso
2008-11-29 19:37 --------- d-----w c:\documents and settings\Owner\Application Data\SolSuite
2008-11-08 06:10 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-05 01:05 --------- d-----w c:\program files\DivX
2008-10-30 19:59 --------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:40 --------- d-----w c:\program files\Quicken
2008-10-16 22:37 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-10-16 22:37 --------- d-----w c:\program files\Common Files\Intuit
2008-10-16 22:37 --------- d-----w c:\documents and settings\Owner\Application Data\Intuit
2008-10-16 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-14 12:04 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-14 12:02 --------- d-----w c:\program files\Microsoft.NET
2008-10-14 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-10-13 22:52 --------- d-----w c:\program files\Windows Defender
2008-10-13 22:35 --------- d-----w c:\program files\ffdshow
2008-10-13 22:35 --------- d-----w c:\program files\AC3Filter
2008-10-13 22:33 --------- d-----w c:\program files\Xvid
2008-10-13 22:33 --------- d-----w c:\documents and settings\Owner\Application Data\DivX
2008-10-13 22:23 --------- d-----w c:\documents and settings\Owner\Application Data\ICAClient
2008-10-13 22:22 --------- d-----w c:\program files\Citrix
2008-10-13 22:09 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-13 22:09 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2008-10-13 22:09 --------- d-----w c:\program files\VSO
2008-10-13 22:07 --------- d-----w c:\program files\WinZip Self-Extractor
2008-10-13 22:01 --------- d-----w c:\program files\SolSuite
2008-10-13 11:38 --------- d-----w c:\program files\McAfee
2008-10-13 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-13 09:31 --------- d-----w c:\program files\McAfee.com
2008-10-13 09:31 --------- d-----w c:\program files\Common Files\McAfee
2008-10-13 09:26 --------- d-----w c:\program files\Intel
2008-10-13 09:26 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-13 09:23 --------- d-----w c:\program files\Analog Devices
2008-10-13 07:03 --------- d-----w c:\program files\microsoft frontpage
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-06_ 9.01.27.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-06 19:01:38 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}\IconCD95F66110.exe
+ 2008-12-06 19:01:38 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}\IconCD95F6617.exe
- 2008-12-06 13:36:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-07 13:47:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-06 13:36:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-07 13:47:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-06 13:36:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 13:47:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-10-13 22:31:49 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-12-06 18:59:43 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQ931STI]
--a------ 2007-01-24 13:24 151552 c:\windows\SQ931STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\Mcshield.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys [2008-10-30 530432]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
.
Contents of the 'Scheduled Tasks' folder
2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-12-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://wmusremote.ubs.com/Citrix/Me...uth/login.aspx
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {85F9F13A-8885-4FEC-B2F6-05358A6058E8} = 207.69.188.172,207.69.188.171
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6zyxrz7w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-07 09:33:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
.
**************************************************************************
.
Completion time: 2008-12-07 9:35:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 14:35:18
ComboFix2.txt 2008-12-06 14:02:28
Pre-Run: 180,162,756,608 bytes free
Post-Run: 180,168,310,784 bytes free
302 --- E O F --- 2008-12-06 19:46:46