Thread: Antivirus System Pro + Other possible malware
View Single Post
Old 07-02-2009, 05:32 PM   #6 (permalink)
Grahamiamiam
Registered User
 
Join Date: Jul 2009
Posts: 6
OS: WinXP


Re: Antivirus System Pro + Other possible malware
ComboFix.txt attatched.


ComboFix 09-07-02.02 - Beany 07/02/2009 19:20.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.758 [GMT -4:00]
Running from: c:\documents and settings\Beany\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\zango
c:\program files\zango\bin\10.3.85.0\HostOE.dll
c:\windows\010112010146118114.dat
c:\windows\freddy49.exe
c:\windows\Installer\1022d9.msi
c:\windows\Installer\1022da.msp
c:\windows\kb913800.exe
c:\windows\ld11.exe
c:\windows\sysguard.exe
c:\windows\system32\iehelper.dll
c:\windows\system32\SKYNETdorpowds.dat
c:\windows\system32\SKYNETeoxoyptq.dat
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 23:23 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-02 21:55 . 2009-07-02 21:55 29184 ----a-w- c:\windows\system32\gdi32lib.dll
2009-07-01 17:05 . 2009-07-01 17:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-07-01 16:23 . 2009-07-01 16:24 -------- d-----w- c:\documents and settings\Beany\Application Data\GetRightToGo
2009-07-01 14:38 . 2009-07-01 14:38 -------- d-----w- c:\program files\Trend Micro
2009-07-01 10:34 . 2009-07-01 10:34 0 ----a-w- c:\windows\567788.bat
2009-07-01 10:34 . 2009-07-01 10:34 33792 ----a-w- c:\windows\strt_1246444477.exe
2009-07-01 02:01 . 2009-07-01 02:01 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-01 01:56 . 2009-07-01 09:25 -------- d-----w- c:\program files\Lavasoft
2009-07-01 01:56 . 2009-07-01 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-01 01:31 . 2009-07-01 01:31 2 ----a-w- c:\windows\0101120101465749.dat
2009-07-01 01:31 . 2009-07-01 01:31 1 ---h--w- c:\windows\bf23567.dat
2009-06-29 19:47 . 2002-07-17 13:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-06-29 19:47 . 2001-03-18 02:34 22528 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-06-25 13:11 . 2009-06-25 13:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 01:32 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-06-25 01:31 . 2009-06-25 01:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 01:31 . 2009-06-25 01:31 -------- d-----w- c:\program files\MSBuild
2009-06-25 01:30 . 2009-06-25 01:30 -------- d-----w- c:\program files\Microsoft.NET
2009-06-25 01:27 . 2009-06-25 01:27 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Microsoft Help
2009-06-25 01:27 . 2009-06-25 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-25 01:27 . 2009-06-25 01:27 -------- d--h--r- C:\MSOCache
2009-06-25 01:12 . 2009-06-25 01:12 -------- d-sh--w- c:\documents and settings\Beany\IECompatCache
2009-06-25 01:11 . 2009-06-25 01:11 -------- d-sh--w- c:\documents and settings\Beany\PrivacIE
2009-06-25 01:10 . 2009-06-25 01:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-25 01:10 . 2009-06-25 01:10 -------- d-sh--w- c:\documents and settings\Beany\IETldCache
2009-06-25 01:07 . 2009-06-25 01:07 -------- d-----w- c:\windows\ie8updates
2009-06-25 01:06 . 2009-06-25 01:06 -------- dc-h--w- c:\windows\ie8
2009-06-25 01:05 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-25 01:05 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-25 01:05 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-25 01:05 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 01:05 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-25 00:51 . 2009-06-25 00:51 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Symantec
2009-06-25 00:50 . 2009-06-25 00:50 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-25 00:50 . 2009-06-25 00:50 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-25 00:50 . 2009-01-21 19:24 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\WindowsInstaller-KB893803-x86.exe
2009-06-25 00:49 . 2009-06-25 00:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-25 00:49 . 2009-06-25 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-25 00:49 . 2009-06-25 00:50 -------- d-----w- c:\program files\Symantec
2009-06-25 00:49 . 2009-01-21 19:24 927088 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\LuCheck.exe
2009-06-25 00:49 . 2009-01-21 19:24 669000 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\smcinst.exe
2009-06-25 00:49 . 2009-01-21 19:24 3554472 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\LUSETUP.EXE
2009-06-25 00:49 . 2009-01-21 19:24 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\Setup.exe
2009-06-25 00:49 . 2009-06-25 01:26 -------- d-----w- C:\IUware Online
2009-06-23 18:43 . 2009-06-23 18:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-22 10:38 . 2009-06-22 10:38 93 ----a-w- c:\windows\system32\SKYNET.dat
2009-06-21 15:44 . 2009-06-21 15:44 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Identities
2009-06-21 03:54 . 2009-06-21 03:54 1896448 ----a-w- c:\documents and settings\Beany\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\dplugins\2.0.1.571\DiagPlugin.dll
2009-06-21 03:54 . 2009-06-21 03:54 123138 ----a-w- c:\documents and settings\Beany\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\MakeDesktopShortcut.EXE
2009-06-20 21:51 . 2009-06-20 21:51 -------- d-----w- c:\documents and settings\Beany\Application Data\Malwarebytes
2009-06-20 21:51 . 2009-06-20 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 21:32 . 2009-06-20 21:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-20 05:50 . 2009-06-20 05:50 -------- d-----w- c:\windows\system32\scripting
2009-06-20 05:50 . 2009-06-20 05:50 -------- d-----w- c:\windows\l2schemas
2009-06-20 05:50 . 2009-06-20 05:50 -------- d-----w- c:\windows\system32\en
2009-06-20 05:50 . 2009-06-20 05:50 -------- d-----w- c:\windows\system32\bits
2009-06-20 05:47 . 2009-06-20 05:47 -------- d-----w- c:\windows\ServicePackFiles
2009-06-20 05:18 . 2009-06-20 05:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-20 05:16 . 2008-04-15 15:17 295424 ------w- c:\windows\system32\dllcache\termsrv.dll
2009-06-18 13:23 . 2009-06-18 13:23 -------- d-----w- c:\documents and settings\Beany\Application Data\Corel Photo Album
2009-06-18 13:23 . 2009-06-18 13:23 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Corel Photo Album
2009-06-18 13:22 . 2009-06-25 01:39 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-18 13:22 . 2009-06-25 01:39 88 --sh--r- c:\windows\system32\DF12408E5B.sys
2009-06-16 02:13 . 2009-06-28 18:38 41432 ----a-w- c:\documents and settings\Beany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 17:06 . 2009-06-15 17:06 -------- d--h--w- c:\windows\PIF
2009-06-15 07:18 . 2009-06-15 07:18 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Adobe
2009-06-15 07:18 . 2009-06-15 07:18 -------- d-----w- c:\documents and settings\Beany\Application Data\AdobeUM
2009-06-15 07:16 . 2009-06-15 07:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-15 02:59 . 2009-06-15 02:59 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-06-15 02:59 . 2009-06-15 02:59 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-06-15 02:59 . 2009-06-15 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-06-15 02:58 . 2009-06-15 02:58 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Last.fm
2009-06-15 02:58 . 2009-06-15 02:58 -------- d-----w- c:\program files\Last.fm
2009-06-15 02:18 . 2009-06-15 02:25 -------- d-----w- c:\documents and settings\Beany\Application Data\DemoCreator
2009-06-15 02:16 . 2009-06-15 02:16 -------- d-----w- c:\windows\Sun
2009-06-14 22:16 . 2009-06-14 22:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-14 22:15 . 2009-06-14 22:15 152576 ----a-w- c:\documents and settings\Beany\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-14 21:28 . 2009-06-14 21:28 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Aspyr
2009-06-14 21:28 . 2009-06-14 21:28 -------- d--h--r- c:\documents and settings\Beany\Application Data\SecuROM
2009-06-14 21:28 . 2009-06-14 21:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-14 21:11 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-06-14 21:11 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-06-14 17:08 . 2009-06-14 17:08 -------- d-----w- c:\program files\uTorrent
2009-06-14 17:08 . 2009-07-01 14:51 -------- d-----w- c:\documents and settings\Beany\Application Data\uTorrent
2009-06-14 15:08 . 2009-07-01 09:34 -------- d-----w- c:\program files\dl_Cats
2009-06-14 15:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-14 15:02 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-06-14 15:02 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-06-14 14:58 . 2009-06-14 14:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2009-06-14 05:09 . 2009-06-14 05:09 -------- d-----w- c:\program files\MSXML 4.0
2009-06-14 05:05 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-06-14 05:03 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2009-06-14 05:02 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-06-14 05:01 . 2008-04-14 00:11 650752 ------w- c:\windows\system32\dot3ui.dll
2009-06-14 04:48 . 2009-06-14 04:48 -------- d-----w- c:\documents and settings\Beany\Application Data\Apple Computer
2009-06-14 04:47 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-14 04:47 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-14 04:47 . 2009-06-14 04:47 -------- d-----w- c:\program files\iPod
2009-06-14 04:47 . 2009-06-15 02:59 -------- d-----w- c:\program files\iTunes
2009-06-14 04:47 . 2009-06-14 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-14 04:47 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-14 04:47 . 2009-07-01 02:01 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-14 04:47 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-14 04:46 . 2009-06-14 04:47 -------- d-----w- c:\program files\Common Files\Apple
2009-06-14 04:44 . 2009-06-14 04:44 -------- d-----w- c:\program files\Bonjour
2009-06-14 04:43 . 2009-06-14 04:44 -------- d-----w- c:\program files\QuickTime
2009-06-14 04:43 . 2009-06-14 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-14 04:43 . 2009-06-14 04:43 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Apple
2009-06-14 04:43 . 2009-06-14 04:43 -------- d-----w- c:\program files\Apple Software Update
2009-06-14 04:43 . 2009-06-14 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-14 04:42 . 2009-06-14 04:48 -------- d-----w- c:\documents and settings\Beany\Local Settings\Application Data\Apple Computer
2009-06-14 04:35 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-06-14 04:35 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-14 04:35 . 2008-06-11 06:58 2330624 ------w- c:\windows\system32\dllcache\WMVCore.dll
2009-06-14 04:35 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-06-14 04:35 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-14 04:35 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-14 04:34 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-06-14 04:34 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-06-14 04:34 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-06-14 04:34 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-14 04:34 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-14 04:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-14 04:32 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 01:27 . 2006-07-06 02:55 -------- d-----w- c:\program files\WildTangent
2009-06-25 01:00 . 2006-07-06 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-25 01:00 . 2006-07-06 02:52 -------- d-----w- c:\program files\Common Files\AOL
2009-06-25 00:50 . 2009-06-25 00:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-25 00:50 . 2009-06-25 00:50 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-20 05:53 . 2005-08-16 09:41 89191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-20 05:20 . 2009-06-20 05:19 127 ----a-w- c:\documents and settings\MCX1\Local Settings\Application Data\fusioncache.dat
2009-06-16 17:55 . 2009-06-14 03:35 128 ----a-w- c:\documents and settings\Beany\Local Settings\Application Data\fusioncache.dat
2009-06-14 22:15 . 2006-07-06 02:47 -------- d-----w- c:\program files\Java
2009-06-14 17:07 . 2009-06-14 17:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-06-14 17:07 . 2009-06-14 17:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-14 09:39 . 2006-07-06 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-06-14 03:41 . 2009-06-14 03:35 -------- d--h--w- c:\documents and settings\Beany\Application Data\Gtek
2009-05-13 05:15 . 2005-08-16 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2005-08-16 09:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2005-08-16 09:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 09:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3113c6d7-d1bf-4096-94fe-5df265ac881d}]
2009-07-02 21:55 29184 ----a-w- c:\windows\system32\gdi32lib.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-06 169984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2006-02-24 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-14 148888]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-5 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"SmcService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"SNAC"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlcdcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2009 10:01 PM 64160]
S2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6/29/2009 3:47 PM 16512]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/24/2009 8:58 PM 101936]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPOD_SERVICE
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{029D18CB-8632-463c-93B7-C210AE50C722} - c:\windows\system32\iehelper.dll
HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-02 19:25
ComboFix-quarantined-files.txt 2009-07-02 23:25

Pre-Run: 192,008,486,912 bytes free
Post-Run: 192,146,763,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

303 --- E O F --- 2009-06-21 07:00
Attached Files
File Type: txt ComboFix.txt (23.2 KB, 2 views)
Grahamiamiam is offline   Reply With Quote