jabuck: In the interim between my last post and yours, I went ahead and logged into my own user account and found that I still appeared infected (VIRUS ALERT! still present, no admin capacity, etc), BUT I did have my taskbar and desktop icons back. I basically repeated the same process as before and MBAM reported finding and cleaning more or less the same infections as the first time. Below you will find both log files. At this point, however, as best I can tell my machine is back to complete normalcy. Should I continue with your suggestions? Thank you so much bro!
Malwarebytes' Anti-Malware 1.25
Database version: 1092
Windows 5.1.2600 Service Pack 2
8:37:01 AM 8/29/2008
mbam-log-08-29-2008 (08-37-01).txt
Scan type: Quick Scan
Objects scanned: 48836
Time elapsed: 5 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 15
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 08-08-28.06 - ryan 2008-08-29 8:42:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2657 [GMT -7:00]
Running from: C:\Documents and Settings\princess\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-29 08:30 . 2008-08-29 08:30 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Malwarebytes
2008-08-28 09:37 . 2008-08-28 09:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 09:37 . 2008-08-28 09:37 <DIR> d-------- C:\Documents and Settings\princess\Application Data\Malwarebytes
2008-08-28 09:37 . 2008-08-28 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 09:37 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 09:37 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 04:49 . 2008-08-27 04:49 <DIR> d-------- C:\Program Files\iTunes
2008-08-27 04:49 . 2008-08-27 04:49 <DIR> d-------- C:\Program Files\iPod
2008-08-10 09:49 . 2008-08-10 09:49 <DIR> d-------- C:\Program Files\SiSoftware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 15:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 14:24 --------- d-----w C:\Documents and Settings\princess\Application Data\OpenOffice.org2
2008-08-29 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-08-29 08:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-28 16:23 --------- d-----w C:\Documents and Settings\princess\Application Data\AVG7
2008-08-28 00:47 --------- d-----w C:\Documents and Settings\ryan\Application Data\uTorrent
2008-08-27 12:39 --------- d-----w C:\Program Files\Steam
2008-08-27 11:48 --------- d-----w C:\Program Files\QuickTime
2008-08-26 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-14 16:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-05 11:28 --------- d-----w C:\Program Files\Apple Software Update
2008-07-28 10:18 --------- d-----w C:\Program Files\uTorrent
2008-07-28 10:00 --------- d-----w C:\Program Files\BitTornado
2008-07-28 09:35 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-28 09:34 --------- d-----w C:\Program Files\Google
2008-07-28 09:34 --------- d-----w C:\Documents and Settings\ryan\Application Data\PC Tools
2008-07-27 20:33 --------- d-----w C:\Program Files\Java
2008-07-23 15:07 --------- d-----w C:\Documents and Settings\ryan\Application Data\Canon
2008-07-23 11:44 --------- d-----w C:\Documents and Settings\princess\Application Data\Winamp
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-12 12:48 --------- d-----w C:\Documents and Settings\ryan\Application Data\The Blocks Company, LLC
2008-07-12 02:28 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-12 02:28 --------- d-----w C:\Program Files\MSBuild
2008-07-12 02:27 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-12 02:24 --------- d-----w C:\Program Files\Blocks
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 13:36 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-29 04:29 47,360 ----a-w C:\Documents and Settings\ryan\Application Data\pcouffin.sys
2007-04-27 21:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-07 04:39 81,920 ----a-w C:\Documents and Settings\ryan\Application Data\ezpinst.exe
2005-09-12 21:30 533 ----a-w C:\Program Files\file_id.diz
2005-09-12 21:29 850,944 ----a-w C:\Program Files\fastview.exe
2005-01-09 21:40 370 ----a-w C:\Program Files\readme.txt
2000-01-04 07:45 8,727 ----a-w C:\Program Files\phxiso.nfo
2006-04-17 07:03 104 --sha-r C:\WINDOWS\system32\FE4FE51745.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogiGamerLite"="C:\Program Files\LogiGamer\LogiGamerLite.exe" [2004-08-04 05:09 73328]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 00:12 1298432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 13:42 212992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 02:06 579584]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"ShowWnd"="ShowWnd.exe" [2003-09-19 09:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 19:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 06:46 219136]
C:\Documents and Settings\princess\Start Menu\Programs\Startup\
Expedia Fare Alert.lnk - C:\Program Files\Expedia\Expedia Fare Alert\ExpediaFareAlert.exe [2007-02-12 10:15:00 696320]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dplsoa.dll iycbqr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-10-16 18:40 1197648 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2003-07-13 02:49 974898 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Delta Taskbar Icon]
--a------ 2004-08-26 23:43 56320 C:\WINDOWS\system32\DeltTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-11-29 19:19 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-10-18 14:05 135168 C:\Program Files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-10-31 11:19 378784 C:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-09-23 21:44 57344 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-09-24 18:06 2559488 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]
--a------ 2004-08-26 23:43 56320 C:\WINDOWS\system32\DeltTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--a------ 2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"PrismXL"=2 (0x2)
"mnmsrvc"=3 (0x3)
"lanmanserver"=2 (0x2)
"InCDsrv"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"FastTrackInstallerService"=2 (0x2)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"aspnet_state"=3 (0x3)
"ose"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\RealRhapsody\\Rhapsody.exe"=
"C:\\Program Files\\Replay Music 2\\ReplayMusic.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Steam\\SteamApps\\afxrdj\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\afxrdj\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\afxrdj\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys []
S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys []
S3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys [2004-08-31 15:57]
S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57798ca0-b55a-11dc-a425-00152faa21ff}]
\Shell\AutoRun\command - L:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-07-28 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\po9oah9g.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://cm.my.yahoo.com/
FF -: plugin - C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\po9oah9g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npq3plug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 08:45:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-08-29 8:48:16
ComboFix-quarantined-files.txt 2008-08-29 15:47:14
ComboFix2.txt 2008-08-29 14:28:15
Pre-Run: 11,718,725,632 bytes free
Post-Run: 11,699,740,672 bytes free
239 --- E O F --- 2008-08-13 10:03:39
