ComboFix 08-11-02.04 - Administrator 2008-11-02 20:36:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.469 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\Facegame
C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009
C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk
C:\Program Files\AntiSpywareXP2009
C:\Program Files\AntiSpywareXP2009\AVEngn.dll
C:\Program Files\AntiSpywareXP2009\data\daily.cvd
C:\Program Files\AntiSpywareXP2009\htmlayout.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\cerrjk.dll
C:\WINDOWS\system32\DelSelf.bat
C:\WINDOWS\system32\ebmnhjjp.dll
C:\WINDOWS\system32\eMTtCfhk.ini
C:\WINDOWS\system32\eMTtCfhk.ini2
C:\WINDOWS\system32\fbseveot.dll
C:\WINDOWS\system32\fffsmj.dll
C:\WINDOWS\system32\giasmfso.ini
C:\WINDOWS\system32\hqqsjh.dll
C:\WINDOWS\system32\keedxjre.dll
C:\WINDOWS\system32\khfCtTMe.dll
C:\WINDOWS\system32\lfcjutgn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msansspc.dll
C:\WINDOWS\system32\mugymp.dll
C:\WINDOWS\system32\oatvvnvo.dll
C:\WINDOWS\system32\pmnlkjii.dll
C:\WINDOWS\system32\qrfgxsev.dll
C:\WINDOWS\system32\rqRklmkI.dll
C:\WINDOWS\system32\toevesbf.ini
C:\WINDOWS\system32\ubmxrbfu.ini
C:\WINDOWS\system32\wqkfktwl.dll
C:\WINDOWS\wiaserviv.log
Infected copy of C:\WINDOWS\system32\drivers\beep.sys was found and disinfected
Restored copy from - C:\System Volume Information\_restore{F43D0D8C-6682-4CAC-B2D8-50904A3CBFC2}\RP19\A0001840.sys.
((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))
.
2008-11-02 20:41 . 2008-11-02 20:41 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-11-02 20:40 . 2006-02-28 06:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-11-02 20:40 . 2006-02-28 06:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-11-02 20:28 . 2008-11-02 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-02 20:22 . 2008-11-02 20:22 <DIR> d-------- C:\Program Files\Yahoo!
2008-11-02 20:22 . 2008-11-02 20:23 <DIR> d-------- C:\Program Files\CCleaner
2008-11-01 14:39 . 2008-11-01 14:39 <DIR> d-------- C:\Program Files\Veoh Networks
2008-11-01 14:38 . 2008-11-01 14:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-11-01 14:38 . 2008-11-01 14:38 21,440,208 --a------ C:\Program Files\VeohSetup-3.9.8.1082.exe
2008-11-01 12:44 . 2008-11-01 12:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 02:31 . 2008-10-30 08:23 7 --a------ C:\WINDOWS\sbacknt.bin
2008-10-30 02:30 . 2008-10-30 08:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vghd
2008-10-30 02:30 . 2008-10-30 02:30 152,904 --a------ C:\WINDOWS\system32\vghd.scr
2008-10-30 00:34 . 2008-10-30 00:34 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-30 00:34 . 2005-10-20 19:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-10-30 00:34 . 2005-10-20 19:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-10-30 00:01 . 2008-10-30 00:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-30 00:01 . 2008-10-30 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-29 23:32 . 2008-10-29 23:32 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 23:31 . 2008-10-30 00:17 <DIR> d-------- C:\Program Files\Norton 360
2008-10-29 23:29 . 2008-11-02 09:50 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 23:29 . 2008-11-02 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 23:29 . 2008-11-02 09:50 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 23:29 . 2008-11-02 09:50 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 23:29 . 2008-11-02 09:50 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 23:29 . 2008-11-02 09:50 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 23:26 . 2008-10-29 23:27 46,640 --a------ C:\WINDOWS\system32\msln.exe
2008-10-29 23:19 . 2008-11-02 20:46 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-29 23:17 . 2008-10-30 02:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-10-29 23:07 . 2008-10-29 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 18:17 . 2008-10-29 18:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-10-29 18:17 . 2008-10-31 10:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-29 18:17 . 2008-10-29 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-28 22:10 . 2008-10-28 22:13 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-10-28 22:08 . 2008-10-28 22:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-10-28 22:07 . 2008-10-28 22:10 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-10-28 21:59 . 2008-10-28 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-10-28 21:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-28 21:57 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-28 21:57 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-28 21:57 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\WINDOWS\system32\Color
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\Program Files\NewSoft
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\Program Files\Common Files\PDFView
2008-10-28 21:55 . 2008-10-28 21:55 <DIR> d-------- C:\Program Files\Common Files\NewSoft
2008-10-28 21:55 . 1997-10-14 05:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2008-10-28 21:55 . 2005-06-01 00:28 9,606 --a------ C:\WINDOWS\system32\NEWSOFT
2008-10-28 21:55 . 2008-10-28 21:55 264 --a------ C:\WINDOWS\setup.iss
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Program Files\ScanSoft
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-10-28 21:48 . 2008-10-28 21:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2008-10-28 21:48 . 2008-10-28 21:48 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-10-28 21:40 . 2008-10-28 21:40 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-10-28 21:37 . 2008-10-28 21:37 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-10-28 21:37 . 2008-10-28 21:37 <DIR> d--h----- C:\Program Files\CanonBJ
2008-10-28 21:37 . 2008-10-28 21:37 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-10-28 21:37 . 2007-03-23 10:30 1,400,832 --a------ C:\WINDOWS\system32\CNC310C.DLL
2008-10-28 21:37 . 2007-04-15 23:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8Z.DLL
2008-10-28 21:37 . 2007-03-19 04:39 200,704 --a------ C:\WINDOWS\system32\CNC310L.DLL
2008-10-28 21:37 . 2007-03-15 08:12 188,416 --a------ C:\WINDOWS\system32\CNC310O.DLL
2008-10-28 21:37 . 2007-04-25 13:09 151,552 --a------ C:\WINDOWS\system32\CNCF2Ld.DLL
2008-10-28 21:37 . 2007-04-25 13:02 106,496 --a------ C:\WINDOWS\system32\CNCFMSd.EXE
2008-10-28 21:37 . 2007-03-23 10:29 98,304 --a------ C:\WINDOWS\system32\CNC310I.DLL
2008-10-28 21:37 . 2007-04-25 13:06 3,584 --a------ C:\WINDOWS\system32\CNCFLdUS.DLL
2008-10-28 21:37 . 2007-04-25 13:06 3,072 --a------ C:\WINDOWS\system32\CNCFLdJP.DLL
2008-10-28 21:36 . 2008-10-28 21:59 <DIR> d-------- C:\Program Files\Canon
2008-10-28 16:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-28 16:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-28 16:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-28 16:11 . 2008-10-28 22:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-28 16:11 . 2008-10-28 16:11 <DIR> d-------- C:\Program Files\Microsoft Works
2008-10-28 16:09 . 2008-10-28 16:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-28 16:08 . 2008-10-28 16:08 <DIR> dr-h----- C:\MSOCache
2008-10-28 16:08 . 2008-10-30 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-28 15:08 . 2008-10-28 22:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-10-28 14:37 . 2008-10-28 14:38 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-22 20:30 . 2008-10-22 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-10-22 20:23 . 2008-10-22 20:23 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-20 20:17 . 2006-02-28 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-20 20:16 . 2006-02-28 06:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-10-20 20:15 . 2006-02-28 06:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-10-20 20:14 . 2006-02-28 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-20 20:14 . 2008-10-20 20:14 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-13 16:01 . 2008-10-17 13:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-13 15:54 . 2008-10-13 15:54 0 --a------ C:\WINDOWS\ativpsrm.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 02:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-11-01 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:48 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 02:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Home"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fffsmj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S0 GhMon;GhostMountMonitor - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghmon.sys [ ]
S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [ ]
S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
*Newly Created Service* - BEEP
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-03 C:\WINDOWS\Tasks\User_Feed_Synchronization-{25C605F0-6779-4758-83AE-E974CD9A53B3}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{017EC74A-03CE-4BA5-9883-A2027F25E383} - C:\WINDOWS\system32\qrfgxsev.dll
BHO-{05FB1D29-03CE-4BA5-9883-A2027F25E383} - C:\WINDOWS\system32\qrfgxsev.dll
BHO-{17EC74A4-03CE-4BA5-9883-A2027F25E383} - C:\WINDOWS\system32\qrfgxsev.dll
BHO-{479a15ee-a5f6-45a7-b3df-069da093789e} - C:\WINDOWS\system32\fffsmj.dll
BHO-{B227E72C-797B-442A-87D3-11543543C89B} - C:\WINDOWS\system32\khfCtTMe.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.com/R0 -: HKLM-Main,Start Page =
hxxp://www.google.comR1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-02 20:45:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-02 20:49:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-03 02:49:22
Pre-Run: 65,536,434,176 bytes free
Post-Run: 65,672,364,032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
292 --- E O F --- 2008-10-29 09:00:24