VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:44:40 PM 8/15/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:08:53 PM 9/20/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:22:05 PM 9/20/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mahcrbyj.dll
C:\WINDOWS\system32\mahcrbyj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tusqo.dll
C:\WINDOWS\system32\tusqo.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tusqo.dll
C:\WINDOWS\system32\tusqo.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
ComboFix 07-09-20.1 - "Tara & Paul" 2007-09-22 8:36:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.54 [GMT -7:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Temp\fse
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\boxcpdpl.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\lpdpcxob.dll
C:\WINDOWS\system32\oqsut.bak1
C:\WINDOWS\system32\oqsut.bak2
C:\WINDOWS\system32\oqsut.ini
C:\WINDOWS\system32\oqsut.ini2
C:\WINDOWS\system32\oqsut.tmp
C:\WINDOWS\system32\tusqo.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.
2007-09-20 19:07 83,008 --a------ C:\WINDOWS\system32\gqoqomwo.dll
2007-09-20 14:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-20 10:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-20 09:06 83,008 --a------ C:\WINDOWS\system32\jsrrrvjh.dll
2007-09-19 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 19:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-19 19:14 <DIR> d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 19:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 09:52 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-09-08 20:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-08 20:03 <DIR> d-------- C:\All DVD Work
2007-08-30 21:05 <DIR> d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\CyberLink
2007-08-30 21:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-30 11:38 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-08-30 11:38 <DIR> d-------- C:\WINDOWS\Cache
2007-08-30 11:38 <DIR> d-------- C:\Program Files\Coupons
2007-08-23 20:45 <DIR> d-------- C:\Program Files\Norton Security Scan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 08:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-15 15:55 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-06 03:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 03:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 03:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 03:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 03:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-26 16:17 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 15:54 --------- d-------- C:\Program Files\mobile PhoneTools
2007-08-18 20:11 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\Ahead
2007-08-18 20:09 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-18 10:58 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-18 10:34 --------- d-------- C:\Program Files\Nero
2007-08-18 10:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-18 10:10 --------- d-------- C:\Program Files\CyberLink
2007-08-16 14:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-13 14:17 --------- d-------- C:\Program Files\Google
2007-08-13 10:43 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\LimeWire
2007-08-10 10:23 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\Viewpoint
2007-08-10 10:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-10 10:22 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\acccore
2007-08-10 10:21 --------- d-------- C:\Program Files\Viewpoint
2007-08-10 10:21 --------- d-------- C:\Program Files\AIM6
2007-08-10 10:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-08-10 10:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-10 10:19 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-10 10:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-08-09 10:32 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\ArcSoft
2007-08-09 09:47 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\Leadertech
2007-08-09 09:42 --------- d-------- C:\Program Files\epson
2007-08-09 09:39 --------- d-------- C:\Program Files\ArcSoft
2007-07-23 09:09 --------- d-------- C:\Program Files\Comodo
2007-07-22 19:23 --------- d-------- C:\DOCUME~1\TARA&P~1\APPLIC~1\AdobeUM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2007-09-07 18:42]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [2005-05-09 22:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-09-07 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="C:\Documents and Settings\Tara & Paul\My Documents\P2kCommanderV330\P2kAutostart.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 16:29]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-13 14:14:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\system32\AWINDIS5.SYS
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 23:44:38 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-09-22 08:51:33
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = C:\Documents and Settings\Tara & Paul\My Documents\P2kCommanderV330\P2kAutostart.exe?0?
??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-22 8:55:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-22 08:55
C:\ComboFix2.txt ... 2007-08-15 12:09
.
--- E O F ---