Recently my COMODO antivirus picked up the Kolab worm in my user/temp folder. It notified me of it during a realtime scan, I told it to remove the program, it told me that it couldn't. Later on, I was looking through the COMODO's antivirus log, and it said that the file was detected then removed.
I then ran a quickscan with Malwarebytes, which picked up a trojan agent and registry key.
I'm wondering whether or not this worm could've actually been deleted by COMODO. I downloaded Combofix, changed back to XP (I'm running the Windows7 beta at the moment), and got the following log.
Note that I did not install the Recovery Console that Combofix prompted me to install.
Any help would be great.
I have others in my house scanning their computers too, one with spyware doctor and the other with Avast!.
I then ran a quickscan with Malwarebytes, which picked up a trojan agent and registry key.
I'm wondering whether or not this worm could've actually been deleted by COMODO. I downloaded Combofix, changed back to XP (I'm running the Windows7 beta at the moment), and got the following log.
Note that I did not install the Recovery Console that Combofix prompted me to install.
Code:
ComboFix 09-01-17.03 - Superbacon 2009-01-19 11:27:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1497 [GMT 13:00]
Running from: d:\documents and settings\Superbacon\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *disabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.
2009-01-13 15:37 . 2009-01-13 15:37 <DIR> d--hs---- D:\$RECYCLE.BIN
2009-01-13 14:45 . 2009-01-13 14:45 25 --a------ d:\windows\cdplayer.ini
2009-01-13 14:29 . 2009-01-13 14:29 <DIR> d-------- D:\games
2009-01-13 14:10 . 2009-01-13 14:10 <DIR> d-------- d:\program files\Rockstar Games
2009-01-12 17:50 . 2009-01-12 17:50 1,890 --a------ d:\windows\diagwrn.xml
2009-01-12 17:50 . 2009-01-12 17:50 1,890 --a------ d:\windows\diagerr.xml
2009-01-12 17:31 . 2009-01-12 17:32 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-01-12 17:31 . 2009-01-12 22:54 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 15:39 . 2009-01-12 15:40 <DIR> d-------- d:\program files\Winamp
2009-01-12 15:39 . 2009-01-12 16:27 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\Winamp
2009-01-10 11:15 . 2009-01-10 11:15 <DIR> d-------- d:\program files\Unlocker
2009-01-09 20:57 . 2009-01-09 20:57 <DIR> d-------- d:\program files\Ubisoft
2009-01-09 20:50 . 2009-01-09 20:50 <DIR> d-------- d:\program files\First Strike
2009-01-09 11:47 . 2009-01-09 11:58 <DIR> d-------- d:\program files\Project64 1.6
2009-01-07 22:10 . 2009-01-07 22:22 <DIR> d-------- d:\program files\RegCure
2009-01-07 19:12 . 2009-01-07 19:16 <DIR> d-------- d:\program files\DriverCleanerDotNET
2009-01-07 18:19 . 2009-01-07 18:19 <DIR> d-------- d:\documents and settings\All Users\Application Data\ATI
2009-01-07 18:16 . 2008-12-01 14:35 593,920 --------- d:\windows\system32\ati2sgag.exe
2009-01-07 18:01 . 2009-01-07 18:01 10 --a------ d:\windows\WININIT.INI
2009-01-07 15:25 . 2009-01-07 15:25 <DIR> d-------- d:\program files\Guitar Pro 5
2009-01-07 14:06 . 2009-01-07 14:06 0 --a------ d:\windows\ativpsrm.bin
2009-01-07 14:04 . 2009-01-07 14:04 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\ATI
2009-01-07 14:00 . 2009-01-07 18:20 <DIR> d-------- d:\program files\ATI
2009-01-07 13:59 . 2009-01-07 18:17 <DIR> d-------- d:\program files\ATI Technologies
2009-01-07 13:58 . 2009-01-07 13:58 <DIR> d-------- D:\ATI
2009-01-06 21:22 . 2002-07-16 20:33 20,333 --------- d:\windows\cmaudio.ini
2009-01-06 19:52 . 2009-01-06 19:52 <DIR> d-------- d:\program files\QO Labs
2009-01-06 19:52 . 2009-01-06 19:52 360,580 --a------ d:\windows\eSellerateEngine.dll
2009-01-06 14:56 . 2009-01-06 21:22 25 --a------ d:\windows\mixerdef.ini
2009-01-04 17:59 . 2009-01-04 18:37 <DIR> d-------- D:\Fraps
2009-01-04 17:59 . 2009-01-04 18:37 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2009-01-04 14:54 . 2009-01-04 15:04 <DIR> d-------- d:\program files\PhotomatixPro3
2009-01-01 15:26 . 2008-04-14 05:42 159,232 --a------ d:\windows\system32\ptpusd.dll
2009-01-01 15:26 . 2001-08-17 22:36 5,632 --a------ d:\windows\system32\ptpusb.dll
2009-01-01 15:24 . 2008-04-14 00:15 15,104 --a------ d:\windows\system32\drivers\usbscan.sys
2009-01-01 15:24 . 2008-04-14 00:15 15,104 --a--c--- d:\windows\system32\dllcache\usbscan.sys
2008-12-31 19:16 . 2008-12-31 19:21 <DIR> d-------- d:\program files\Bigler
2008-12-31 19:16 . 2008-12-31 19:16 194 --a------ d:\windows\VHK.bat
2008-12-30 18:24 . 2008-12-30 18:24 2,250,024 --a------ d:\windows\system32\pbsvc.exe
2008-12-30 18:24 . 2008-12-30 18:24 22,328 --a------ d:\documents and settings\Superbacon\Application Data\PnkBstrK.sys
2008-12-30 10:45 . 2008-12-30 10:45 <DIR> d-------- D:\riva
2008-12-30 10:45 . 2008-12-30 10:45 <DIR> d-------- d:\program files\RivaTuner v2.11
2008-12-29 22:09 . 2008-12-29 22:13 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\Hamachi
2008-12-29 22:09 . 2008-12-29 22:09 17,480 --a------ d:\windows\system32\drivers\hamachi.sys
2008-12-29 22:08 . 2008-12-29 22:09 <DIR> d-------- d:\program files\Hamachi
2008-12-29 21:55 . 2008-12-29 21:55 1,700,352 --a------ d:\windows\system32\gdiplus.dll
2008-12-29 21:55 . 2008-12-29 21:55 1,060,864 --a------ d:\windows\system32\mfc71.dll
2008-12-29 20:09 . 2008-11-14 03:18 599,552 -----c--- d:\windows\system32\dllcache\crypt32.dll
2008-12-29 20:09 . 2008-11-14 03:18 177,664 -----c--- d:\windows\system32\dllcache\wintrust.dll
2008-12-29 19:43 . 2008-04-14 05:42 221,184 --a------ d:\windows\system32\wmpns.dll
2008-12-29 19:04 . 2008-12-29 19:07 <DIR> d-------- d:\windows\ServicePackFiles
2008-12-29 19:04 . 2008-04-14 05:42 294,912 -----c--- d:\windows\system32\dllcache\dlimport.exe
2008-12-29 19:01 . 2008-04-13 23:53 1,309,184 --------- d:\windows\system32\drivers\mtlstrm.sys
2008-12-29 18:58 . 2006-12-29 00:31 19,569 --a------ d:\windows\[u]0[/u]03075_.tmp
2008-12-29 18:54 . 2009-01-14 22:49 <DIR> d-------- d:\program files\DAEMON Tools
2008-12-29 18:47 . 2008-12-29 18:47 682,232 --a------ d:\windows\system32\drivers\sptd.sys
2008-12-29 18:45 . 2008-12-29 18:45 <DIR> dr-h----- d:\documents and settings\Superbacon\Application Data\SecuROM
2008-12-29 18:34 . 2008-12-30 15:54 107,888 --a------ d:\windows\system32\CmdLineExt.dll
2008-12-29 18:31 . 2008-12-29 18:31 <DIR> d-------- d:\windows\Logs
2008-12-29 18:30 . 2008-12-29 18:31 <DIR> d-------- d:\windows\system32\drivers\umdf
2008-12-29 18:30 . 2008-03-05 15:56 3,786,760 --a------ d:\windows\system32\D3DX9_37.dll
2008-12-29 18:30 . 2008-03-05 15:56 1,420,824 --a------ d:\windows\system32\D3DCompiler_37.dll
2008-12-29 18:30 . 2008-02-05 23:07 462,864 --a------ d:\windows\system32\d3dx10_37.dll
2008-12-29 18:30 . 2007-04-04 18:53 81,768 --a------ d:\windows\system32\xinput1_3.dll
2008-12-29 18:29 . 2008-12-29 18:29 <DIR> d-------- d:\windows\system32\xlive
2008-12-29 18:29 . 2008-12-29 20:02 <DIR> d-------- d:\program files\Microsoft Games for Windows - LIVE
2008-12-29 17:08 . 2008-12-29 17:08 <DIR> d-------- d:\program files\MSBuild
2008-12-29 17:04 . 2009-01-05 15:02 <DIR> d-------- d:\windows\system32\XPSViewer
2008-12-29 17:03 . 2008-12-29 17:03 <DIR> d-------- d:\program files\Reference Assemblies
2008-12-29 17:02 . 2006-06-29 13:07 14,048 --------- d:\windows\system32\spmsg2.dll
2008-12-29 16:56 . 2008-12-29 16:57 <DIR> d-------- d:\program files\GTA IV
2008-12-28 20:06 . 2008-12-28 20:06 0 --a------ d:\windows\oodcnt.INI
2008-12-26 21:56 . 2008-12-26 21:56 <DIR> d-------- d:\program files\Common Files\xing shared
2008-12-26 21:56 . 2008-12-26 21:56 <DIR> d-------- d:\program files\Common Files\Real
2008-12-26 21:56 . 2008-12-26 21:56 499,712 --a------ d:\windows\system32\msvcp71.dll
2008-12-26 21:56 . 2008-12-26 21:56 348,160 --a------ d:\windows\system32\msvcr71.dll
2008-12-24 20:55 . 2008-12-24 20:55 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\OpenOffice.org
2008-12-24 20:46 . 2008-12-24 20:46 <DIR> d-------- d:\program files\OpenOffice.org 3
2008-12-24 20:46 . 2008-12-24 20:46 <DIR> d-------- d:\program files\JRE
2008-12-24 20:45 . 2008-12-24 20:45 <DIR> d-------- d:\program files\Common Files\Java
2008-12-23 10:50 . 2008-12-23 10:50 <DIR> d-------- d:\program files\RAR Password Cracker
2008-12-21 13:07 . 2009-01-14 16:44 202,112 --a------ d:\windows\system32\PnkBstrB.exe
2008-12-21 13:07 . 2009-01-14 16:44 138,720 --a------ d:\windows\system32\drivers\PnkBstrK.sys
2008-12-21 13:07 . 2008-12-30 18:24 66,872 --a------ d:\windows\system32\PnkBstrA.exe
2008-12-21 12:57 . 2006-07-01 22:39 36,864 --a------ d:\windows\system32\drivers\AmdK8.sys
2008-12-21 11:53 . 2008-12-21 11:53 <DIR> d-------- d:\program files\Common Files\Adobe AIR
2008-12-21 11:49 . 2008-12-21 12:58 <DIR> d-------- d:\program files\NOS
2008-12-21 11:49 . 2008-12-21 12:58 <DIR> d-------- d:\documents and settings\All Users\Application Data\NOS
2008-12-20 23:46 . 2008-12-20 23:47 <DIR> d-------- D:\Python26
2008-12-20 23:42 . 2008-12-20 23:42 <DIR> d-------- d:\program files\Common Files\Adobe Systems Shared
2008-12-20 23:42 . 2008-12-20 23:42 <DIR> d-------- d:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-20 23:40 . 2008-12-20 23:40 <DIR> d-------- d:\program files\Blender Foundation
2008-12-20 23:40 . 2008-12-20 23:40 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\Blender Foundation
2008-12-20 23:39 . 2008-12-21 11:53 <DIR> d-------- d:\program files\Common Files\Adobe
2008-12-20 21:44 . 2008-12-20 21:44 <DIR> d---s---- d:\documents and settings\Superbacon\UserData
2008-12-20 20:25 . 2008-12-20 20:25 <DIR> d-------- d:\documents and settings\LocalService\Application Data\SACore
2008-12-20 12:30 . 2008-12-20 12:30 81,920 --a------ d:\windows\system32\frapsvid.dll
2008-12-20 11:32 . 2008-10-16 14:06 268,648 --a------ d:\windows\system32\mucltui.dll
2008-12-20 11:32 . 2008-10-16 14:06 208,744 --a------ d:\windows\system32\muweb.dll
2008-12-20 11:32 . 2008-10-16 14:06 27,496 --a------ d:\windows\system32\mucltui.dll.mui
2008-12-20 09:36 . 2008-12-20 09:36 <DIR> d-------- d:\windows\Sun
2008-12-19 21:53 . 2008-12-19 22:09 <DIR> d-------- d:\program files\GoldWave
2008-12-19 21:46 . 2008-12-19 21:46 <DIR> d-------- d:\program files\OJOsoft
2008-12-19 21:42 . 2009-01-19 12:02 <DIR> d-------- d:\program files\DNA
2008-12-19 21:42 . 2008-12-19 21:42 <DIR> d-------- d:\program files\BitTorrent
2008-12-19 21:42 . 2009-01-19 12:02 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\DNA
2008-12-19 21:42 . 2009-01-14 15:09 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\BitTorrent
2008-12-19 21:22 . 2008-12-19 22:38 <DIR> d-------- d:\documents and settings\Superbacon\Contacts
2008-12-19 21:18 . 2008-12-21 12:58 <DIR> d----c--- d:\windows\system32\DRVSTORE
2008-12-19 21:15 . 2008-12-19 21:18 <DIR> d-------- d:\program files\Windows Live
2008-12-19 21:15 . 2008-12-19 21:17 <DIR> d--hsc--- d:\program files\Common Files\WindowsLiveInstaller
2008-12-19 21:15 . 2008-12-19 21:15 <DIR> d-------- d:\documents and settings\All Users\Application Data\WLInstaller
2008-12-19 18:43 . 2008-12-19 19:06 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\vlc
2008-12-19 18:31 . 2009-01-01 15:10 <DIR> d-------- d:\documents and settings\Superbacon\Application Data\LimeWire
2008-12-19 18:07 . 2008-12-19 18:07 <DIR> d-------- d:\program files\Stardock
2008-12-19 18:07 . 2008-12-24 20:45 <DIR> d-------- d:\program files\Java
2008-12-19 18:07 . 2008-12-19 18:07 410,984 --a------ d:\windows\system32\deploytk.dll
2008-12-19 18:07 . 2008-12-19 18:07 73,728 --a------ d:\windows\system32\javacpl.cpl
2008-12-19 18:07 . 2007-07-11 15:06 42,672 --a------ d:\windows\system32\wbsys.dll
2008-12-19 18:03 . 2008-12-19 18:06 <DIR> d-------- d:\program files\LimeWire
2008-12-19 18:01 . 2008-06-14 00:05 272,128 --------- d:\windows\system32\drivers\bthport.sys
2008-12-19 18:01 . 2008-06-14 00:05 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys
2008-12-19 18:01 . 2008-08-14 23:04 138,496 -----c--- d:\windows\system32\dllcache\afd.sys
2008-12-19 18:00 . 2008-12-13 06:01 3,067,904 -----c--- d:\windows\system32\dllcache\mshtml.dll
2008-12-19 18:00 . 2008-10-16 14:00 1,499,136 -----c--- d:\windows\system32\dllcache\shdocvw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 23:03 11,196,448 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-01-18 23:02 1,543,737 ----a-w d:\windows\Internet Logs\tvDebug.zip
2009-01-18 22:29 137,384 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-01-18 22:28 149,618 ----a-w d:\windows\Internet Logs\vsmon_2nd_2009_01_19_11_15_00_small.dmp.zip
2009-01-18 22:14 122,880 ----a-w d:\windows\Internet Logs\xDB10.tmp
2009-01-13 01:29 --------- d--h--w d:\program files\InstallShield Installation Information
2009-01-12 02:20 150,747 ----a-w d:\windows\Internet Logs\vsmon_2nd_2009_01_12_14_00_18_small.dmp.zip
2009-01-12 01:00 382,976 ----a-w d:\windows\Internet Logs\xDBF.tmp
2009-01-07 01:10 --------- d-----w d:\program files\AGEIA Technologies
2009-01-02 20:22 --------- d-----w d:\program files\McAfee
2009-01-01 03:24 --------- d-----w d:\documents and settings\All Users\Application Data\McAfee
2008-12-31 23:20 154,032 ----a-w d:\windows\Internet Logs\vsmon_2nd_2009_01_01_12_06_37_small.dmp.zip
2008-12-31 23:20 153,211 ----a-w d:\windows\Internet Logs\vsmon_2nd_2009_01_01_12_07_59_small.dmp.zip
2008-12-31 23:07 9,216 ----a-w d:\windows\Internet Logs\xDBE.tmp
2008-12-31 23:06 58,880 ----a-w d:\windows\Internet Logs\xDBC.tmp
2008-12-30 23:11 152,726 ----a-w d:\windows\Internet Logs\vsmon_2nd_2008_12_31_12_02_46_small.dmp.zip
2008-12-30 23:02 49,152 ----a-w d:\windows\Internet Logs\xDBB.tmp
2008-12-30 05:10 18,477,825 ----a-w d:\windows\Internet Logs\vsmon_2nd_2008_12_30_15_38_04_full.dmp.zip
2008-12-30 02:38 934,912 ----a-w d:\windows\Internet Logs\xDB9.tmp
2008-12-30 02:38 1,460,224 ----a-w d:\windows\Internet Logs\xDBA.tmp
2008-12-30 02:31 1,459,200 ----a-w d:\windows\Internet Logs\xDB8.tmp
2008-12-29 14:05 --------- d-----w d:\program files\NVIDIA nTune Performance Application
2008-12-20 03:53 --------- d-----w d:\documents and settings\All Users\Application Data\SiteAdvisor
2008-12-19 09:38 --------- d-----w d:\program files\Common Files\McAfee
2008-12-19 04:10 319,488 ----a-w d:\windows\HideWin.exe
2008-12-19 03:49 --------- d-----w d:\program files\McAfee.com
2008-12-19 03:31 --------- d-----w d:\program files\Winamp Toolbar
2008-12-19 03:31 --------- d-----w d:\program files\SpeedFan
2008-12-19 03:31 --------- d-----w d:\program files\Mozilla Firefox(2)
2008-12-19 03:31 --------- d-----w d:\program files\Common Files\InstallShield(2)
2008-12-19 03:23 9,216 ----a-w d:\windows\Internet Logs\xDBFA.tmp
2008-12-19 03:22 9,216 ----a-w d:\windows\Internet Logs\xDB7.tmp
2008-12-19 03:20 31,232 ----a-w d:\windows\Internet Logs\xDB6.tmp
2008-12-19 01:16 146,056 ----a-w d:\windows\Internet Logs\vsmon_2nd_2008_12_19_13_58_49_small.dmp.zip
2008-12-19 01:16 144,766 ----a-w d:\windows\Internet Logs\vsmon_2nd_2008_12_19_14_06_27_small.dmp.zip
2008-12-19 01:06 9,216 ----a-w d:\windows\Internet Logs\xDB5.tmp
2008-12-19 00:58 17,408 ----a-w d:\windows\Internet Logs\xDB4.tmp
2008-12-19 00:53 144,615 ----a-w d:\windows\Internet Logs\vsmon_2nd_2008_12_19_13_43_05_small.dmp.zip
2008-12-19 00:43 39,936 ----a-w d:\windows\Internet Logs\xDB3.tmp
2008-12-18 21:51 148,090 ----a-w d:\windows\Internet Logs\vsmon_2nd_2008_12_19_10_36_07_small.dmp.zip
2008-12-18 21:36 19,456 ----a-w d:\windows\Internet Logs\xDB2.tmp
2008-12-18 21:15 9,216 ----a-w d:\windows\Internet Logs\xDBD.tmp
2008-12-18 21:09 65,024 ----a-w d:\windows\Internet Logs\xDB1.tmp
2008-12-18 13:32 --------- d-----w d:\program files\NVIDIA Corporation
2008-12-18 07:22 --------- d-----w d:\program files\VideoLAN
2008-12-18 07:03 --------- d-----w d:\program files\MySQL
2008-12-18 07:03 --------- d-----w d:\documents and settings\All Users\Application Data\MySQL
2008-12-18 04:30 --------- d-----w d:\program files\OO Software
2008-12-18 02:54 --------- d-----w d:\program files\AMD
2008-12-18 01:19 --------- d-----w d:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-18 01:08 --------- d-----w d:\program files\ZoneAlarmSB
2008-12-18 01:07 --------- d-----w d:\program files\Zone Labs
2008-12-18 00:56 --------- d-----w d:\program files\microsoft frontpage
2008-12-01 22:13 3,452,928 ----a-w d:\windows\system32\drivers\ati2mtag.sys
2008-12-01 19:51 53,248 ----a-w d:\windows\system32\drivers\ati2erec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-12-19 342848]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-13 306088]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"mcagent_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-26 185872]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 d:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 d:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 d:\windows\alcwzrd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\Superbacon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-12-19 18:09 229376 d:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Games\\Farcry 2\\Far Cry 2\\bin\\FarCry2.exe"=
"f:\\Games\\Farcry 2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"f:\\Games\\Farcry 2\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"f:\\Games\\Battlefield 2142\\BF2142.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\Games\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
R3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-20 206096]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;d:\windows\system32\drivers\Envy24HF.sys [2007-11-30 651712]
.
Contents of the 'Scheduled Tasks' folder
2008-12-18 d:\windows\Tasks\McDefragTask.job
- d:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-12-31 d:\windows\Tasks\McQcTask.job
- d:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2009-01-18 d:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2008-06-03 13:19]
2009-01-07 d:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2008-06-03 13:19]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-VolumeHK - (no file)
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://nz.search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - d:\documents and settings\Superbacon\Application Data\Mozilla\Firefox\Profiles\zpu6ery0.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: d:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 12:02:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-507921405-920026266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,a0,46,d8,31,60,5e,3a,f3,0e,96,4e,c0,32,83,6b,4f,27,25,b9,72,b0,bf,
c9,0f,cc,64,04,67,a5,4f,a5,c0,ea,29,5b,12,46,5e,12,c3,4c,64,dc,ae,c2,d4,5d,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-507921405-920026266-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:99,51,93,67,49,7c,98,93,d5,95,f8,e5,a6,71,50,51,2c,33,f7,94,6e,
c3,a1,8c,4d,6d,39,ac,8f,ce,c8,5f,a5,d6,7f,0f,20,e1,0c,91,b9,ab,89,18,28,85,\
"rkeysecu"=hex:60,b1,e0,a1,63,40,aa,16,c7,09,b4,13,c5,72,94,5f
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="64776EBBA66E3B6FAF0F2B26A5EF9915409C8B9393CAC3618AFEB95237173788EB2C9946A8C2FE6AD53460B4E7D7E8E14AC473A6C146933524C516518351C2063B066C1BFEF808D8CA714FA660823E2C30E0646F5285CE1FF7EF95FEF2174BA9B9EAD022936F575EC14593C25639DDC695A9D0388BDC1D443510214466E27F8AC267408806EB3E24E556DD1546AADE0C0FFEBF8E6380FDCD7F5BB451F316E0C2A7AC4DBA289563D4D26CF370DC682ED62760CB42880B3FE86C2F5D17667245712B8D9AEC80F8C19F9A7530E501E50A89DCF521E85B7C07488709BE4B39A0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933588E5FFE5F5EB100622CA84D4B9C6F76A33C1E1F6E009F74111CEFFC49AEEA4078F4832CBFF40D48C3DBFB0504F93FC3999295E0DD7E8461BD44568EB628BC8FCF6087E5FD64844B4F84805AD2D17082796B49A88BC20D07687781938549331597CC9EA940D930DEA26F79A2D1703832E301A7C9A9DC282FD7832E769A831E815B34759AC0455DBCADE89D59B26A7F38CF1196B4F9A07E0327B78DC16E0A82E97917297D4FDE8B04B5C3989E3694655986616C025624E91645E7C3A88F5516C7A8FB4BBCCC1C6FB652550933B488B9C3A6B4756EAAC3785A746A6BFD9EA2C4F8EDEA6367AFBD71BB71F70200992582042159F159761EED2A4C9B103C51EF2E3EA66FE9AC03422FDCD4880B0E648C7A8FBB9B16C75016BE4036DB337EF002A63D029B4E64E3EEF7C80E699E8E27A48D3D11CD0ADF5D5398BEF28E4B08D96235808403708805CE51910900AB520B97DD470E48E8EEDB40D6A8939A3EBCFE5C9473053FA8B52DADF12F81359650C9D3414F746544E31C0D0E677F6CECA3E37FB568AEEB40AF369C48F987763425330C41D7DA031F5302AC83C670F225ECA2213B9503AAF35B0EF1F4B180B6D00FAAB41A47298471F30555B3F677A2ADE767D87C92549F774138C44A7725EBAAEFA60ABE6A204F28243382CA8C7572BE09F58206DECB74709149745353030E76CF3408546FCE4F21612B732C80225E86E9A13E96D9E453F81DEC204C2EF81CD9D8F0F2B46A9C72B3D0A12C6E2E87E6A4C65470A1CA6D6F1E5AE0AE23573E96705A904F6DD3C22CA4B9DEF2DCD6850EAE820BC14F5A8B7CE262F7C87F815984C7C6DAE73E844E7332884053F49F4EDCAD1FD79DFA953634BC73175B3842A86F65B62BCB9E3D23418BCC349BE80FE7DD1FC65FB433ED39CF16EF3996DA145C633FE26F4BB8A27495553AC0DF21922EA17347D97ABC38B4944DDC6DF1A6D578F2BFAA2CFC673ACD72A529FCF7B6FA50BA0F1016280E2F1BC33464D5A3114957B44612F73C3E708CDE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(804)
d:\windows\system32\Ati2evxx.dll
d:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ZoneLabs\vsmon.exe
d:\windows\system32\ati2evxx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\progra~1\McAfee\MSC\mcmscsvc.exe
d:\program files\Common Files\McAfee\MNA\McNASvc.exe
d:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
d:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
d:\program files\McAfee\MPF\MpfSrv.exe
d:\windows\system32\oodag.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\OpenOffice.org 3\program\soffice.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
d:\program files\OpenOffice.org 3\program\soffice.bin
d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-01-19 12:04:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-18 23:04:41
Pre-Run: 2,870,263,808 bytes free
Post-Run: 4,396,457,984 bytes free
336 --- E O F --- 2009-01-14 03:46:38Any help would be great.
I have others in my house scanning their computers too, one with spyware doctor and the other with Avast!.
