Professional Documents
Culture Documents
2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1754 [GMT -7:0
0]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScrip
t.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7AFC5-F6E02A79969B}
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {8
4B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((((
)))))))))))))))))))))))))))))
.
Other Deletions
C:\~.exe
c:\documents and settings\sanumula\Application Data\Bitrix
c:\documents and settings\sanumula\Application Data\Bitrix
708_675671_skey_21-08-2010__10-17-18.zip
c:\documents and settings\sanumula\Application Data\Bitrix
c:\documents and settings\sanumula\Application Data\Bitrix
c:\documents and settings\sanumula\Application Data\Bitrix
c:\documents and settings\sanumula\Application Data\Bitrix
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500
c:\windows\system32\drivers\DELL_XPS_Vostro 1500
C:\zip.exe
.
(((((((((((((((((((((((((
))))))))))))))))))))))))
.
))))))))))))))))))))
Security
Security\21082010_101
Security\jje.txt
Security\ljgh.txt
Security\mcx.txt
Security\mxd1.txt
.MRK
.MRK
--------
d--h--w-
c:\windo
574
----a-wC:\cleanup.bat
-------d-----wc:\docum
Data\STOPzilla!
2
--shatrc:\windows\winst
--------
d-----w-
c:\progr
--------
d-----w-
c:\windo
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
70192
----a-w-
c:\windows\syste
--------
d-----w-
c:\progr
--------
d-----w-
c:\progr
)))))))))))))))))))))
C:\~.exe.vir
c:\windows\syste
c:\windows\syste
c:\windows\syste
)))))))))))))))))))
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2
010-07-06 2634048]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2010-08-16 107
88656]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [201001-27 256280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 1
28296]
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-10-22 21:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleE1LocalTNSListener]
"ImagePath"="c:\oracle\E1Local\BIN\TNSLSNR "
.
------------------------ Other Running Processes -----------------------.
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2010-10-22 21:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 04:19
Pre-Run: 199,267,598,336 bytes free
Post-Run: 199,275,274,240 bytes free
- - End Of File - - 8FD188B5FB27E7D578F87AE6A64576B6