Trojan Horse Downloader .agent.apko [c:\windows\system32\x]

zakimak

Trojan horse Downloader .Agent.APKO [C:\windows\system32\x] ... Can someone tell me how i can safely get rid of this pest?!! I am currently using [removed] and am unable to get rid of it. Although [removed] tells me that this is a virus, the moment i heal it or remove it ...its gone but after a moment or so the virus is back. After using [removed], SpyBot and Anti-Malware I am still unable to remove it. So I am planning to install BitDefender...but will it remove the virus??

gavilaso

Trojan horse Downloader .Agent.APKO [C:\windows\system32\x] ... Can someone tell me how i can safely get rid of this pest?!! I am currently using [removed] and am unable to get rid of it. Although [removed] tells me that this is a virus, the moment i heal it or remove it ...its gone but after a moment or so the virus is back. After using [removed], SpyBot and Anti-Malware I am still unable to remove it. So I am planning to install BitDefender...but will it remove the virus??

I have the same problem, and mine said it is a Crypt.AWU trojan and i'm using [removed] 8. network edition.. i'm paying for 40 licenses so if bitdefender fix thi problem i will also move to them and request a full refund to [removed]...

kgarcia

I have the same problem, and mine said it is a Crypt.AWU trojan and i'm using [removed] 8. network edition.. i'm paying for 40 licenses so if bitdefender fix thi problem i will also move to them and request a full refund to avg...

I also have the same problem! I have run many programs like [removed], Malware, etc and it seems impossible to remove this beast! Please I need some help as well! Thanks

rootkit

Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.

Open Notepad and copy/paste the text in the quotebox below into it:

File::

c:\windows\system32\winhelp.exe

c:\windows\system32\winssv.exe

c:\windows\system32\LiveMssngr.exe

c:\windows\system32\sysmsvc.exe

c:\windows\system32\quicktime.exe

c:\windows\system32\ntlansec.exe

c:\windows\system32\open.exe

c:\windows\system32\wt.exe

c:\windows\system32\x.exe

c:\windows\system32\y.exe

c:\windows\system32\i

c:\windows\system\netstat.exe

c:\windows\Tasks\At1.job

C:\WINDOWS\system32\drivers\etc\hosts

c:\windows\IE4 Error Log.txt

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\_000014_.tmp.dll

c:\windows\system32\Cache

c:\windows\system32\csrsc.exe

c:\windows\system32\drivers\etc\hosts

c:\windows\system32\drivers\npf.sys

c:\windows\system32\h@tkeysh@@k.dll

c:\windows\system32\i

c:\windows\system32\mlnmp.ini

c:\windows\system32\packet.dll

c:\windows\system32\wpcap.dll

Save this as:

CFScript.txt

Drag CFScript.txt into ComboFix.exe

Then post the resultant log here.

recovered

hi crysty, i also have the same problem, and have done as you requested and here are my results.

ComboFix 09-01-10.03 - G 2009-01-11 17:35:31.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1046 [GMT -8:00]

Running from: c:\documents and settings\G\Desktop\ComboFix\ComboFix.exe

Command switches used :: c:\documents and settings\G\Desktop\ComboFix\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Created a new restore point

FILE ::

c:\windows\IE4 Error Log.txt

c:\windows\system\netstat.exe

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\_000014_.tmp.dll

c:\windows\system32\Cache

c:\windows\system32\csrsc.exe

c:\windows\system32\drivers\etc\hosts

c:\windows\system32\drivers\npf.sys

c:\windows\system32\h@tkeysh@@k.dll

c:\windows\system32\i

c:\windows\system32\LiveMssngr.exe

c:\windows\system32\mlnmp.ini

c:\windows\system32\ntlansec.exe

c:\windows\system32\open.exe

c:\windows\system32\packet.dll

c:\windows\system32\quicktime.exe

c:\windows\system32\sysmsvc.exe

c:\windows\system32\winhelp.exe

c:\windows\system32\winssv.exe

c:\windows\system32\wpcap.dll

c:\windows\system32\wt.exe

c:\windows\system32\x.exe

c:\windows\system32\y.exe

c:\windows\Tasks\At1.job

.

((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))

.

2009-01-06 16:14 . 2009-01-06 16:14 <DIR> d-------- c:\documents and settings\G\Application Data\Malwarebytes

2009-01-06 16:14 . 2009-01-06 16:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-06 16:14 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-06 16:14 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-06 16:04 . 2009-01-08 12:12 <DIR> d-------- c:\documents and settings\Administrator

2009-01-04 05:37 . 2009-01-04 05:37 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-30 16:13 . 2008-12-30 16:13 <DIR> d-------- c:\program files\iPod

2008-12-30 16:13 . 2008-12-30 16:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-29 13:48 . 2008-12-29 13:48 <DIR> d-------- c:\documents and settings\G\Application Data\DivX

2008-12-29 13:47 . 2008-11-21 13:47 129,784 --------- c:\windows\system32\pxafs.dll

2008-12-26 16:00 . 2008-12-26 16:05 <DIR> d-------- c:\documents and settings\G\Application Data\Xfire

2008-12-25 22:55 . 2004-08-04 04:00 1,689,088 ---h---t- c:\windows\system32\5a978b0.dll

2008-12-25 22:55 . 2004-08-04 04:00 1,689,088 ---h---t- c:\windows\system32\2444c880.dll

2008-12-25 22:55 . 2004-08-04 04:00 1,689,088 ---h---t- c:\windows\system32\1e204c57.dll

2008-12-25 22:55 . 2004-08-04 04:00 1,689,088 ---h---t- c:\windows\system32\1949490.dll

2008-12-25 22:55 . 2004-08-04 04:00 82,944 ---h---t- c:\windows\system32\8080bfb.dll

2008-12-25 22:55 . 2004-08-04 04:00 82,944 ---h---t- c:\windows\system32\15705438.dll

2008-12-25 22:55 . 2004-08-04 04:00 82,944 ---h---t- c:\windows\system32\1287a21e.dll

2008-12-25 22:55 . 2004-08-04 04:00 82,944 ---h---t- c:\windows\system32\124ad60.dll

2008-12-25 22:53 . 2004-08-04 04:00 1,689,088 ---h---t- c:\windows\system32\66590c7.dll

2008-12-25 22:53 . 2004-08-04 04:00 1,689,088 ---h---t- c:\windows\system32\271e7ac1.dll

2008-12-25 22:53 . 2004-08-04 04:00 82,944 ---h---t- c:\windows\system32\44f93a0.dll

2008-12-25 22:53 . 2004-08-04 04:00 82,944 ---h---t- c:\windows\system32\1f5eaea.dll

2008-12-21 17:47 . 2008-12-21 17:47 268 --ah----- C:\sqmdata03.sqm

2008-12-21 17:47 . 2008-12-21 17:47 244 --ah----- C:\sqmnoopt02.sqm

2008-12-19 19:41 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll

2008-12-19 19:41 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2008-12-19 19:41 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys

2008-12-19 19:41 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2008-12-19 19:41 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2008-12-19 19:41 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys

2008-12-19 19:41 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2008-12-19 19:41 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

2008-12-17 17:59 . 2009-01-04 05:37 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-14 19:46 . 2008-12-14 19:46 <DIR> d-------- c:\program files\TeamViewer

2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe

2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-12 00:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-11 04:59 --------- d-----w c:\documents and settings\G\Application Data\BPFTP

2009-01-10 18:01 --------- d-----w c:\program files\KalOnlineEng

2009-01-09 18:40 --------- d-----w c:\program files\Bonjour

2009-01-04 13:31 --------- d-----w c:\program files\Java

2009-01-03 21:25 --------- d-----w c:\documents and settings\G\Application Data\U3

2009-01-02 04:47 --------- d-----w c:\program files\Apple Software Update

2008-12-31 00:13 --------- d-----w c:\program files\Common Files\Apple

2008-12-29 01:08 --------- d-----w c:\documents and settings\G\Application Data\LimeWire

2008-12-24 12:43 --------- d-----w c:\program files\Copy of KalOnlineEng

2008-12-15 03:47 --------- d-----w c:\documents and settings\G\Application Data\TeamViewer

2008-12-15 03:30 --------- d-----w c:\documents and settings\G\Application Data\Skype

2008-12-15 02:19 --------- d-----w c:\documents and settings\G\Application Data\skypePM

2008-12-11 20:38 42,320 ----a-w c:\windows\system32\xfcodec.dll

2008-12-04 07:41 --------- d-----w c:\documents and settings\G\Application Data\Aim

2008-12-03 11:44 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems

2008-12-03 11:41 --------- d-----w c:\program files\Common Files\Adobe Systems Shared

2008-12-03 11:41 --------- d-----w c:\program files\Common Files\Adobe

2008-12-03 11:31 --------- d-----w c:\program files\Yahoo!

2008-12-03 11:12 --------- d-----w c:\program files\Common Files\AVSMedia

2008-12-03 11:12 --------- d-----w c:\documents and settings\G\Application Data\AVS4YOU

2008-12-03 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU

2008-12-01 00:11 --------- d-----w c:\program files\Google

2008-11-25 01:31 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-25 00:47 --------- d-----w c:\program files\Common Files\Macrovision Shared

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys

2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-21 21:47 120,056 ------w c:\windows\system32\PxCpyI64.exe

2008-11-21 21:47 118,520 ------w c:\windows\system32\PxInsI64.exe

2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-11-18 05:30 --------- d-----w c:\documents and settings\G\Application Data\Ventrilo

2008-11-18 05:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-15 10:46 --------- d-----w c:\program files\Common Files\INCA Shared

2008-11-15 10:45 --------- d--h--w c:\documents and settings\G\Application Data\ijjigame

2008-07-16 14:03 23 ----a-w c:\documents and settings\G\jagex_runescape_preferences.dat

2008-01-07 02:49 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-01-07 02:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-01-07 02:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008010620080107\index.dat

2008-01-07 02:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

--a------ 2001-11-29 01:00 28672 c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 d:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-01-04 05:37 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"usnjsvc"=3 (0x3)

"NMIndexingService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"gupdate1c91964958fad58"=2 (0x2)

"Bonjour Service"=2 (0x2)

"FirebirdServerDefaultInstance"=3 (0x3)

"FirebirdGuardianDefaultInstance"=2 (0x2)

"PLFlash DeviceIoControl Service"=2 (0x2)

"Nero BackItUp Scheduler 3"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"RemoteRegistry"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"d:\\Program Files\\AIM95\\aim.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"d:\\Program Files\\LimeWire\\LimeWire.exe"=

"d:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\ijji\\ENGLISH\\u_gunz.exe"=

"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-10 97928]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-11-05 42752]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]

R4 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]

R4 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-10 76040]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]

S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

S4 gupdate1c91964958fad58;Google Update Service (gupdate1c91964958fad58);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-18 133104]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-19 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-18 00:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\9m6f8qqj.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll

FF - plugin: c:\program files\Google\Update\1.2.133.33\npGoogleOneClick7.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: d:\program files\DivX\DivX Content Uploader\npUpload.dll

FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\program files\kSolo\npAVX.dll

FF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-11 17:38:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•A~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)

c:\windows\system32\avgrsstx.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(724)

c:\windows\system32\avgrsstx.dll

.

Completion time: 2009-01-11 17:42:14

ComboFix-quarantined-files.txt 2009-01-12 01:40:56

Pre-Run: 42,706,411,520 bytes free

Post-Run: 42,690,572,288 bytes free

284