 Virtumonde (or other problems?), Spybot S&D scan showed virtumonde.dll and virtumonde.cdn at bottom |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 7 2010, 06:08 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 7-January 10 Member No.: 430,800  |
I noticed virtumonde.dll|cdn at the bottom of SpyBot S&D during a scan last evening. I would like your feedback on the health and possible infection of my computer. I ran ComboFix and HijackThis last evening and am posting those logs in addition to the information requested with a post on this forum. 1.) DDS.txt DDS (Ver_09-12-01.01) - NTFSx86 Run by basab at 12:31:06.66 on Thu 01/07/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1288 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\vmnat.exe C:\VMWare\Server\202\tomcat\bin\Tomcat6.exe C:\VMWare\Server\202\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\VMWare\Server\202\vmware-hostd.exe C:\WINDOWS\system32\wscntfy.exe C:\Programs\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\BCMSMMSG.exe C:\Security\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Security\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Programs\emacs\223\bin\emacs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\basab\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\security\spybot~1\SDHelper.dll BHO: DebugBar BHO: {69fc0024-10eb-480a-bbf2-3bf4e78e17b1} - c:\program files\core services\debugbar\DebugInfoBar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programs\java\jre\16013\bin\jp2ssv.dll TB: DebugBar: {3e1201f4-1707-409f-bb45-a5f192381da0} - c:\program files\core services\debugbar\DebugToolBar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: DebugBar: {947e34e9-1d85-43cb-9cbf-5c492118fdd5} - c:\program files\core services\debugbar\DebugInfoBar.dll EB: {A202B231-EF71-4A08-BDB9-4CE5AE8BDE0A} - No File uRun: [SpybotSD TeaTimer] c:\security\spybot - search & destroy\TeaTimer.exe uRun: [SUPERAntiSpyware] c:\security\superantispyware\SUPERAntiSpyware.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\security\spybot~1\SDHelper.dll LSP: c:\vmware\server\202\vsocklib.dll Trusted Zone: bmaulik-pc DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195595532498 DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\security\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\security\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\basab\applic~1\mozilla\firefox\profiles\xu0v4c7y.firefox 3 preview\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\programs\firefox\3rc2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\security\superantispyware\sasdifsv.sys [2009-12-16 9968] R1 SASKUTIL;SASKUTIL;c:\security\superantispyware\SASKUTIL.SYS [2009-12-16 74480] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2008-2-4 8576] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-20 54960] R2 VMwareHostd;VMware Host Agent;c:\vmware\server\202\vmware-hostd.exe [2009-10-20 322096] R2 VMwareServerWebAccess;VMware Server Web Access;c:\vmware\server\202\tomcat\bin\tomcat6.exe [2009-10-20 57344] R3 SASENUM;SASENUM;c:\security\superantispyware\SASENUM.SYS [2009-12-16 7408] S3 vmwriter;VMware VSS Writer;c:\vmware\server\202\vmVssWriter.exe [2009-10-20 29744] S4 Apache2.2;Apache2.2;c:\programs\apache\22\bin\httpd.exe [2008-6-13 24635] S4 Tomcat6;Apache Tomcat;c:\programs\tomcat\bin\tomcat6.exe [2007-7-19 57344] UnknownUnknown ruuxhnq;ruuxhnq; [x] =============== Created Last 30 ================ 2010-01-07 11:19:18 0 d-sha-r- C:\cmdcons 2009-12-31 09:07:26 0 d-----w- c:\docume~1\basab\applic~1\Malwarebytes 2009-12-31 09:07:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-31 09:07:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-31 09:07:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 08:20:43 98816 ----a-w- c:\windows\sed.exe 2009-12-31 08:20:43 77312 ----a-w- c:\windows\MBR.exe 2009-12-31 08:20:43 261632 ----a-w- c:\windows\PEV.exe 2009-12-31 08:20:43 161792 ----a-w- c:\windows\SWREG.exe 2009-12-31 08:14:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-12-31 08:14:29 0 d-----w- c:\docume~1\basab\applic~1\SUPERAntiSpyware.com 2009-12-31 08:11:26 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-31 08:06:44 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe 2009-12-31 08:06:42 399920 ----a-w- c:\windows\system32\vmnat.exe 2009-12-31 08:06:41 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2009-12-31 08:06:31 723504 ----a-w- c:\windows\system32\vnetlib.dll 2009-12-31 08:03:22 0 d-----w- c:\program files\VMware 2009-12-31 05:40:59 9216 ----a-w- c:\windows\system32\ffnd.exe 2009-12-26 13:14:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-12-26 12:56:26 0 d-----w- C:\Security 2009-12-26 01:33:22 0 d-----w- c:\docume~1\basab\applic~1\FreeFixer 2009-12-26 00:32:27 0 d-----w- c:\windows\pss 2009-12-20 07:44:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-12-20 07:14:20 539160 ----a-r- c:\windows\system32\LVUI2RC.dll 2009-12-20 07:14:19 539160 ----a-r- c:\windows\system32\LVUI2.dll 2009-12-20 07:14:19 416280 ----a-r- c:\windows\system32\lvcodec2.dll 2009-12-20 07:14:19 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg 2009-12-20 07:14:18 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys 2009-12-20 07:13:25 34068 ----a-r- c:\windows\system32\Repository.reg 2009-12-20 07:13:24 82289 ----a-r- c:\windows\system32\lvcoinst.ini 2009-12-20 07:13:24 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys 2009-12-20 07:13:24 199192 ----a-r- c:\windows\system32\lvci1201278.dll 2009-12-20 07:13:23 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys 2009-12-20 07:12:30 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-12-20 07:12:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys 2009-12-20 07:09:11 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2009-12-20 07:09:11 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-12-20 07:09:05 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys 2009-12-20 07:09:05 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-12-20 07:09:02 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2009-12-20 07:09:02 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-12-20 07:09:01 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax 2009-12-20 07:09:01 16384 ----a-w- c:\windows\system32\ipsink.ax 2009-12-20 06:31:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-12-09 09:56:10 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll ==================== Find3M ==================== 2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 23:21:06 55856 ----a-w- c:\windows\system32\vnetinst.dll 2009-10-20 23:21:06 50736 ----a-w- c:\windows\system32\vmnetbridge.dll 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2008-06-26 21:17:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062620080627\index.dat ============= FINISH: 12:31:30.70 =============== 2.) This is the log from running HijackThis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:06:29 AM, on 1/7/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\vmnat.exe C:\VMWare\Server\202\tomcat\bin\Tomcat6.exe C:\VMWare\Server\202\vmware-authd.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\VMWare\Server\202\vmware-hostd.exe C:\WINDOWS\system32\wscntfy.exe C:\Programs\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\BCMSMMSG.exe C:\Security\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Security\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programs\Java\jre\16013\bin\jp2ssv.dll O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Security\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Security\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Security\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Security\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\vmware\server\202\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\vmware\server\202\vsocklib.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195595532498 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} (VMware Remote Console Plug-in 2.5.0.00000) - O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Security\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\Programs\MySQL\5045\bin\mysqld-nt (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\VMWare\Server\202\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\VMWare\Server\202\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\VMWare\Server\202\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\VMWare\Server\202\vmVssWriter.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 6987 bytes 3. ) ComboFix Log ComboFix 10-01-04.01 - basab 01/07/2010 3:37.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1526 [GMT -8:00] Running from: c:\security\ComboFix\ComboFix.exe Command switches used :: c:\security\ComboFix\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\nvDrv.sy c:\windows\system32\drivers\ruuxhnq.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ruuxhnq -------\Service_ruuxhnq ((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 ))))))))))))))))))))))))))))))) . 2009-12-31 09:07 . 2009-12-31 09:07 -------- d-----w- c:\documents and settings\basab\Application Data\Malwarebytes 2009-12-31 09:07 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-31 09:07 . 2009-12-31 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-31 09:07 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 08:14 . 2009-12-31 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-31 08:14 . 2009-12-31 08:14 -------- d-----w- c:\documents and settings\basab\Application Data\SUPERAntiSpyware.com 2009-12-31 08:11 . 2009-12-31 08:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-31 08:06 . 2009-10-20 23:21 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe 2009-12-31 08:06 . 2009-10-20 23:22 399920 ----a-w- c:\windows\system32\vmnat.exe 2009-12-31 08:06 . 2009-10-20 23:22 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2009-12-31 08:06 . 2009-10-20 23:21 723504 ----a-w- c:\windows\system32\vnetlib.dll 2009-12-31 08:03 . 2009-12-31 08:03 -------- d-----w- c:\program files\VMware 2009-12-31 05:40 . 2007-08-14 21:04 9216 ----a-w- c:\windows\system32\ffnd.exe 2009-12-26 13:14 . 2009-12-26 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-26 12:56 . 2009-12-31 09:03 -------- d-----w- C:\Security 2009-12-26 01:33 . 2009-12-26 07:28 -------- d-----w- c:\documents and settings\basab\Application Data\FreeFixer 2009-12-26 01:33 . 2009-12-26 01:33 -------- d-----w- c:\documents and settings\basab\Local Settings\Application Data\FreeFixer 2009-12-20 13:03 . 2009-12-20 13:03 -------- d-sh--w- c:\documents and settings\anu\IECompatCache 2009-12-20 07:58 . 2009-12-20 07:59 -------- d-----w- c:\documents and settings\anu\Local Settings\Application Data\Microsoft 2009-12-20 07:58 . 2007-11-25 07:34 -------- d-----w- c:\documents and settings\anu\Local Settings\Application Data\Microsoft Help 2009-12-20 07:58 . 2009-12-20 13:03 -------- d-----w- c:\documents and settings\anu 2009-12-20 07:15 . 2009-12-20 07:15 -------- d-----w- c:\documents and settings\basab\Local Settings\Application Data\LogiShrd 2009-12-20 07:14 . 2009-12-20 07:14 -------- d-----w- c:\documents and settings\basab\Application Data\Leadertech 2009-12-20 07:14 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2RC.dll 2009-12-20 07:14 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2.dll 2009-12-20 07:14 . 2009-04-30 22:57 416280 ----a-r- c:\windows\system32\lvcodec2.dll 2009-12-20 07:14 . 2009-04-30 23:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys 2009-12-20 07:13 . 2009-04-30 22:39 34068 ----a-r- c:\windows\system32\Repository.reg 2009-12-20 07:13 . 2009-04-30 23:01 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys 2009-12-20 07:13 . 2009-04-30 22:57 199192 ----a-r- c:\windows\system32\lvci1201278.dll 2009-12-20 07:13 . 2009-04-30 23:00 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys 2009-12-20 07:12 . 2009-04-30 23:03 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys 2009-12-20 07:10 . 2009-12-21 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd 2009-12-20 07:10 . 2009-12-20 07:14 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-12-20 07:10 . 2009-12-20 07:15 -------- d-----w- c:\program files\Logitech 2009-12-20 07:09 . 2008-04-13 19:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2009-12-20 07:09 . 2008-04-13 19:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-12-20 07:09 . 2008-04-13 19:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys 2009-12-20 07:09 . 2008-04-13 19:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-12-20 07:09 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2009-12-20 07:09 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-12-20 06:31 . 2009-12-20 06:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-12-20 06:31 . 2010-01-03 01:43 -------- d-----w- c:\documents and settings\basab\Application Data\skypePM 2009-12-20 06:23 . 2010-01-03 15:58 -------- d-----w- c:\documents and settings\basab\Application Data\Skype 2009-12-20 06:05 . 2009-12-20 06:05 -------- d-----w- c:\program files\Common Files\Skype 2009-12-20 06:04 . 2009-12-20 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-12-20 05:58 . 2009-12-20 05:58 -------- d-----w- c:\documents and settings\basab\Local Settings\Application Data\Deployment 2009-12-09 09:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-07 11:45 . 2009-04-27 22:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware 2010-01-07 11:45 . 2009-03-05 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2010-01-06 00:22 . 2009-03-05 03:47 -------- d-----w- c:\documents and settings\basab\Application Data\VMware 2010-01-06 00:22 . 2009-03-05 03:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-03 15:17 . 2009-12-20 07:44 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-01-03 15:16 . 2009-12-20 07:12 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-01-01 09:58 . 2008-02-11 07:42 -------- d-----w- c:\program files\Core Services 2010-01-01 09:17 . 2009-03-05 02:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-12-28 22:31 . 2007-11-24 01:31 -------- d-----w- c:\documents and settings\basab\Application Data\JDeveloper 2009-12-25 03:55 . 2009-12-25 03:55 28 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat 2009-12-20 21:36 . 2007-12-27 21:20 -------- d-----w- c:\program files\Google 2009-12-20 21:33 . 2007-11-23 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-20 21:33 . 2007-11-27 06:21 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2009-12-20 19:30 . 2009-12-20 08:02 -------- d-----w- c:\documents and settings\anu\Application Data\Skype 2009-12-20 08:04 . 2009-12-20 08:04 -------- d-----w- c:\documents and settings\anu\Application Data\skypePM 2009-12-09 06:35 . 2007-11-21 22:18 75432 ----a-w- c:\documents and settings\basab\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-21 15:51 . 2003-07-16 16:17 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 07:45 . 2006-06-23 19:33 916480 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 23:22 . 2009-10-20 23:22 857520 ----a-w- c:\windows\system32\drivers\vmx86.sys 2009-10-20 23:22 . 2009-10-20 23:22 54960 ----a-w- c:\windows\system32\drivers\vmci.sys 2009-10-20 23:22 . 2009-10-20 23:22 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys 2009-10-20 23:21 . 2009-10-20 23:21 55856 ----a-w- c:\windows\system32\vnetinst.dll 2009-10-20 23:21 . 2009-10-20 23:21 50736 ----a-w- c:\windows\system32\vmnetbridge.dll 2009-10-20 23:21 . 2009-10-20 23:21 31280 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2009-10-20 23:21 . 2009-10-20 23:21 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys 2009-10-20 23:21 . 2009-10-20 23:21 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2006-05-14 09:13 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2003-07-16 16:36 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2003-07-16 16:36 79872 ----a-w- c:\windows\system32\raschap.dll 2008-08-24 07:12 . 2007-11-20 23:20 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-08-24 07:12 . 2007-11-20 23:20 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-08-24 07:12 . 2007-11-20 23:20 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-08-24 07:12 . 2007-11-20 23:20 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-08-24 07:12 . 2007-11-20 23:20 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\security\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] "SUPERAntiSpyware"="c:\security\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-07 2002160] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\security\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\security\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^basab^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\basab\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-11 03:51 39792 ----a-w- c:\programs\Adobe\Reader\811\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheTomcatMonitor] 2007-07-20 02:20 98304 ----a-w- c:\programs\Tomcat\bin\tomcat6w.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-05-08 18:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2004-10-26 20:01 4632576 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2004-10-26 20:01 921600 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-04-24 02:42 148888 ----a-w- c:\programs\Java\jre\16013\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-12-27 21:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Tomcat6"=3 (0x3) "TapiSrv"=3 (0x3) "SMTPSVC"=2 (0x2) "SCardSvr"=3 (0x3) "RSVP"=3 (0x3) "ImapiService"=3 (0x3) "IISADMIN"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "aspnet_state"=3 (0x3) "Apache2.2"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\VMWare\\Server\\202\\vmware-authd.exe"= "c:\\VMWare\\Server\\202\\vmware-hostd.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programs\\Skype\\Phone\\Skype.exe"= "c:\\Programs\\Skype\\Plugin Manager\\skypePM.exe"= R1 SASDIFSV;SASDIFSV;c:\security\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968] R1 SASKUTIL;SASKUTIL;c:\security\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2/4/2008 9:53 PM 8576] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/20/2009 3:22 PM 54960] R2 VMwareHostd;VMware Host Agent;c:\vmware\Server\202\vmware-hostd.exe [10/20/2009 3:21 PM 322096] R2 VMwareServerWebAccess;VMware Server Web Access;c:\vmware\Server\202\tomcat\bin\tomcat6.exe [10/20/2009 1:27 PM 57344] R3 SASENUM;SASENUM;c:\security\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408] S3 vmwriter;VMware VSS Writer;c:\vmware\Server\202\vmVssWriter.exe [10/20/2009 3:22 PM 29744] S4 Apache2.2;Apache2.2;c:\programs\Apache\22\bin\httpd.exe [6/13/2008 3:05 AM 24635] S4 Tomcat6;Apache Tomcat;c:\programs\Tomcat\bin\tomcat6.exe [7/19/2007 6:20 PM 57344] . Contents of the 'Scheduled Tasks' folder 2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{4A4E5F10-2AB0-4064-B999-26D7AFEDD4EE}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31] 2010-01-07 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-11 05:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\vmware\Server\202\vsocklib.dll Trusted Zone: bmaulik-pc DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} FF - ProfilePath - c:\documents and settings\basab\Application Data\Mozilla\Firefox\Profiles\xu0v4c7y.Firefox 3 Preview\ FF - plugin: c:\documents and settings\basab\Application Data\Mozilla\Firefox\Profiles\xu0v4c7y.Firefox 3 Preview\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll FF - plugin: c:\programs\Adobe\Reader\811\Reader\browser\nppdf32.dll FF - plugin: c:\programs\Java\jre\16013\bin\new_plugin\npdeploytk.dll FF - plugin: c:\programs\Java\jre\16013\bin\new_plugin\npjp2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-07 03:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\programs\MySQL\5045\bin\mysqld-nt\" --defaults-file=\"c:\programs\MySQL\5045\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\security\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(5316) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\programs\TortoiseSVN\bin\tortoisesvn.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\programs\TortoiseSVN\bin\intl3_svn.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\System32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\vmnat.exe c:\vmware\Server\202\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\wscntfy.exe c:\programs\TortoiseSVN\bin\TSVNCache.exe c:\windows\BCMSMMSG.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2010-01-07 03:56:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-07 11:56 ComboFix2.txt 2009-12-31 08:46 Pre-Run: 4,742,574,080 bytes free Post-Run: 4,741,701,632 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - C6E37AB1389C8521664D136A7B3FE8B3 I look forward to your feedback and advice. Thank you for your help!
Attached File(s)
|
 |
 
|
|
Jan 14 2010, 12:03 PM
Post
#2
|
|
 Forum Addict Group: Malware Study Hall Senior Posts: 1,783 Joined: 14-February 05 From: God's Country Member No.: 12,036 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE -------------------- |
|
|
|
|
Jan 19 2010, 02:51 PM
Post
#3
|
|
 Malware Response Team Group: Malware Response Team Posts: 1,733 Joined: 23-February 07 From: The United States Member No.: 113,595 |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact me or another staff member. Everyone else please start a new topic. --------------------  Unified Network of Instructors and Trained Eliminators  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 29th July 2010 - 09:31 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.