Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde!


  • This topic is locked This topic is locked
1 reply to this topic

#1 strmrage213

strmrage213

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 25 June 2008 - 02:56 PM

Ok guys, heres the thing. I used to work for dell on call and have learnt a few things about this God forsaken thing. unfortunately im not up to date on the new infections.

This is what has happened to my computer over the last few days.

it had been going on for a few weeks but i tried to ignore my internet slowing down. i thought it was the isp that was screwing me. then my pc started acting weird. the explorer.exe file would suddenly disappear and come back after a min.

then i realized that i could see many rundll32.exe files running in the task manager, all with very low usage. i thought something was up. so i scanned using bit defender, and ad-aware. found nothing with bit defender but ad-aware removed around 65 infections and some 12 privacy objects. unfortunately i was too eager to remove them so i just deleted them without logging the file names or anything of the sort.

today i got pissed off with the slow net and the slowing down of the computer that i formatted it.

i had backed up my software and other data on my other 2 partitions.

once i re-installed windows. i started installing my software. i installed nod32 this time. once i had installed all the necessary software. i ran a scan just for fun. too my surprice it detected VIRTUMONDE!

then i read the http://www.bleepingcomputer.com/combofix/how-to-use-combofix inorder to help me remove it, cuz vundofix wasnt working.

i got the following log file.....





ComboFix 08-06-20.4 - Dan 2008-06-26 1:02:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1611 [GMT 5.5:30]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-26 00:52 . 2008-06-26 00:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-26 00:29 . 2008-06-26 00:29 <DIR> d-------- C:\VundoFix Backups
2008-06-26 00:21 . 2008-06-26 00:21 41,984 --a------ C:\WINDOWS\system32\rqrSmLcb.Vdll
2008-06-26 00:18 . 2008-06-26 00:18 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-26 00:17 . 2008-06-26 00:17 <DIR> d-------- C:\Program Files\Fusion Media Player
2008-06-26 00:15 . 2008-06-26 00:15 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-26 00:05 . 2008-06-26 00:05 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\pe explorer
2008-06-25 23:30 . 2008-06-25 23:31 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\ViStart
2008-06-25 23:27 . 2008-06-25 23:45 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Program Files\WinFlip
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Program Files\VisualTooltip
2008-06-25 23:27 . 2008-06-25 23:57 <DIR> d-------- C:\Program Files\ViStart
2008-06-25 23:27 . 2008-06-25 23:30 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Program Files\ViOrb
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Program Files\TrueTransparency
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Program Files\Styler
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Program Files\LClock
2008-06-25 23:27 . 2008-06-25 23:27 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Styler
2008-06-25 23:27 . 2007-04-15 01:32 7,333,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-06-25 23:27 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-06-25 23:27 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-06-25 23:27 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-06-25 23:24 . 2008-06-25 23:27 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-06-25 23:24 . 2008-06-25 23:27 <DIR> d-------- C:\VTPFiles
2008-06-25 23:24 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-06-25 23:24 . 2008-06-25 23:24 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-06-25 23:24 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-06-25 23:24 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-06-25 23:24 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-06-25 23:04 . 2001-08-17 19:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-25 23:03 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-25 23:03 . 2004-08-04 00:56 74,240 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-06-25 23:03 . 2004-08-04 04:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-25 23:01 . 2008-06-26 00:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-25 23:01 . 2008-06-25 22:14 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-06-25 23:00 . 2008-06-25 17:42 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-06-25 21:34 . 2008-06-25 21:34 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-25 21:34 . 2008-06-25 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-25 21:23 . 2008-06-25 21:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 21:21 . 2008-06-25 21:21 <DIR> d-------- C:\Program Files\FlashGet
2008-06-25 21:21 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-06-25 21:17 . 2008-06-25 21:17 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-06-25 21:13 . 2008-06-25 21:13 268 --ah----- C:\sqmdata01.sqm
2008-06-25 21:13 . 2008-06-25 21:13 244 --ah----- C:\sqmnoopt01.sqm
2008-06-25 21:09 . 2008-06-25 21:09 <DIR> d-------- C:\Program Files\Foxit Software
2008-06-25 21:05 . 2008-06-25 21:05 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Autodesk
2008-06-25 20:59 . 2008-06-26 00:22 <DIR> d-------- C:\Program Files\Eset
2008-06-25 20:59 . 2008-06-25 20:59 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-25 20:59 . 2008-06-25 20:59 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-06-25 20:59 . 2007-01-04 04:22 26,013 --a------ C:\WINDOWS\system32\sleep.exe
2008-06-25 20:59 . 2008-06-25 20:59 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-25 20:57 . 2008-06-25 20:58 <DIR> d-------- C:\Program Files\Nero
2008-06-25 20:57 . 2008-06-25 20:57 <DIR> d-------- C:\Program Files\Fraps
2008-06-25 20:57 . 2008-06-25 20:57 <DIR> d-------- C:\Program Files\foobar2000
2008-06-25 20:57 . 2008-06-25 20:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-25 20:57 . 2008-06-25 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 20:57 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-06-25 20:57 . 2003-03-19 07:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-06-25 20:57 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-06-25 20:57 . 2003-03-18 23:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-25 20:57 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-06-25 20:57 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-06-25 20:57 . 2004-07-09 09:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-06-25 20:57 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-06-25 20:57 . 2007-05-22 11:02 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-25 20:56 . 2008-06-25 20:56 <DIR> d-------- C:\Program Files\Winamp
2008-06-25 20:56 . 2008-06-25 20:56 <DIR> d-------- C:\Program Files\Key Metric Software
2008-06-25 20:56 . 2008-06-25 20:56 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 20:56 . 2008-06-25 20:57 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{9EEC710E-58B9-4B76-93C5-36D01182487C}
2008-06-25 20:55 . 2008-06-25 20:55 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-06-25 20:55 . 2008-06-25 20:55 <DIR> d-------- C:\Program Files\Total Video Converter
2008-06-25 20:55 . 2008-06-25 22:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 20:55 . 2008-06-25 20:55 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\TuneUp Software
2008-06-25 20:55 . 2008-06-25 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-25 20:55 . 2000-05-23 03:28 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-06-25 20:55 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-25 20:54 . 2008-06-25 20:55 <DIR> d-------- C:\Program Files\Systemworks2006
2008-06-25 20:54 . 2008-06-25 20:54 <DIR> d-a------ C:\Program Files\ShutdownTimer
2008-06-25 20:54 . 2008-06-26 00:05 <DIR> d-------- C:\Program Files\PE Explorer
2008-06-25 20:54 . 2008-06-25 20:54 <DIR> d-------- C:\Program Files\Java
2008-06-25 20:54 . 2008-06-25 20:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-25 20:54 . 2008-06-25 20:54 <DIR> d-------- C:\Program Files\Audacity
2008-06-25 20:54 . 2008-06-25 20:54 <DIR> d-------- C:\Program Files\7-Zip
2008-06-25 20:54 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-25 20:53 . 2008-06-25 20:53 <DIR> d-------- C:\logdir
2008-06-25 20:45 . 2008-06-25 20:45 <DIR> d-------- C:\Program Files\eXPerience
2008-06-25 20:45 . 2004-12-19 11:32 31,232 --a------ C:\WINDOWS\system32\cmdow.exe
2008-06-25 20:45 . 2008-06-25 20:45 268 --ah----- C:\sqmdata00.sqm
2008-06-25 20:45 . 2008-06-25 20:45 244 --ah----- C:\sqmnoopt00.sqm
2008-06-25 20:44 . 2008-06-25 20:44 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-25 19:55 . 2008-06-25 19:55 <DIR> d-------- C:\Program Files\Turbo Squid Tentacles
2008-06-25 19:55 . 2008-06-25 19:55 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-06-25 19:50 . 2008-06-25 19:52 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-25 19:50 . 2008-06-25 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-25 19:49 . 2008-06-25 19:53 <DIR> d-------- C:\Program Files\Autodesk
2008-06-25 19:49 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-25 19:49 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-25 19:49 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-06-25 19:49 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-25 19:49 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-25 19:45 . 2008-06-25 19:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-25 19:44 . 2008-06-25 19:44 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-25 19:44 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-25 19:37 . 2008-06-25 19:37 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-25 19:26 . 2008-06-25 19:26 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-25 19:26 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-06-25 19:23 . 2008-06-25 21:41 <DIR> d-------- C:\Program Files\The KMPlayer
2008-06-25 19:22 . 2008-06-25 19:22 <DIR> d-------- C:\Program Files\ImTOO
2008-06-25 19:21 . 2008-06-25 19:21 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-06-25 19:21 . 2008-06-25 19:21 <DIR> d-------- C:\Program Files\Media Player Classic
2008-06-25 19:21 . 2008-06-26 00:16 <DIR> d-------- C:\Program Files\IrfanView
2008-06-25 19:21 . 2005-08-09 17:33 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-06-25 19:21 . 2005-08-09 17:33 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-06-25 19:17 . 2008-06-25 19:17 <DIR> d-------- C:\Program Files\Google
2008-06-25 19:17 . 2008-06-25 19:17 <DIR> d-------- C:\Program Files\Comical
2008-06-25 19:10 . 2008-06-25 19:48 <DIR> d-------- C:\Program Files\MSBuild
2008-06-25 19:10 . 2008-06-25 19:10 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-25 19:10 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-25 19:08 . 2008-06-25 19:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-25 19:07 . 2008-06-25 19:07 <DIR> dr-h----- C:\MSOCache
2008-06-25 19:07 . 2008-06-25 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-25 18:58 . 2008-06-25 18:58 <DIR> d-------- C:\Program Files\AvaFind
2008-06-25 18:58 . 2008-06-25 23:38 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\AvaFind Data
2008-06-25 18:54 . 2008-06-25 21:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 18:52 . 2008-06-25 20:57 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 17:08 --------- d-----w C:\Documents and Settings\Dan\Application Data\Key Metric Software
2008-06-25 16:55 --------- d-----w C:\Documents and Settings\Dan\Application Data\Vso
2008-06-25 16:53 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-25 16:53 47,360 ----a-w C:\Documents and Settings\Dan\Application Data\pcouffin.sys
2008-06-25 16:53 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-06-25 16:49 --------- d-----w C:\Program Files\LimeWire
2008-06-25 16:44 --------- d-----w C:\Documents and Settings\Dan\Application Data\Sports Interactive
2008-06-25 16:41 --------- d-----w C:\Documents and Settings\Dan\Application Data\Lionhead Studios
2008-06-25 16:34 --------- d-----w C:\Program Files\Lavasoft
2008-06-25 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 12:29 --------- d-----w C:\Program Files\Intel
2008-06-25 12:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 12:28 --------- d-----w C:\Program Files\ASUS
2008-06-25 12:27 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo
2008-06-25 12:27 --------- d-----w C:\Documents and Settings\Dan\Application Data\InstallShield
2008-06-25 12:22 --------- d-----w C:\Program Files\Realtek
2008-06-25 12:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 06:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-29 05:50 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 05:49 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 05:49 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 01:05 2026496 2141442fa3b95010704e1ebdbd26be1c C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 01:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2004-08-03 23:18 2159616 a766398afa3db1d4b78f0a53f47e332f C:\WINDOWS\system32\ntoskrnl.exe
2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2004-08-04 00:56 1422336 4b0011b8e35843966a3ce5685058420f C:\WINDOWS\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [2008-04-30 18:20 136704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-15 05:09 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-15 05:11 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-15 05:08 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"AvaFind"="C:\Program Files\AvaFind\AvaFind.exe" [2004-06-01 12:48 295936]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-25 20:59 949376]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-06-25 22:32 2468200]

C:\Documents and Settings\Dan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30993a18]
C:\WINDOWS\system32\jtiihehw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-05 00:13 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWWFSPU]
--a------ 2006-12-18 12:19 712781 C:\Program Files\ASUS WiFi-AP Solo\AWWFSPU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-10-13 00:06 16267776 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-17 23:34 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
--a------ 2007-11-19 13:01 163840 C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2007-11-20 13:51 524288 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2007-11-26 19:27 593920 C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"D:\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-11-01 08:40]
S3 AR2425;AzureWave AR5006 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\aw5006.sys [2006-12-18 11:30]
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-06-25 15:25:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 01:03:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 1:03:58
ComboFix-quarantined-files.txt 2008-06-25 19:33:55
ComboFix2.txt 2008-06-25 19:09:05

Pre-Run: 4,637,073,408 bytes free
Post-Run: 4,609,421,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

282




PLEASE TELL ME WHAT OTHER INFO YOU NEED TO HELP ME! oh and PLEASE HELP ME!!!!!!

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:57 AM

Posted 25 June 2008 - 03:17 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users