EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Virtumundo Virus HELP!

Posted 1/3/2009 11:15 AM
#70662
User avatar

jon310 Valued member

Date Joined Nov 2016
Total Posts: 14
I tried searching for a solution to this virus. This virus is preventing me from opening certain sites that would help resolve the threat. I tried VirtumundoBeGone but it would not work. I tried using A-Square and Spyware Doctor. They're not fixing the situation. Can someone please help me?

Edit here's my hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:19:09, on 1/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [Rmekez] rundll32.exe "C:\WINDOWS\Xxagi.dll",e
O4 - HKLM\..\Run: [Ryerehokonip] rundll32.exe "C:\WINDOWS\asilocemu.dll",e
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [dscen] C:\WINDOWS\system32\jkrgrwbo.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [A00F39E307.exe] C:\DOCUME~1\user\LOCALS~1\Temp\_A00F39E307.exe
O4 - HKCU\..\Run: [A00F3A37BF.exe] C:\DOCUME~1\user\LOCALS~1\Temp\_A00F3A37BF.exe
O4 - HKLM\..\Policies\Explorer\Run: [tiNjMB2pko] C:\Documents and Settings\All Users\Application Data\ninyjyzi\nqhwpopo.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - https://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - https://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173379413453
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - https://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304D9B2F-5EE8-452D-ABD8-DBD15B46610B}: NameServer = 208.67.222.222,208.67.220.220
O18 - Filter hijack: text/html - {1605c256-7ede-4cbf-8274-3174ee374dc5} - C:\WINDOWS\system32\msziptools.dll
O21 - SSODL: genmntcmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - C:\Program Files\vdicmyc\genmntcmd.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Program Files\dopewars-1.5.12\dopewars.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10930 bytes
Posted 1/4/2009 4:46 AM
#70689
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:





Download: CCleaner
[color=#0000ff>https://www.majorgeeks.com/download4191.html[/url]]https://www.ccleaner.com/[/color]

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok


Then click Run Cleaner (bottom right) then Exit

Reboot



Please download Malwarebytes' Anti-Malware:

[color=#0000ff>https://www.spywarefri.dk/downloads1/mbam-setup.exe[/url]



Or here:

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968[/color]



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Please connect all your external hard drive/flash drive before running Malwarebyte



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.







NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Please post malwarebyte log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/4/2009 10:48 PM
#70716
User avatar

jon310 Valued member

Date Joined Nov 2016
Total Posts: 14
I left the scanning on for 8 hours during my sleep. I woke up and it finished in 53 minutes. Do I have to do it again?


Malwarebytes' Anti-Malware 1.31
Database version: 1610
Windows 5.1.2600 Service Pack 2

1/4/2009 02:38:59 PM
mbam-log-2009-01-04 (14-38-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182748
Time elapsed: 52 minute(s), 44 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 68

Memory Processes Infected:
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\msziptools.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{44BF99A1-D96E-D1A8-165F-093B09B4FCA3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1605c256-7ede-4cbf-8274-3174ee374dc5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\genmntcmd (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rmekez (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ryerehokonip (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f39e307.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3a37bf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\vdicmyc\genmntcmd.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MPlay\Crazy Arcade\GameGuard.des (Malware.Unknown) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbfxvyll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqoljKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ockpvilv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKEUno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekacgqtjxfe.dll (Trojan.Seneka) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\beep.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP698\A0091209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP698\A0091210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP698\A0092209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP698\A0092210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP698\A0092211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP698\A0092212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP615\A0077358.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP615\A0078512.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP615\A0078537.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP616\A0078580.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB02D-286C-4F95-AA0A-F717F0617A77}\RP616\A0078652.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Xxagi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\asilocemu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msziptools.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekahovrdqps.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaqhrqalbo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekabpjoymkk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
Posted 1/5/2009 6:34 AM
#70736
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I hope not :smile:



Please download Combofix:

https://download.bleepingcomputer.com/subs/combofix.exe



And save to the desktop.


Close all other browser windows.



Please connect all your external hard drive/flash drive before running Combofix, if you have any







Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".



Double-click on the combofix icon found on your desktop.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/5/2009 10:43 AM
#70744
User avatar

jon310 Valued member

Date Joined Nov 2016
Total Posts: 14
ComboFix 09-01-04.01 - user 2009-01-05 2:25:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1444 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
FW: Norton Internet Security *disabled*
* Created a new restore point

[COLOR=RED]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/COLOR]
.
/wow section - STAGE 1
Access is denied.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common\helper.sig
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\acMTwGgh.ini
c:\windows\system32\acMTwGgh.ini2
c:\windows\system32\ikTBHkkj.ini
c:\windows\system32\ikTBHkkj.ini2
c:\windows\system32\rymfdkkx.ini
c:\windows\system32\tmp.reg
c:\windows\system32\tnhwhroj.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-04 06:01 . 2009-01-04 06:01 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 06:01 . 2009-01-04 06:01 d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-04 06:01 . 2009-01-04 06:01 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 06:01 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 06:01 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 05:57 . 2009-01-04 05:57 d-------- c:\program files\CCleaner
2009-01-03 03:19 . 2009-01-03 03:19 d-------- c:\program files\Trend Micro
2009-01-03 02:27 . 2009-01-03 15:56 d-------- c:\program files\a-squared Anti-Malware
2009-01-03 02:12 . 2009-01-03 02:14 d-------- c:\program files\SpywareDetector
2009-01-03 02:12 . 2008-12-17 19:12 1,056,768 --a------ c:\windows\system32\CheckDll.dll
2009-01-03 02:12 . 2008-12-04 19:24 13,776 --a------ c:\windows\system32\SDEarlyDelete.exe
2009-01-03 02:12 . 2009-01-03 02:12 110 --a------ c:\windows\system32\SDEarlyDelete.ini
2009-01-03 02:12 . 2005-02-06 09:02 104 --a------ c:\windows\system32\ProxySettings.ini
2009-01-03 02:12 . 2009-01-05 02:34 63 --a------ c:\windows\system\SysSD.dll
2009-01-02 15:14 . 2009-01-02 15:14 40,448 --a------ c:\windows\system32\k9261108.exe
2008-12-28 03:38 . 2008-12-29 04:35 d-------- c:\program files\Hamachi
2008-12-28 03:38 . 2009-01-05 02:36 d-------- c:\documents and settings\user\Application Data\Hamachi
2008-12-28 03:38 . 2008-12-28 03:38 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-28 02:51 . 2008-12-28 03:49 d-------- c:\program files\Left4Dead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 10:35 --------- d-----w c:\program files\Steam
2009-01-05 10:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-05 10:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-05 10:27 --------- d-----w c:\program files\Common
2009-01-05 10:15 --------- d-----w c:\program files\Warcraft III
2009-01-04 22:41 --------- d-----w c:\program files\vdicmyc
2009-01-04 14:02 --------- d-----w c:\program files\GetRight
2009-01-03 10:59 --------- d-----w c:\program files\Spyware Doctor
2009-01-03 10:47 --------- d-----w c:\program files\Viewpoint
2008-11-24 21:42 --------- d-----w c:\documents and settings\user\Application Data\Nexon
2008-11-24 21:41 --------- d-----w c:\program files\Common Files\INCA Shared
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2008-10-08 18:02 18,752 ----a-w c:\windows\ufutuni.bat
2008-10-08 18:02 17,447 ----a-w c:\documents and settings\user\Application Data\suje.vbs
2008-10-08 18:02 16,376 ----a-w c:\program files\Common Files\lemo.dll
2008-10-08 18:02 15,549 ----a-w c:\windows\system32\uwycekomun.com
2008-10-08 18:02 15,163 ----a-w c:\documents and settings\user\Application Data\asuvaselo.reg
2008-10-08 18:02 14,150 ----a-w c:\windows\cehi.reg
2008-10-08 18:02 12,690 ----a-w c:\windows\otavihesyn.com
2008-10-08 18:02 12,054 ----a-w c:\documents and settings\All Users\Application Data\lagybipyj.exe
2008-10-08 18:02 11,955 ----a-w c:\windows\jukuf.sys
2008-10-08 18:02 11,756 ----a-w c:\program files\Common Files\bituta.lib
2008-10-08 18:02 10,929 ----a-w c:\documents and settings\user\Application Data\erylum.exe
2007-10-25 01:50 1 ----a-w c:\documents and settings\user\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-21 7774208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-21 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-13 771704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-12-14 2782352]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-12-21 c:\windows\system32\nwiz.exe]

c:\documents and settings\user\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-28 625952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2007-04-06 4150608]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-12-01 11:15 475136 c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.imm4"= vcmimm4.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MPlay\\Crazy Arcade\\NewPatcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarCraft III Battle.net

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-17 106808]
R3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2007-03-11 141056]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-08 356920]
R4 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [2009-01-03 920840]
R4 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [2009-01-03 1701328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-03-22 24652]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

---- Other Services/Drivers In Memory ----

mchInjDrv

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2007-11-02 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186029956.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-01-05 c:\windows\Tasks\ikioysot.job
- c:\windows\system32\rundll32.exe [2006-02-28 04:00]

2008-12-30 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - user.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-dscen - c:\windows\system32\jkrgrwbo.exe
HKLM-Explorer_Run-tiNjMB2pko - c:\documents and settings\All Users\Application Data\ninyjyzi\nqhwpopo.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {304D9B2F-5EE8-452D-ABD8-DBD15B46610B} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\yv53jnep.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-05 02:35:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1580818891-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:6b,1c,41,44,66,a6,48,d6,33,1c,aa,b5,d3,45,f7,6b,03,00,74,e0,3f,e7,50,\
8b,8d,55,a8,cc,49,91,0e,f0,6e,81,a5,c8,a0,17,47,b6,e8,66,70,79,ef,38,06,98,\
12,4e,92,7b,1d,ad,5a,b7,af,23,a2,ff,21,83,4d,92,ca,1a,fa,1a,fa,a2,21,03,a5,\
97,19,6e,dc,dd,81,40,b3,5c,55,c5,ab,a1,d2,6b,97,d9,9d,1a,0f,4b,cb,1b,04,84,\
96,fa,c0,5c,9f,08,fa,45,f4,1e,37,58,27,73,b3,a3,85,20,1c,97,f9,e0,75,9d,6e,\
84,b2,b9,3f,ae,fd,73,a5,06,97,42,d1,b4,c0,3a,f8,8d,7b,f6,de,bb,93,1c,c5,d4,\
84,e7,56,07,13,8a,3a,a4,a7,66,dc,68,f2,a0,bd,99,c2,35,71,da,58,a1,ea,86,82,\
08,8f,4b,79,b1,48,83,16,17,64,8e,06,e9,b7,20,df,cf,0c,9d,b3,42,c3,cd,b5,d4,\
86,1b,01,7c,b2,85,f1,91,44,fb,ea,94,df,39,1c,ae,ea,a4,c7,4b,ed,17,14,01,d6,\
4d,55,46,b6,c3,58,5c,0e,8f,e3,57,e5,86,87,d8,68,65,71,7b,6f,5f,30,d7,e2,79,\
be,14,bb,16,23,a4,df,aa,98,63,61,2b,76,3f,95,ec,12,c1,0b,c1,16,f5,16,21,5f,\
ac,b0,ef,47,b8,fb,77,f7,da,6b,ac,aa,99,d1,80,d8,f0,a4,b1,3f,c3,8f,92,48,f5,\
2b,99,c4,27,60,10,04,f3,2a,09,e3,03,f4,c5,13,00,79,f3,52,d0,a7,5c,f3,25,67,\
4d,b3,0a,d1,0f,e5,85,eb,1a,20,74,5a,ba,b7,45,4e,1a,68,9e,6b,ae,55,a0,b4,2c,\
c7,8c,03,ed,93,f4,ea,5e,e9,cc,fe,51,70,ab,af,f4,d9,43,a4,f1,9c,2c,19,f3,ab,\
00,59,80,8e,35,c1,b6,be,8d,52,87,92,a5,3c,55,d7,be,67,be,6f,08,94,fd,c0,90,\
d1,57,d0,87,a9,09,af,a9,d7,ed,d5,bb,4b,7b,68,17,64,dd,02,f2,6c,3a,67,6c,d0,\
28,a2,cb,dd,f3,8e,13,2e,3b,24,f5,9d,fe,3a,24,c4,2a,ce,c1,f6,05,0b,13,0d,a8,\
0f,03,19,bd,77,a7,c4,be,94,42,d4,b2,9f,4a,c6,38,34,ff,c2,53,42,55,58,7e,3d,\
40,0b,ac,ee,73,30,bb,b5,9b,62,a3,d2,11,2f,7f,e9,8a,84,94,9e,a9,c3,b7,36,d0,\
42,31,7b,b2,a9,14,35,f1,41,32,2e,22,f4,65,d4,77,f4,0c,81,b6,23,40,33,8e,0e,\
37,45,2a,31,78,ed,04,23,de,8e,86,58,2d,66,d1,aa,ea,82,57,8b,d5,5f,da,cc,5c,\
65,66,37,26,80,64,eb,35,eb,d6,d1,ab,0e,ed,38,da,10,fd,3d,4c,5e,3b,40,e9,e0,\
c3,f9,ce,ee,7f,ac,bf,83,34,ca,5e,ea,13,57,6d,aa,31,54,38,cd,25,3d,2c,74,81,\
87,f8,a8,60,fd,0c,be,eb,6a,d4,d8,8f,e1,23,09,df,da,5b,92,be,33,fd,92,3b,f4,\
f7,a1,95,00,4e,a9,8e,9c,db,16,23,3e,07,eb,6b,59,9b,6f,27,9f,80,04,e4,e5,97,\
27,ea,2c,c2,fe,31,92,0b,09,4f,99,a1,fe,22,63,b9,d0,e6,de,c0,e6,07,06,ae,98,\
f0,06,d9,a4,91,5a,25,1e,45,0f,2b,99,ce,07,5c,62,ad,ae,45,96,de,88,4e,09,47,\
b9,bd,b4,a4,34,9c,45,f9,3f,21,bc,e3,a9,24,28,47,41,95,aa,7b,ef,90,ba,9b,d4,\
42,ad,d0,5c,c5,c1,6e,fc,e3,5a,3e,58,22,53,12,26,a1,97,48,07,45,77,dc,10,4e,\
c1,55,d4,b0,3d,7e,7a,1c,f8,ee,f9,7f,5d,d1,60,4c,66,be,7e,a1,8b,fc,ff,63,e4,\
46,2b,92,b2,29,ab,25,05,63,2f,74,5b,0f,6a,d4,a3,57,d5,db,fd,b5,5e,ba,29,f8,\
99,33,0c,71,a7,0d,a1,e1,d9,0c,ee,75,48,40,8a,e2,65,75,84,22,04,8f,be,77,a4,\
63,ce,0d,fe,b5,8b,ea,83,05,dd,2c,0d,ce,fe,83,d2,c0,a9,f1,03,33,ce,22,b1,45,\
67,67,a6,4f,39,b9,1b,85,1c,f7,41,19,9e,08,9a,c6,d9,e5,7e,1b,2d,53,44,7a,46,\
47,39,f0,24,8f,b4,6a,ed,b5,ee,30,16,5c,82,27,d4,3e,52,8b,2b,31,67,ca,a6,04,\
56,31,5d,d6,62,da,ed,3b,25,9c,43,1a,7b,6d,ff,b9,d6,07,5a,d1,ba,c0,dc,29,46,\
0c,5c,8e,d7,8a,c9,07,53,0e,a9,0a,09,cc,be,99,4b,6f,9d,ce,9c,ca,52,09,fe,27,\
95,8f,37,92,cb,f9,0a,c2,ce,84,b1,3d,83,c2,b9,ee,c5,25,ab,4f,89,2e,49,26,9b,\
0a,64,5f,ae,27,31,2d,df,cb,d8,05,3a,19,bf,af,b2,cd,83,02,4b,6b,c3,01,f5,bb,\
60,7e,b6,e4,08,d1,01,69,43,4d,45,73,fc,1f,84,a6,f6,91,53,d0,12,39,d9,b7,2d,\
ec,e0,e6,6f,e1,fd,75,ce,ff,80,59,bd,4f,e5,3c,6b,29,59,d6,75,3e,8c,05,c6,57,\
8b,90,51,ca,c4,ee,58,ad,d2,28,b6,27,31,93,cc,8e,c6,9a,e9,74,27,65,18,6f,0f,\
44,58,07,f8,12,34,c3,a4,80,97,d9,8f,d2,ab,2c,15,95,37,f1,b8,2b,e5,7d,9a,c6,\
5e,d9,45,9b,5d,b9,41,1a,93,9d,f3,d7,06,c5,03,89,41,5d,4c,f0,cf,0e,eb,8c,c0,\
d7,9a,91,59,1d,2a,f3,65,80,e1,f0,2d,0c,9e,14,b1,51,12,51,e2,54,ef,8f,eb,7e,\
cc,af,4b,0b,bc,09,76,1e,fb,7e,36,e1,2c,94,0f,03,1f,7e,2e,f8,e9,6a,b5,48,23,\
f2,f0,ec,3d,ca,66,52,b4,ed,59,d6,b6,d2,13,8a,21,4b,16,a0,84,fe,fe,a9,16,93,\
bc,1d,80,9a,9f,ce,34,ac,e3,b1,7c,a7,c6,32,3e,31,58,25,d7,f7,25,76,79,6a,ed,\
96,c1,d9,88,f7,a1,80,1b,13,a9,9a,fd,a7,60,95,96,e4,8c,62,a9,a0,42,cd,e0,c9,\
0d,57,1c,51,0d,53,04,31,a9,ed,71,8f,a0,69,0e,8c,e6,59,5a,8e,1d,32,5c,de,79,\
02,de,85,f2,d0,d5,3c,44,3d,89,ce,b0,11,66,ae,f0,c6,ed,1a,df,81,10,24,28,cc,\
3b,aa,53,65,13,c4,79,53,5e,3a,e7,e6,28,0a,ec,57,a7,67,10,8a,91,49,6c,93,6b,\
c8,17,d7,45,f6,e0,2c,31,e4,49,02,95,5a,64,1e,18,51,ef,d9,17,69,22,69,2f,9f,\
ad,fe,18,57,b1,c7,c6,18,26,ba,77,46,18,e4,a6,42,db,0c,58,6c,74,3c,b2,82,67,\
90,75,65,0c,29,5f,bf,8b,53,c7,c9,10,c7,1e,b0,2a,77,c5,44,b5,54,d0,49,53,c2,\
7c,0e,93,e9,cc,c4,20,e0,63,d2,ec,cb,06,c0,d5,ab,fd,23,c6,dd,f0,5d,6f,20,c0,\
c4,a3,f8,26,6f,3a,a3,cc,fa,b1,38,76,31,b9,14,cd,96,84,8d,f9,b6,80,00,b1,3a,\
ce,61,15,f9,9d,a8,be,8d,d8,71,5e,8d,b4,e0,71,f7,ba,a9,4f,7b,82,bd,8c,bd,b5,\
5d,19,7e,df,b4,9b,97,d2,f5,60,4e,48,11,b6,66,b2,82,a5,75,05,25,d7,e9,c9,2e,\
19,d7,28,08,43,9b,75,b2,f2,11,fb,18,72,16,b0,43,10,4f,6a,98,d2,5b,a3,cd,bf,\
63,73,8e,83,6d,32,f8,63,28,da,4f,d0,3e,0a,2a,16,62,50,01,d0,89,52,aa,ef,e9,\
73,52,91,8b,01,44,14,b9,43,c0,83,91,15,f3,4d,b5,19,32,59,2f,73,67,c6,26,2f,\
f3,a7,28,5b,e5,60,fd,50,8f,cb,13,df,d6,c4,4b,4b,1f,a2,93,19,9f,3d,36,db,c1,\
c1,23,8a,1c,50,b2,cb,ba,cd,bf,0e,d9,3a,f0,1b,aa,2c,4a,42,b6,e3,1a,4f,a3,96,\
3c,bb,91,fc,0e,c0,6e,13,e2,86,5e,34,f8,78,a5,d5,95,67,a9,3f,f9,97,a3,b0,10,\
c9,7f,2f,48,56,14,46,42,3c,7d,76,44,78,6c,4c,4c,f8,9a,32,16,a8,78,d9,5a,76,\
e7,fc,ff,d4,37,95,f9,e2,8d,16,00,2e,20,8f,14,3e,62,7e,87,54,18,14,24,f0,33,\
ac,dc,8d,28,87,59,a7,e4,b5,a1,0b,26,a3,0f,ac,32,6a,50,52,b3,a5,37,fb,c8,02,\
4f,f1,5d,ea,74,31,95,be,10,eb,94,f8,77,ad,5d,ac,6b,8c,52,07,a3,a7,66,ff,41,\
1c,f1,a4,ba,48,67,f8,59,9c,2b,8c,c8,d2,f5,9a,d1,b9,72,07,04,52,45,e2,f7,e6,\
f3,fd,f7,24,a2,a0,83,7e,c2,a2,ed,7d,b4,dc,08,2b,1e,a5,47,bc,bb,92,d6,35,af,\
88,c9,61,97,98,3f,91,ca,d0,c8,52,71,f0,f3,c2,0c,9a,bd,1e,8f,0b,e6,d2,54,47,\
cd,2a,80,99,98,4e,61,7b,c8,d2,6e,e5,62,f0,fe,6c,fc,98,b8,04,e3,80,39,ad,6f,\
8d,ce,97,6c,da,b2,5f,ed,6f,05,99,3f,9b,78,13,2c,a0,20,29,b4,f9,2a,ca,fe,49,\
03,eb,da,0d,64,ef,16,60,11,77,e3,6b,3f,b7,3a,20,f7,ba,2a,f0,a9,a1,48,0c,ee,\
42,ee,4c,0d,d1,8c,c9,60,53,53,ca,db,89,8e,d9,b0,bb,f0,d6,7a,46,eb,6c,ed,c7,\
05,cd,4a,46,9f,ea,78,07,67,b1,d8,ac,35,79,d2,7c,63,81,6c,9a,d7,80,6b,ba,f4,\
02,30,84,48,7e,c4,43,54,68,fa,75,64,5b,60,d1,67,d0,f9,12,0a,d4,d5,b4,0f,8a,\
4e,eb,43,44,67,be,07,bd,db,b0,98,2b,db,69,24,90,16,2d,ba,19,5a,d6,db,b4,14,\
87,34,60,ff,28,dc,35,11,be,a2,9c,b2,7a,ef,44,ae,0a,d8,e7,43,8a,cb,f7,94,e0,\
c8,da,f6,73,20,dd,1f,b5,03,b8,72,47,a3,06,9f,6b,89,0c,b2,67,bc,ce,96,2b,e7,\
7d,e3,b0,7f,bc,e6,76,2a,02,47,ec,d2,70,97,ca,4a,d2,2a,d4,ea,98,41,b0,d9,54,\
82,93,42,47,e4,07,e1,ac,5e,ee,30,1c,e6,3a,f1,81,06,0e,fc,d8,92,f2,b3,aa,52,\
7f,1e,95,ab,76,7d,a2,53,c2,b8,07,f5,ce,4c,27,58,58,15,93,3a,c5,fa,4f,19,8e,\
94,79,7b,25,3c,83,fa,ad,b1,77,00,a5,63,a8,1c,61,f6,10,ee,06,d1,5f,e7,e0,41,\
f6,7e,71,41,fe,76,11,41,f6,4e
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-01-05 2:42:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 10:42:13

Pre-Run: 9,341,538,304 bytes free
Post-Run: 9,265,737,728 bytes free

329 --- E O F --- 2008-12-19 11:00:59
Posted 1/6/2009 8:24 AM
#70776
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
[color=#ff0000>Close/disable]
[/color]



Open notepad and copy/paste the text in the quotebox below into it:




Quote:



[table style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid windowtext .75pt; mso-padding-alt: 0cm 3.5pt 0cm 3.5pt" cellSpacing=0 cellPadding=0 border=1]
[tr ][td style="BORDER-RIGHT: windowtext 0.75pt solid; PADDING-RIGHT: 3.5pt; BORDER-TOP: windowtext 0.75pt solid; PADDING-LEFT: 3.5pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 0.75pt solid; WIDTH: 488.9pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 0.75pt solid; BACKGROUND-COLOR: transparent" vAlign=top width=652]Killall::



Snapshot::



File::

c:\windows\Tasks\ikioysot.job

c:\windows\system\SysSD.dll
c:\windows\system32\k9261108.exe

C:\windows\ufutuni.bat
c:\documents and settings\user\Application Data\suje.vbs
c:\program files\Common Files\lemo.dll
c:\windows\system32\uwycekomun.com

c:\documents and settings\user\Application Data\asuvaselo.reg
c:\windows\cehi.reg
c:\windows\otavihesyn.com
c:\documents and settings\All Users\Application Data\lagybipyj.exe
c:\windows\jukuf.sys
c:\program files\Common Files\bituta.lib
c:\documents and settings\user\Application Data\erylum.exe



Folder::

c:\documents and settings\All Users\Application Data\ninyjyzi



Domains::

Hosts::



[/td][/tr][/table]

Save this as:
CFScript



https://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe



Then post fresh combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/6/2009 10:14 AM
#70782
User avatar

jon310 Valued member

Date Joined Nov 2016
Total Posts: 14
ComboFix 09-01-05.05 - user 2009-01-06 2:00:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1574 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
FW: Norton Internet Security *disabled*
* Created a new restore point

[COLOR=RED]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/COLOR]

FILE ::
c:\documents and settings\All Users\Application Data\lagybipyj.exe
c:\documents and settings\user\Application Data\asuvaselo.reg
c:\documents and settings\user\Application Data\erylum.exe
c:\documents and settings\user\Application Data\suje.vbs
c:\program files\Common Files\bituta.lib
c:\program files\Common Files\lemo.dll
c:\windows\cehi.reg
c:\windows\jukuf.sys
c:\windows\otavihesyn.com
c:\windows\system\SysSD.dll
c:\windows\system32\k9261108.exe
c:\windows\system32\uwycekomun.com
c:\windows\Tasks\ikioysot.job
c:\windows\ufutuni.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\lagybipyj.exe
c:\documents and settings\user\Application Data\asuvaselo.reg
c:\documents and settings\user\Application Data\erylum.exe
c:\documents and settings\user\Application Data\suje.vbs
c:\program files\Common Files\bituta.lib
c:\program files\Common Files\lemo.dll
c:\windows\cehi.reg
c:\windows\jukuf.sys
c:\windows\otavihesyn.com
c:\windows\system\SysSD.dll
c:\windows\system32\k9261108.exe
c:\windows\system32\uwycekomun.com
c:\windows\Tasks\ikioysot.job
c:\windows\ufutuni.bat

.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-05 18:31 . 2009-01-05 18:31 d-------- c:\program files\iTunes
2009-01-05 18:31 . 2009-01-05 18:31 d-------- c:\program files\iPod
2009-01-05 18:31 . 2009-01-05 18:31 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-05 18:29 . 2009-01-05 18:29 d-------- c:\program files\Bonjour
2009-01-05 18:28 . 2009-01-05 18:28 d-------- c:\program files\QuickTime
2009-01-05 16:58 . 2009-01-05 16:58 d-------- c:\program files\Ares
2009-01-05 03:59 . 2009-01-05 03:59 d-------- c:\program files\MSECache
2009-01-04 06:01 . 2009-01-04 06:01 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 06:01 . 2009-01-04 06:01 d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-04 06:01 . 2009-01-04 06:01 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 06:01 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 06:01 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 05:57 . 2009-01-04 05:57 d-------- c:\program files\CCleaner
2009-01-03 03:19 . 2009-01-03 03:19 d-------- c:\program files\Trend Micro
2008-12-28 03:38 . 2008-12-29 04:35 d-------- c:\program files\Hamachi
2008-12-28 03:38 . 2009-01-06 02:08 d-------- c:\documents and settings\user\Application Data\Hamachi
2008-12-28 03:38 . 2008-12-28 03:38 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-28 02:51 . 2008-12-28 03:49 d-------- c:\program files\Left4Dead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 10:08 --------- d-----w c:\program files\Steam
2009-01-06 10:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-06 10:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-06 09:37 --------- d-----w c:\program files\Apple Software Update
2009-01-06 02:31 --------- d-----w c:\program files\Common Files\Apple
2009-01-05 23:50 --------- d-----w c:\program files\Warcraft III
2009-01-05 10:27 --------- d-----w c:\program files\Common
2009-01-04 22:41 --------- d-----w c:\program files\vdicmyc
2009-01-04 14:02 --------- d-----w c:\program files\GetRight
2009-01-03 10:59 --------- d-----w c:\program files\Spyware Doctor
2009-01-03 10:47 --------- d-----w c:\program files\Viewpoint
2008-11-24 21:42 --------- d-----w c:\documents and settings\user\Application Data\Nexon
2008-11-24 21:41 --------- d-----w c:\program files\Common Files\INCA Shared
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2007-10-25 01:50 1 ----a-w c:\documents and settings\user\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-21 7774208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-21 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-13 771704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-12-21 c:\windows\system32\nwiz.exe]

c:\documents and settings\user\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-28 625952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2007-04-06 4150608]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.imm4"= vcmimm4.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MPlay\\Crazy Arcade\\NewPatcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WarCraft III Battle.net

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-17 106808]
R3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2007-03-11 141056]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-08 356920]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-03-22 24652]
S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2007-11-02 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1186029956.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-01-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - user.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {304D9B2F-5EE8-452D-ABD8-DBD15B46610B} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\yv53jnep.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-06 02:05:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1580818891-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:6b,1c,41,44,66,a6,48,d6,33,1c,aa,b5,d3,45,f7,6b,03,00,74,e0,3f,e7,50,\
8b,8d,55,a8,cc,49,91,0e,f0,6e,81,a5,c8,a0,17,47,b6,e8,66,70,79,ef,38,06,98,\
12,4e,92,7b,1d,ad,5a,b7,af,23,a2,ff,21,83,4d,92,ca,1a,fa,1a,fa,a2,21,03,a5,\
97,19,6e,dc,dd,81,40,b3,5c,55,c5,ab,a1,d2,6b,97,d9,9d,1a,0f,4b,cb,1b,04,84,\
96,fa,c0,5c,9f,08,fa,45,f4,1e,37,58,27,73,b3,a3,85,20,1c,97,f9,e0,75,9d,6e,\
84,b2,b9,3f,ae,fd,73,a5,06,97,42,d1,b4,c0,3a,f8,8d,7b,f6,de,bb,93,1c,c5,d4,\
84,e7,56,07,13,8a,3a,a4,a7,66,dc,68,f2,a0,bd,99,c2,35,71,da,58,a1,ea,86,82,\
08,8f,4b,79,b1,48,83,16,17,64,8e,06,e9,b7,20,df,cf,0c,9d,b3,42,c3,cd,b5,d4,\
86,1b,01,7c,b2,85,f1,91,44,fb,ea,94,df,39,1c,ae,ea,a4,c7,4b,ed,17,14,01,d6,\
4d,55,46,b6,c3,58,5c,0e,8f,e3,57,e5,86,87,d8,68,65,71,7b,6f,5f,30,d7,e2,79,\
be,14,bb,16,23,a4,df,aa,98,63,61,2b,76,3f,95,ec,12,c1,0b,c1,16,f5,16,21,5f,\
ac,b0,ef,47,b8,fb,77,f7,da,6b,ac,aa,99,d1,80,d8,f0,a4,b1,3f,c3,8f,92,48,f5,\
2b,99,c4,27,60,10,04,f3,2a,09,e3,03,f4,c5,13,00,79,f3,52,d0,a7,5c,f3,25,67,\
4d,b3,0a,d1,0f,e5,85,eb,1a,20,74,5a,ba,b7,45,4e,1a,68,9e,6b,ae,55,a0,b4,2c,\
c7,8c,03,ed,93,f4,ea,5e,e9,cc,fe,51,70,ab,af,f4,d9,43,a4,f1,9c,2c,19,f3,ab,\
00,59,80,8e,35,c1,b6,be,8d,52,87,92,a5,3c,55,d7,be,67,be,6f,08,94,fd,c0,90,\
d1,57,d0,87,a9,09,af,a9,d7,ed,d5,bb,4b,7b,68,17,64,dd,02,f2,6c,3a,67,6c,d0,\
28,a2,cb,dd,f3,8e,13,2e,3b,24,f5,9d,fe,3a,24,c4,2a,ce,c1,f6,05,0b,13,0d,a8,\
0f,03,19,bd,77,a7,c4,be,94,42,d4,b2,9f,4a,c6,38,34,ff,c2,53,42,55,58,7e,3d,\
40,0b,ac,ee,73,30,bb,b5,9b,62,a3,d2,11,2f,7f,e9,8a,84,94,9e,a9,c3,b7,36,d0,\
42,31,7b,b2,a9,14,35,f1,41,32,2e,22,f4,65,d4,77,f4,0c,81,b6,23,40,33,8e,0e,\
37,45,2a,31,78,ed,04,23,de,8e,86,58,2d,66,d1,aa,ea,82,57,8b,d5,5f,da,cc,5c,\
65,66,37,26,80,64,eb,35,eb,d6,d1,ab,0e,ed,38,da,10,fd,3d,4c,5e,3b,40,e9,e0,\
c3,f9,ce,ee,7f,ac,bf,83,34,ca,5e,ea,13,57,6d,aa,31,54,38,cd,25,3d,2c,74,81,\
87,f8,a8,60,fd,0c,be,eb,6a,d4,d8,8f,e1,23,09,df,da,5b,92,be,33,fd,92,3b,f4,\
f7,a1,95,00,4e,a9,8e,9c,db,16,23,3e,07,eb,6b,59,9b,6f,27,9f,80,04,e4,e5,97,\
27,ea,2c,c2,fe,31,92,0b,09,4f,99,a1,fe,22,63,b9,d0,e6,de,c0,e6,07,06,ae,98,\
f0,06,d9,a4,91,5a,25,1e,45,0f,2b,99,ce,07,5c,62,ad,ae,45,96,de,88,4e,09,47,\
b9,bd,b4,a4,34,9c,45,f9,3f,21,bc,e3,a9,24,28,47,41,95,aa,7b,ef,90,ba,9b,d4,\
42,ad,d0,5c,c5,c1,6e,fc,e3,5a,3e,58,22,53,12,26,a1,97,48,07,45,77,dc,10,4e,\
c1,55,d4,b0,3d,7e,7a,1c,f8,ee,f9,7f,5d,d1,60,4c,66,be,7e,a1,8b,fc,ff,63,e4,\
46,2b,92,b2,29,ab,25,05,63,2f,74,5b,0f,6a,d4,a3,57,d5,db,fd,b5,5e,ba,29,f8,\
99,33,0c,71,a7,0d,a1,e1,d9,0c,ee,75,48,40,8a,e2,65,75,84,22,04,8f,be,77,a4,\
63,ce,0d,fe,b5,8b,ea,83,05,dd,2c,0d,ce,fe,83,d2,c0,a9,f1,03,33,ce,22,b1,45,\
67,67,a6,4f,39,b9,1b,85,1c,f7,41,19,9e,08,9a,c6,d9,e5,7e,1b,2d,53,44,7a,46,\
47,39,f0,24,8f,b4,6a,ed,b5,ee,30,16,5c,82,27,d4,3e,52,8b,2b,31,67,ca,a6,04,\
56,31,5d,d6,62,da,ed,3b,25,9c,43,1a,7b,6d,ff,b9,d6,07,5a,d1,ba,c0,dc,29,46,\
0c,5c,8e,d7,8a,c9,07,53,0e,a9,0a,09,cc,be,99,4b,6f,9d,ce,9c,ca,52,09,fe,27,\
95,8f,37,92,cb,f9,0a,c2,ce,84,b1,3d,83,c2,b9,ee,c5,25,ab,4f,89,2e,49,26,9b,\
0a,64,5f,ae,27,31,2d,df,cb,d8,05,3a,19,bf,af,b2,cd,83,02,4b,6b,c3,01,f5,bb,\
60,7e,b6,e4,08,d1,01,69,43,4d,45,73,fc,1f,84,a6,f6,91,53,d0,12,39,d9,b7,2d,\
ec,e0,e6,6f,e1,fd,75,ce,ff,80,59,bd,4f,e5,3c,6b,29,59,d6,75,3e,8c,05,c6,57,\
8b,90,51,ca,c4,ee,58,ad,d2,28,b6,27,31,93,cc,8e,c6,9a,e9,74,27,65,18,6f,0f,\
44,58,07,f8,12,34,c3,a4,80,97,d9,8f,d2,ab,2c,15,95,37,f1,b8,2b,e5,7d,9a,c6,\
5e,d9,45,9b,5d,b9,41,1a,93,9d,f3,d7,06,c5,03,89,41,5d,4c,f0,cf,0e,eb,8c,c0,\
d7,9a,91,59,1d,2a,f3,65,80,e1,f0,2d,0c,9e,14,b1,51,12,51,e2,54,ef,8f,eb,7e,\
cc,af,4b,0b,bc,09,76,1e,fb,7e,36,e1,2c,94,0f,03,1f,7e,2e,f8,e9,6a,b5,48,23,\
f2,f0,ec,3d,ca,66,52,b4,ed,59,d6,b6,d2,13,8a,21,4b,16,a0,84,fe,fe,a9,16,93,\
bc,1d,80,9a,9f,ce,34,ac,e3,b1,7c,a7,c6,32,3e,31,58,25,d7,f7,25,76,79,6a,ed,\
96,c1,d9,88,f7,a1,80,1b,13,a9,9a,fd,a7,60,95,96,e4,8c,62,a9,a0,42,cd,e0,c9,\
0d,57,1c,51,0d,53,04,31,a9,ed,71,8f,a0,69,0e,8c,e6,59,5a,8e,1d,32,5c,de,79,\
02,de,85,f2,d0,d5,3c,44,3d,89,ce,b0,11,66,ae,f0,c6,ed,1a,df,81,10,24,28,cc,\
3b,aa,53,65,13,c4,79,53,5e,3a,e7,e6,28,0a,ec,57,a7,67,10,8a,91,49,6c,93,6b,\
c8,17,d7,45,f6,e0,2c,31,e4,49,02,95,5a,64,1e,18,51,ef,d9,17,69,22,69,2f,9f,\
ad,fe,18,57,b1,c7,c6,18,26,ba,77,46,18,e4,a6,42,db,0c,58,6c,74,3c,b2,82,67,\
90,75,65,0c,29,5f,bf,8b,53,c7,c9,10,c7,1e,b0,2a,77,c5,44,b5,54,d0,49,53,c2,\
7c,0e,93,e9,cc,c4,20,e0,63,d2,ec,cb,06,c0,d5,ab,fd,23,c6,dd,f0,5d,6f,20,c0,\
c4,a3,f8,26,6f,3a,a3,cc,fa,b1,38,76,31,b9,14,cd,96,84,8d,f9,b6,80,00,b1,3a,\
ce,61,15,f9,9d,a8,be,8d,d8,71,5e,8d,b4,e0,71,f7,ba,a9,4f,7b,82,bd,8c,bd,b5,\
5d,19,7e,df,b4,9b,97,d2,f5,60,4e,48,11,b6,66,b2,82,a5,75,05,25,d7,e9,c9,2e,\
19,d7,28,08,43,9b,75,b2,f2,11,fb,18,72,16,b0,43,10,4f,6a,98,d2,5b,a3,cd,bf,\
63,73,8e,83,6d,32,f8,63,28,da,4f,d0,3e,0a,2a,16,62,50,01,d0,89,52,aa,ef,e9,\
73,52,91,8b,01,44,14,b9,43,c0,83,91,15,f3,4d,b5,19,32,59,2f,73,67,c6,26,2f,\
f3,a7,28,5b,e5,60,fd,50,8f,cb,13,df,d6,c4,4b,4b,1f,a2,93,19,9f,3d,36,db,c1,\
c1,23,8a,1c,50,b2,cb,ba,cd,bf,0e,d9,3a,f0,1b,aa,2c,4a,42,b6,e3,1a,4f,a3,96,\
3c,bb,91,fc,0e,c0,6e,13,e2,86,5e,34,f8,78,a5,d5,95,67,a9,3f,f9,97,a3,b0,10,\
c9,7f,2f,48,56,14,46,42,3c,7d,76,44,78,6c,4c,4c,f8,9a,32,16,a8,78,d9,5a,76,\
e7,fc,ff,d4,37,95,f9,e2,8d,16,00,2e,20,8f,14,3e,62,7e,87,54,18,14,24,f0,33,\
ac,dc,8d,28,87,59,a7,e4,b5,a1,0b,26,a3,0f,ac,32,6a,50,52,b3,a5,37,fb,c8,02,\
4f,f1,5d,ea,74,31,95,be,10,eb,94,f8,77,ad,5d,ac,6b,8c,52,07,a3,a7,66,ff,41,\
1c,f1,a4,ba,48,67,f8,59,9c,2b,8c,c8,d2,f5,9a,d1,b9,72,07,04,52,45,e2,f7,e6,\
f3,fd,f7,24,a2,a0,83,7e,c2,a2,ed,7d,b4,dc,08,2b,1e,a5,47,bc,bb,92,d6,35,af,\
88,c9,61,97,98,3f,91,ca,d0,c8,52,71,f0,f3,c2,0c,9a,bd,1e,8f,0b,e6,d2,54,47,\
cd,2a,80,99,98,4e,61,7b,c8,d2,6e,e5,62,f0,fe,6c,fc,98,b8,04,e3,80,39,ad,6f,\
8d,ce,97,6c,da,b2,5f,ed,6f,05,99,3f,9b,78,13,2c,a0,20,29,b4,f9,2a,ca,fe,49,\
03,eb,da,0d,64,ef,16,60,11,77,e3,6b,3f,b7,3a,20,f7,ba,2a,f0,a9,a1,48,0c,ee,\
42,ee,4c,0d,d1,8c,c9,60,53,53,ca,db,89,8e,d9,b0,bb,f0,d6,7a,46,eb,6c,ed,c7,\
05,cd,4a,46,9f,ea,78,07,67,b1,d8,ac,35,79,d2,7c,63,81,6c,9a,d7,80,6b,ba,f4,\
02,30,84,48,7e,c4,43,54,68,fa,75,64,5b,60,d1,67,d0,f9,12,0a,d4,d5,b4,0f,8a,\
4e,eb,43,44,67,be,07,bd,db,b0,98,2b,db,69,24,90,16,2d,ba,19,5a,d6,db,b4,14,\
87,34,60,ff,28,dc,35,11,be,a2,9c,b2,7a,ef,44,ae,0a,d8,e7,43,8a,cb,f7,94,e0,\
c8,da,f6,73,20,dd,1f,b5,03,b8,72,47,a3,06,9f,6b,89,0c,b2,67,bc,ce,96,2b,e7,\
7d,e3,b0,7f,bc,e6,76,2a,02,47,ec,d2,70,97,ca,4a,d2,2a,d4,ea,98,41,b0,d9,54,\
82,93,42,47,e4,07,e1,ac,5e,ee,30,1c,e6,3a,f1,81,06,0e,fc,d8,92,f2,b3,aa,52,\
7f,1e,95,ab,76,7d,a2,53,c2,b8,07,f5,ce,4c,27,58,58,15,93,3a,c5,fa,4f,19,8e,\
94,79,7b,25,3c,83,fa,ad,b1,77,00,a5,63,a8,1c,61,f6,10,ee,06,d1,5f,e7,e0,41,\
f6,7e,71,41,fe,76,11,41,f6,4e
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-06 2:13:33 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2009-01-06 10:13:30
ComboFix2.txt 2009-01-05 10:42:20

Pre-Run: 8,788,758,528 bytes free
Post-Run: 8,854,953,984 bytes free

324 --- E O F --- 2008-12-19 11:00:59
Posted 1/7/2009 7:59 AM
#70816
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks clean. How are things running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/7/2009 8:46 AM
#70823
User avatar

jon310 Valued member

Date Joined Nov 2016
Total Posts: 14
Better now. Thank you so much. =]
Posted 1/7/2009 9:10 AM
#70826
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
My pleasure :smile:



Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.







Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->

Uninstall ComboFix. Delete its related folders and files.

Reset your clock settings. Hide file extensions.

Hide the system/hidden files. And resets System Restore again.



I also suggest you read Tony Klein´s article :

So how did I get infected in the first place.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 10:10 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
18 Guest(s), 0 Registered Member(s) are currently online.