Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde infection

Started by brothaz , Jun 16 2008 09:23 AM

  • Please log in to reply

#1
brothaz
Posted 16 June 2008 - 09:23 AM

brothaz

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I believe i have been infected the virtumonde infection. I am running Windows XP with SP2 and have McAfee as my anti-virus, which has yet to detect an issue. Yesterday I noticed that I was getting a ridiculous amount of pop-ups and my computer was running incredibly slow. So I ran Spybot and it discovered that I have 2 registry and 1 *.dll file with virtumonde. However, everytime I try to fix it using Spybot, when I run it again at start up, it finds it again. I tried Vundofix (which doesn't even find an error) and VirtumundoBegone (which seemed like it was doing the right thing because it turned blue and restarted), but neither seems to be doing the job. Any help would be appreciated. Thanks


************
ComboFix 08-06-15.4 - Matthew Brothers 2008-06-16 12:37:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1059 [GMT -4:00]
Running from: C:\Documents and Settings\Matthew Brothers\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM2f61eae3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abqcmspp.dll
C:\WINDOWS\system32\atnhsjxc.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\geBqQKee.dll
C:\WINDOWS\system32\hkUtwyay.ini
C:\WINDOWS\system32\hkUtwyay.ini2
C:\WINDOWS\system32\jenhqoba.dll
C:\WINDOWS\system32\khfEVPFu.dll
C:\WINDOWS\system32\lcxhwsas.ini
C:\WINDOWS\system32\luhrmsmv.dll
C:\WINDOWS\system32\mlJYpPHb.dll
C:\WINDOWS\system32\stwuwkct.ini
C:\WINDOWS\system32\SvxbIRqr.ini
C:\WINDOWS\system32\SvxbIRqr.ini2
C:\WINDOWS\system32\tckwuwts.dll
C:\WINDOWS\system32\tikmnbsx.dll
C:\WINDOWS\system32\usidxftr.dll
C:\WINDOWS\system32\vkawvbeg.dll
C:\WINDOWS\system32\vmsmrhul.ini
C:\WINDOWS\system32\xcykkfwy.dll
C:\WINDOWS\system32\xsbnmkit.ini
C:\WINDOWS\system32\xxyvwWoN.dll
C:\WINDOWS\system32\YGNVCcdd.ini
C:\WINDOWS\system32\YGNVCcdd.ini2

----- BITS: Possible infected sites -----

hxxp://h30155.www3.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 11:01 . 2008-06-16 11:01 <DIR> d-------- C:\WINDOWS\Sun
2008-06-16 11:01 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 11:00 . 2008-06-16 11:01 <DIR> d-------- C:\Program Files\Java
2008-06-16 11:00 . 2008-06-16 11:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-16 10:20 . 2008-06-16 10:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-16 10:03 . 2008-06-16 10:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 09:00 . 2008-06-16 09:00 <DIR> d-------- C:\VundoFix Backups
2008-06-15 22:17 . 2008-06-15 22:17 164 --a------ C:\install.dat
2008-06-15 19:37 . 2008-06-16 10:53 385 --a------ C:\WINDOWS\wininit.ini
2008-06-15 19:05 . 2008-06-15 19:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-14 19:45 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-14 19:30 . 2008-06-14 19:30 <DIR> dr-h----- C:\MSOCache
2008-06-14 18:45 . 2008-06-14 18:45 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-14 18:29 . 2008-06-14 18:43 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-14 18:27 . 2008-06-16 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-14 16:46 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-14 16:46 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-14 16:38 . 2008-06-15 19:21 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\browser - logitech
2008-06-14 16:35 . 2008-06-14 16:35 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\InstallShield
2008-06-14 16:34 . 2008-06-14 16:34 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-06-14 16:30 . 2008-06-14 16:36 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Logitech
2008-06-14 16:29 . 2008-06-14 16:29 <DIR> d-------- C:\Program Files\Logitech
2008-06-14 16:29 . 2008-06-14 16:35 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Shared
2008-06-14 12:30 . 2008-06-14 12:30 <DIR> d-------- C:\Program Files\IEForge
2008-06-14 10:20 . 2008-06-14 10:20 24,576 --a------ C:\WINDOWS\system32\hgGxVNfe.dll.vir
2008-06-13 22:54 . 2008-06-13 22:54 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\Nero
2008-06-13 22:51 . 2008-06-13 22:51 <DIR> d-------- C:\Program Files\Nero
2008-06-13 22:51 . 2008-06-13 22:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-13 22:51 . 2008-06-13 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-13 22:35 . 2008-06-13 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 22:34 . 2008-06-15 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 22:32 . 2008-06-13 22:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-13 22:24 . 2008-06-13 22:24 <DIR> d-------- C:\Program Files\Foxit Software
2008-06-13 22:23 . 2008-05-30 13:22 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-06-13 22:23 . 2008-05-30 13:22 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-06-13 22:22 . 2008-06-13 22:23 <DIR> d-------- C:\Program Files\DivX
2008-06-13 21:04 . 2008-06-13 21:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-13 10:31 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-13 10:31 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-13 10:31 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-13 10:31 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-13 10:31 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-13 10:31 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-13 10:31 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-13 10:31 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-13 10:31 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-13 09:55 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-13 09:55 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-13 09:50 . 2008-06-13 09:50 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-13 03:05 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:05 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 03:00 . 2008-06-13 21:14 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-13 03:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 18:06 . 2008-06-12 18:07 <DIR> d-------- C:\Program Files\Winamp
2008-06-12 18:06 . 2008-06-13 22:32 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\Winamp
2008-06-12 18:06 . 2008-05-30 13:22 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-06-12 18:04 . 2008-06-12 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-06-12 17:55 . 2008-06-12 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-06-12 17:55 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-06-12 17:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-12 17:54 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-12 17:53 . 2008-06-12 17:53 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\HPAppData
2008-06-12 17:53 . 2008-06-12 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-12 17:52 . 2008-06-12 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-06-12 17:52 . 2008-06-12 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-12 17:51 . 2008-06-12 17:51 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-12 17:51 . 2008-06-12 17:51 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-12 17:51 . 2008-06-12 17:51 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-12 17:50 . 2008-06-12 17:53 <DIR> d-------- C:\Program Files\HP
2008-06-12 17:48 . 2008-06-12 17:57 139,697 --a------ C:\WINDOWS\hpoins15.dat
2008-06-12 17:48 . 2007-09-21 08:46 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-06-12 16:59 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-12 16:51 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-12 16:51 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-12 16:38 . 2008-06-12 16:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 16:35 . 2008-06-12 16:35 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-06-12 15:52 . 2008-06-16 12:42 9,612 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-12 15:51 . 2008-06-15 20:45 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-06-12 15:51 . 2008-06-14 13:32 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\SiteAdvisor
2008-06-12 15:51 . 2008-06-12 15:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-06-12 15:51 . 2008-06-12 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-12 15:50 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-06-12 15:49 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-06-12 15:48 . 2008-06-12 15:48 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-12 15:48 . 2008-06-16 09:33 <DIR> d-------- C:\Program Files\McAfee
2008-06-12 15:48 . 2008-06-12 16:17 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-12 15:48 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-12 15:48 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-06-12 15:48 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-12 15:48 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-06-12 15:48 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-12 15:41 . 2008-06-12 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 15:31 . 2008-06-12 15:31 <DIR> d-------- C:\Program Files\iPod
2008-06-12 15:31 . 2008-06-13 09:20 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\Apple Computer
2008-06-12 15:30 . 2008-06-12 15:30 <DIR> d-------- C:\Program Files\QuickTime
2008-06-12 15:30 . 2008-06-12 15:31 <DIR> d-------- C:\Program Files\iTunes
2008-06-12 15:30 . 2008-06-12 15:30 <DIR> d-------- C:\Program Files\Bonjour
2008-06-12 15:30 . 2008-06-12 15:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-12 15:30 . 2008-06-12 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 15:29 . 2008-06-14 16:34 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-12 15:29 . 2008-06-12 15:29 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-12 15:29 . 2008-06-12 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-12 15:27 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-12 15:27 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-12 15:26 . 2008-06-12 15:27 <DIR> d-------- C:\Program Files\Picasa2
2008-06-12 15:26 . 2008-06-12 15:26 <DIR> d-------- C:\Program Files\Google
2008-06-12 15:20 . 2008-06-14 19:18 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\BitTorrent
2008-06-12 15:19 . 2008-06-12 15:19 <DIR> d-------- C:\Program Files\DNA
2008-06-12 15:19 . 2008-06-12 15:19 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-12 15:19 . 2008-06-16 12:39 <DIR> d-------- C:\Documents and Settings\Matthew Brothers\Application Data\DNA
2008-06-12 15:14 . 2008-06-12 15:14 <DIR> d-------- C:\Program Files\ATI Technologies
2008-06-12 15:09 . 2008-06-12 15:09 <DIR> d-------- C:\Program Files\IBM
2008-06-12 15:09 . 2008-06-12 17:00 <DIR> d-------- C:\icons
2008-06-12 15:09 . 2008-06-12 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IBM
2008-06-12 15:09 . 2004-05-05 01:13 7,012 --------- C:\WINDOWS\system32\drivers\PMEMNT.SYS
2008-06-12 15:06 . 2008-06-12 15:06 <DIR> d-------- C:\Program Files\Synaptics
2008-06-12 15:06 . 2007-12-05 16:11 177,664 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-06-12 15:06 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-06-12 15:06 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-06-12 15:06 . 2007-12-05 17:10 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll
2008-06-12 15:06 . 2007-12-05 16:12 73,728 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-06-12 15:06 . 2007-12-05 16:14 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-06-12 15:02 . 2008-06-12 15:02 <DIR> d-------- C:\Program Files\Digital Line Detect
2008-06-12 14:59 . 2008-06-12 14:59 <DIR> d-------- C:\Program Files\NetWaiting
2008-06-12 14:58 . 2008-06-12 14:58 <DIR> d-------- C:\Program Files\CONEXANT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 16:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DCA501C-6417-4777-9307-4589893E3C21}]
C:\WINDOWS\system32\ddcCVNGY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4}]
C:\WINDOWS\system32\yaywtUkh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D75531C7-3C68-4E26-8FF8-844DF69452B1}]
C:\WINDOWS\system32\rqRIbxvS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-12 15:19 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 16:28 868352]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 01:38 20480]
"BMMMONWND"="rundll32.exe" [2004-08-04 08:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BLOG"="rundll32.exe" [2004-08-04 08:00 33280 C:\WINDOWS\system32\rundll32.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-14 18:57 425984]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-14 18:53 126976]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-06-21 19:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-06-12 15:02:33 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2008-03-14 18:54 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2008-01-21 20:34]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2008-01-21 20:34]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 01:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 19:30:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-12 21:03:37 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2008-06-15 06:23:02 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-12 19:48:32 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:41:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-16 12:44:18 - machine was rebooted [Matthew Brothers]
ComboFix-quarantined-files.txt 2008-06-16 16:44:15

Pre-Run: 15,262,752,768 bytes free
Post-Run: 16,755,892,224 bytes free

309 --- E O F --- 2008-06-14 01:15:05




********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:14 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
D:\Documents and Settings\Matthew Brothers\My Documents\My Downloads\VundoFix.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {3DCA501C-6417-4777-9307-4589893E3C21} - C:\WINDOWS\system32\ddcCVNGY.dll (file missing)
O2 - BHO: (no name) - {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} - (no file)
O2 - BHO: (no name) - {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} - C:\WINDOWS\system32\yaywtUkh.dll (file missing)
O2 - BHO: (no name) - {D75531C7-3C68-4E26-8FF8-844DF69452B1} - C:\WINDOWS\system32\rqRIbxvS.dll (file missing)
O2 - BHO: {1e59ca6a-5534-9d1a-4964-f32e670451ae} - {ea154076-e23f-4694-a1d9-4355a6ac95e1} - C:\WINDOWS\system32\xcykkfwy.dll
O2 - BHO: (no name) - {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} - (no file)
O2 - BHO: (no name) - {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} - C:\WINDOWS\system32\hgGxVNfe.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ACTray] "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM2f61eae3] Rundll32.exe "C:\WINDOWS\system32\vkawvbeg.dll",s
O4 - HKLM\..\Run: [2c52d97f] rundll32.exe "C:\WINDOWS\system32\tckwuwts.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8384] command /c del "C:\WINDOWS\system32\yaywtUkh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3497] cmd /c del "C:\WINDOWS\system32\yaywtUkh.dll_old"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.c...pport/acpir.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: hgGxVNfe - C:\WINDOWS\SYSTEM32\hgGxVNfe.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11312 bytes


*************************


[06/16/2008, 10:22:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matthew Brothers\Desktop\VirtumundoBeGone.exe" )
[06/16/2008, 10:22:15] - Detected System Information:
[06/16/2008, 10:22:15] - Windows Version: 5.1.2600, Service Pack 2
[06/16/2008, 10:22:15] - Current Username: Administrator (Admin)
[06/16/2008, 10:22:15] - Windows is in SAFE mode with Networking.
[06/16/2008, 10:22:15] - Searching for Browser Helper Objects:
[06/16/2008, 10:22:15] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/16/2008, 10:22:15] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[06/16/2008, 10:22:15] - BHO 3: {3DCA501C-6417-4777-9307-4589893E3C21} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\ddcCVNGY
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\ddcCVNGY, continuing.
[06/16/2008, 10:22:15] - BHO 4: {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - No filename found. Continuing.
[06/16/2008, 10:22:15] - BHO 5: {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\yaywtUkh
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\yaywtUkh, continuing.
[06/16/2008, 10:22:15] - BHO 6: {D75531C7-3C68-4E26-8FF8-844DF69452B1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\rqRIbxvS
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\rqRIbxvS, continuing.
[06/16/2008, 10:22:15] - BHO 7: {ea154076-e23f-4694-a1d9-4355a6ac95e1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\xcykkfwy
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\xcykkfwy, continuing.
[06/16/2008, 10:22:15] - BHO 8: {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - No filename found. Continuing.
[06/16/2008, 10:22:15] - BHO 9: {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\hgGxVNfe
[06/16/2008, 10:22:15] - Found: HKLM\...\Winlogon\Notify\hgGxVNfe - This is probably Virtumundo.
[06/16/2008, 10:22:15] - Assigning {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} MSEvents Object
[06/16/2008, 10:22:15] - BHO list has been changed! Starting over...
[06/16/2008, 10:22:15] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/16/2008, 10:22:15] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[06/16/2008, 10:22:15] - BHO 3: {3DCA501C-6417-4777-9307-4589893E3C21} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\ddcCVNGY
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\ddcCVNGY, continuing.
[06/16/2008, 10:22:15] - BHO 4: {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - No filename found. Continuing.
[06/16/2008, 10:22:15] - BHO 5: {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\yaywtUkh
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\yaywtUkh, continuing.
[06/16/2008, 10:22:15] - BHO 6: {D75531C7-3C68-4E26-8FF8-844DF69452B1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\rqRIbxvS
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\rqRIbxvS, continuing.
[06/16/2008, 10:22:15] - BHO 7: {ea154076-e23f-4694-a1d9-4355a6ac95e1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - Checking for HKLM\...\Winlogon\Notify\xcykkfwy
[06/16/2008, 10:22:15] - Key not found: HKLM\...\Winlogon\Notify\xcykkfwy, continuing.
[06/16/2008, 10:22:15] - BHO 8: {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] - No filename found. Continuing.
[06/16/2008, 10:22:15] - BHO 9: {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} (MSEvents Object)
[06/16/2008, 10:22:15] - ALERT: Found MSEvents Object!
[06/16/2008, 10:22:15] - Finished Searching Browser Helper Objects
[06/16/2008, 10:22:15] - *** Detected MSEvents Object
[06/16/2008, 10:22:15] - Trying to remove MSEvents Object...
[06/16/2008, 10:22:16] - Terminating Process: IEXPLORE.EXE
[06/16/2008, 10:22:17] - Terminating Process: RUNDLL32.EXE
[06/16/2008, 10:22:17] - Disabling Automatic Shell Restart
[06/16/2008, 10:22:17] - Terminating Process: EXPLORER.EXE
[06/16/2008, 10:22:17] - Suspending the NT Session Manager System Service
[06/16/2008, 10:22:17] - Terminating Windows NT Logon/Logoff Manager
[06/16/2008, 10:22:17] - Re-enabling Automatic Shell Restart
[06/16/2008, 10:22:17] - File to disable: C:\WINDOWS\system32\hgGxVNfe.dll
[06/16/2008, 10:22:17] - Renaming C:\WINDOWS\system32\hgGxVNfe.dll -> C:\WINDOWS\system32\hgGxVNfe.dll.vir
[06/16/2008, 10:22:17] - File successfully renamed!
[06/16/2008, 10:22:17] - Removing HKLM\...\Browser Helper Objects\{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}
[06/16/2008, 10:22:17] - Removing HKCR\CLSID\{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}
[06/16/2008, 10:22:17] - Adding Kill Bit for ActiveX for GUID: {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}
[06/16/2008, 10:22:17] - Deleting ATLEvents/MSEvents Registry entries
[06/16/2008, 10:22:17] - Removing HKLM\...\Winlogon\Notify\hgGxVNfe
[06/16/2008, 10:22:17] - Searching for Browser Helper Objects:
[06/16/2008, 10:22:17] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/16/2008, 10:22:17] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[06/16/2008, 10:22:17] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[06/16/2008, 10:22:17] - BHO 3: {3DCA501C-6417-4777-9307-4589893E3C21} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - Checking for HKLM\...\Winlogon\Notify\ddcCVNGY
[06/16/2008, 10:22:17] - Key not found: HKLM\...\Winlogon\Notify\ddcCVNGY, continuing.
[06/16/2008, 10:22:17] - BHO 4: {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - No filename found. Continuing.
[06/16/2008, 10:22:17] - BHO 5: {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - Checking for HKLM\...\Winlogon\Notify\yaywtUkh
[06/16/2008, 10:22:17] - Key not found: HKLM\...\Winlogon\Notify\yaywtUkh, continuing.
[06/16/2008, 10:22:17] - BHO 6: {D75531C7-3C68-4E26-8FF8-844DF69452B1} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - Checking for HKLM\...\Winlogon\Notify\rqRIbxvS
[06/16/2008, 10:22:17] - Key not found: HKLM\...\Winlogon\Notify\rqRIbxvS, continuing.
[06/16/2008, 10:22:17] - BHO 7: {ea154076-e23f-4694-a1d9-4355a6ac95e1} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - Checking for HKLM\...\Winlogon\Notify\xcykkfwy
[06/16/2008, 10:22:17] - Key not found: HKLM\...\Winlogon\Notify\xcykkfwy, continuing.
[06/16/2008, 10:22:17] - BHO 8: {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] - No filename found. Continuing.
[06/16/2008, 10:22:17] - Finished Searching Browser Helper Objects
[06/16/2008, 10:22:17] - Finishing up...
[06/16/2008, 10:22:17] - A restart is needed.
[06/16/2008, 10:22:28] - Attempting to Restart via STOP error (Blue Screen!)

Attached Files


Edited by brothaz, 16 June 2008 - 10:52 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP