Virtumonder Trouble >[ [Archive] - Safer-Networking Forums

View Full Version : Virtumonder Trouble >[

lukasxfreak

2007-08-21, 21:56

Mkay well, I have gotten the nasty virus called
Virtumonde and am having troubles getting rid of
it. Spybot S&D will remove every component except
the on titled Libray- C:\WINDOWS\System32\inetprf.dll
I went in to delete it manually and says I cannot for
it is being used by other programs. Help please.
((ps this is on a laptop))

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:20 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis1991.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {118D7C86-C6A3-44E7-94F7-C252ACA74E39} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - (no file)
O2 - BHO: (no name) - {6594345D-D5C5-4E8A-A89F-4DFA95B667B8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\vtuvwuv.dll
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: (no name) - {CD36E57D-B22B-4829-B4A5-40291947501C} - (no file)
O4 - HKLM\..\Run: [Microsoft MDM] C:\WINDOWS\system32\arcac.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\SMBOLS~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Keith\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll (file missing)
O20 - Winlogon Notify: inetprf - C:\WINDOWS\SYSTEM32\inetprf.dll
O20 - Winlogon Notify: vtuvwuv - C:\WINDOWS\SYSTEM32\vtuvwuv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Version1 - {F9F7F00C-BCEE-4334-B4E3-7A05AE7D0999} - libweb.dll (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

lukasxfreak

2007-08-22, 01:54

I renamed Hijackthis to scanner.exe here is the
log file..someone help?
Logfile of HijackThis v1.99.1
Scan saved at 6:52:40 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Keith\My Documents\Downloads\hijackthis\scaner.exe.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {118D7C86-C6A3-44E7-94F7-C252ACA74E39} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - (no file)
O2 - BHO: (no name) - {6594345D-D5C5-4E8A-A89F-4DFA95B667B8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\vtuvwuv.dll (file missing)
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: (no name) - {CD36E57D-B22B-4829-B4A5-40291947501C} - (no file)
O4 - HKLM\..\Run: [Microsoft MDM] C:\WINDOWS\system32\arcac.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC848] cmd /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA596] command /c del "C:\WINDOWS\system32\pmnnn.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1707] cmd /c del "C:\WINDOWS\system32\pmnnn.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7509] command /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2524] cmd /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1625] command /c del "C:\WINDOWS\system32\pmnnn.dll_tobedeleted_old_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1473] cmd /c del "C:\WINDOWS\system32\pmnnn.dll_tobedeleted_old_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6388] command /c del "C:\WINDOWS\system32\pmnnn.dll_tobedeleted_old_tobedeleted_old_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6] cmd /c del "C:\WINDOWS\system32\pmnnn.dll_tobedeleted_old_tobedeleted_old_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6734] command /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3330] cmd /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7663] command /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9985] cmd /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2388] command /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2728] cmd /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\SMBOLS~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2838] command /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7969] cmd /c del "C:\WINDOWS\system32\inetprf.dll_tobedeleted"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Keith\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll (file missing)
O20 - Winlogon Notify: inetprf - C:\WINDOWS\SYSTEM32\inetprf.dll
O20 - Winlogon Notify: vtuvwuv - vtuvwuv.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Version1 - {F9F7F00C-BCEE-4334-B4E3-7A05AE7D0999} - libweb.dll (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

lukasxfreak

2007-08-22, 06:24

ComboFix 07-08-17.2 - "Keith" 2007-08-21 23:18:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.249 [GMT -5:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\command.pif

((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))

2007-08-21 19:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-21 19:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-21 17:03 6,473 --ahs---- C:\WINDOWS\system32\oqstv.bak1
2007-08-21 16:13 127,488 --a------ C:\nbraak.exe
2007-08-21 15:14 6,513 --ahs---- C:\WINDOWS\system32\nnnmp.bak1
2007-08-21 13:39 15,360 --a------ C:\WINDOWS\system32\drvhicr.dll
2007-08-21 13:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-21 02:13 <DIR> d-------- C:\VundoFix Backups
2007-08-21 00:23 6,473 --ahs---- C:\WINDOWS\system32\ijjlm.bak1
2007-08-20 23:56 15,360 --a------ C:\WINDOWS\system32\drvdotr.dll
2007-08-20 23:03 1,176,771 --a------ C:\WINDOWS\system32\dn3c2c8445.dat
2007-08-20 22:35 15,360 --a------ C:\WINDOWS\system32\drvgagr.dll
2007-08-20 20:57 83,623 --a------ C:\WINDOWS\jkjjgf.dll
2007-08-20 20:45 83,623 --a------ C:\WINDOWS\iiffca.dll
2007-08-20 20:45 80,003 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\tmpD.tmp.exe
2007-08-20 20:45 76,393 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\tmpC.tmp.exe
2007-08-20 20:42 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-08-20 20:39 <DIR> d-------- C:\WINDOWS\system32\New Folder
2007-08-20 20:23 <DIR> d-------- C:\backups
2007-08-17 22:12 83,623 --a------ C:\WINDOWS\fccaxw.dll
2007-08-17 20:27 94,651 --------- C:\WINDOWS\system32\inetprf.dll
2007-08-17 20:27 83,623 --a------ C:\WINDOWS\iifcca.dll
2007-08-17 20:26 120,905 --a------ C:\WINDOWS\system32\pmkjk.exe
2007-08-17 20:15 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-17 20:14 420,352 --a------ C:\WINDOWS\system32\AClient.dll
2007-08-17 20:14 <DIR> d--hs---- C:\WINDOWS\R2VuZQ
2007-08-17 20:14 <DIR> d-------- C:\WINDOWS\system32\ICM3
2007-08-17 20:14 <DIR> d-------- C:\WINDOWS\system32\CC1
2007-08-17 20:14 <DIR> d-------- C:\WINDOWS\system32\bgfig5
2007-08-17 20:14 <DIR> d-------- C:\Temp
2007-08-16 16:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-16 16:23 <DIR> d-------- C:\DOCUME~1\Keith\APPLIC~1\MSNInstaller
2007-08-16 15:54 25,900 --a------ C:\WINDOWS\system32\libweb.dll
2007-08-05 22:08 <DIR> d-------- C:\Program Files\AOL Games
2007-08-05 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
2007-07-23 23:32 <DIR> d-------- C:\Program Files\Silkroad

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-21 13:56 --------- d-------- C:\Program Files\Windows NT
2007-08-21 13:56 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-21 01:09 --------- d-------- C:\Program Files\DivX
2007-08-17 20:13 111 --a------ C:\WINDOWS\system32\drivers\fee
2007-08-16 03:13 --------- d-------- C:\DOCUME~1\Keith\APPLIC~1\IMVU
2007-08-05 21:41 --------- d-------- C:\Program Files\MySpace
2007-07-29 14:52 --------- d-------- C:\Program Files\MessengerDiscovery
2007-07-25 15:17 --------- d-------- C:\Program Files\IMVU
2007-07-23 15:28 --------- d-------- C:\DOCUME~1\Keith\APPLIC~1\uTorrent
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 14:50 --------- d-------- C:\Program Files\Neffy
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 14:37 --------- d-------- C:\Program Files\Real
2007-07-12 14:31 --------- d-------- C:\Program Files\Common Files\Real
2007-07-12 14:31 --------- d-------- C:\DOCUME~1\Keith\APPLIC~1\Real
2007-06-28 17:26 --------- d-------- C:\Program Files\BearShare Applications
2007-06-28 02:54 --------- d-------- C:\Program Files\Soulseek
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-27 00:07 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\R2VuZQ\lZpRtk.vbs
2006-07-07 01:43:52 56 --sh--r C:\WINDOWS\system32\4192B2FFC9.sys
2006-11-01 00:03:49 56 --sh--r C:\WINDOWS\system32\4D64641AAF.sys
2006-06-20 02:51:37 88 -csh--r C:\WINDOWS\system32\C9FFB29241.sys
2006-11-01 00:03:50 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{118D7C86-C6A3-44E7-94F7-C252ACA74E39}]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44218730-94E0-4b24-BBF0-C3D8B2BCE2C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6594345D-D5C5-4E8A-A89F-4DFA95B667B8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DC13F33-719B-46C9-A590-6FA097E0570F}]
C:\WINDOWS\system32\vtuvwuv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-08-20 20:45 420352 --a------ C:\WINDOWS\system32\AClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD36E57D-B22B-4829-B4A5-40291947501C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft MDM"="C:\WINDOWS\system32\arcac.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"="C:\WINDOWS\SMBOLS~1\winspool.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"Uaol"="C:\PROGRA~1\SKS~1\dllhost.exe" -vt yazb
"Iesmum"="C:\Program Files\Common Files\?ystem32\j?vaw.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-12 20:42:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8DC13F33-719B-46C9-A590-6FA097E0570F}"= C:\WINDOWS\system32\vtuvwuv.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Version1"= {F9F7F00C-BCEE-4334-B4E3-7A05AE7D0999} - libweb.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccy]
C:\WINDOWS\system32\ddccy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inetprf]
inetprf.dll 2007-08-17 20:27 94651 C:\WINDOWS\system32\inetprf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvwuv]
vtuvwuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d5a9d8e-01c2-11dc-878d-0015c5b41135}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

Contents of the 'Scheduled Tasks' folder
2007-08-21 21:05:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-03 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (SAKPES-Gene).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 23:22:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-21 23:23:08
C:\ComboFix-quarantined-files.txt ... 2007-08-21 23:23
C:\ComboFix2.txt ... 2007-08-21 14:03

--- E O F ---

lukasxfreak

2007-08-22, 22:01

Well I dont have time to wait. I have to get this
done soon and I have someone else helping now.
Thank you anyways. I'll come back if I ever need
help agin.:bigthumb: