PDA

View Full Version : Vundo infection, help!


edhardt
2008-05-31, 10:01
Hello, i am young and not quite as experienced with being technical with computers.
I was infected with the Vundo virus and after searching this forum i found a link to Combofix.exe

I ran that and my computer restarted, and it seems fixed, but i am not sure!

Could you please help, or let me know if it is?

This is the log from Combofix:

------------------------------------------------------------------------

ComboFix 08-05-29.1 - Annette 2008-05-30 23:34:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT -7:00]
Running from: C:\Documents and Settings\Annette\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Edmund\Application Data\macromedia\Flash Player\#SharedObjects\YW6YY4QS\www.broadcaster.com
C:\Documents and Settings\Edmund\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Edmund\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1189095514.old
C:\Program Files\WinBudget\bin\crap.1191373531.old
C:\Program Files\WinBudget\bin\matrix.dll.1189095513.old
C:\WINDOWS\BMff3d6915.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aflnbigk.dll
C:\WINDOWS\system32\AIOoonpo.ini
C:\WINDOWS\system32\AIOoonpo.ini2
C:\WINDOWS\system32\CIknWvut.ini
C:\WINDOWS\system32\CIknWvut.ini2
C:\WINDOWS\system32\drjphulr.dll
C:\WINDOWS\system32\edfbtgfl.dll
C:\WINDOWS\system32\giafkmem.dll
C:\WINDOWS\system32\gvfxtarl.dll
C:\WINDOWS\system32\KRttBJjl.ini
C:\WINDOWS\system32\KRttBJjl.ini2
C:\WINDOWS\system32\lfgtbfde.ini
C:\WINDOWS\system32\lqfvejev.dll
C:\WINDOWS\system32\lratxfvg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnodoprf.ini
C:\WINDOWS\system32\omqxpqay.dll
C:\WINDOWS\system32\pWGikUtv.ini
C:\WINDOWS\system32\pWGikUtv.ini2
C:\WINDOWS\system32\sjobkvhx.dll
C:\WINDOWS\system32\tcolivpv.ini
C:\WINDOWS\system32\unxaxihe.ini
C:\WINDOWS\system32\uwmpuqjc.dll
C:\WINDOWS\system32\WHggOXyb.ini
C:\WINDOWS\system32\WHggOXyb.ini2
C:\WINDOWS\system32\wmlwbgsk.dll
C:\WINDOWS\system32\wnohngsy.dll
C:\WINDOWS\system32\yaqpxqmo.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-30 22:21 . 2008-05-30 22:21 <DIR> d-------- C:\VundoFix Backups
2008-05-29 18:53 . 2008-05-29 18:53 58,880 --a------ C:\WINDOWS\system32\wvUmlLfF.dll
2008-05-29 18:53 . 2008-05-29 18:53 58,880 --a------ C:\WINDOWS\system32\ddcBSKEv.dll
2008-05-29 18:52 . 2008-05-29 18:52 58,880 --a------ C:\WINDOWS\system32\cbXOeFYs.dll
2008-05-29 18:47 . 2008-05-29 18:47 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\Sony Setup
2008-05-29 18:47 . 2008-05-29 18:47 58,880 --a------ C:\WINDOWS\system32\tuvSjHAr.dll.vir
2008-05-26 13:40 . 2008-05-30 23:44 4,958,588 --a------ C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.BAK
2008-05-23 14:54 . 2008-05-23 14:54 <DIR> d-------- C:\WINDOWS\system32\INF
2008-05-23 14:54 . 2005-06-14 13:44 85,504 --a------ C:\WINDOWS\system32\MA_CMIDN.DLL
2008-05-23 14:54 . 2005-06-14 13:44 21,888 --a------ C:\WINDOWS\system32\drivers\MA_CMIDI.SYS
2008-05-23 14:54 . 2005-06-14 13:44 17,920 --a------ C:\WINDOWS\system32\MA_CMIDI.DLL
2008-05-23 14:54 . 2005-06-14 13:44 14,176 --a------ C:\WINDOWS\system32\MA_CMIDI.DRV
2008-05-23 14:54 . 2005-06-14 13:44 7,282 --a------ C:\WINDOWS\system32\MA_CMIDI.VXD
2008-05-23 14:09 . 2008-05-24 10:43 <DIR> d-------- C:\Program Files\M-Audio MA_CMIDI
2008-05-21 23:54 . 2008-05-21 23:54 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Skype
2008-05-21 23:41 . 2008-05-21 23:50 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\AVG7
2008-05-21 17:54 . 2008-05-21 17:54 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\tmp
2008-05-21 17:54 . 2008-05-21 17:54 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\Reallusion
2008-05-21 13:50 . 2008-05-21 13:50 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\BitTorrent
2008-05-21 13:00 . 2008-05-21 13:00 <DIR> d-------- C:\Program Files\Citrix
2008-05-21 12:57 . 2008-05-21 12:57 <DIR> d-------- C:\Program Files\Valco Data Systems
2008-05-21 12:57 . 2008-05-21 12:57 <DIR> d-------- C:\lva
2008-05-21 12:52 . 2008-05-21 13:46 <DIR> d-------- C:\Program Files\NetAccess SSL
2008-05-21 12:52 . 2008-05-21 12:52 <DIR> d-------- C:\Program Files\MEDITECH
2008-05-21 12:46 . 2008-05-21 13:12 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\AdobeUM
2008-05-21 12:44 . 2008-05-21 12:49 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\AVG7
2008-05-20 19:59 . 2008-05-20 19:59 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\FabFilter
2008-05-20 19:59 . 2008-05-20 19:59 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-05-20 19:59 . 2008-05-20 19:59 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-20 19:59 . 2008-05-20 19:59 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-20 19:59 . 2008-05-20 19:59 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-20 19:59 . 2008-05-29 19:57 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-05-20 19:59 . 2008-05-29 19:57 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-20 19:59 . 2008-05-29 19:57 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-05-20 19:59 . 2008-05-29 19:57 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-19 16:25 . 2008-05-19 16:25 <DIR> d-------- C:\Program Files\Disney
2008-05-15 15:48 . 2008-05-15 15:48 <DIR> d-------- C:\Program Files\u-he
2008-05-15 15:42 . 2006-09-14 01:21 2,240 --a------ C:\WINDOWS\LENDIG.sys
2008-05-15 15:34 . 2008-05-15 15:34 <DIR> d-------- C:\Program Files\iZotope
2008-05-15 15:34 . 2008-05-15 15:34 <DIR> d-------- C:\Program Files\Common Files\iZotope
2008-05-15 15:30 . 2008-05-15 15:32 <DIR> d-------- C:\Program Files\WWAYM
2008-05-15 15:25 . 2008-05-15 15:39 <DIR> d-------- C:\Program Files\LUXONIX
2008-05-15 15:22 . 2008-05-15 15:22 <DIR> d-------- C:\Program Files\KORG
2008-05-15 15:22 . 2008-05-15 15:22 <DIR> d-------- C:\Program Files\Common Files\KORG
2008-05-11 19:27 . 2008-05-11 19:27 <DIR> d-------- C:\Program Files\steinberg
2008-05-10 17:32 . 2008-05-11 18:19 <DIR> d-------- C:\Program Files\Common Files\Native Instruments
2008-05-08 18:16 . 2008-05-13 16:47 <DIR> d-------- C:\LimeWire
2008-05-08 18:10 . 2008-05-08 18:13 <DIR> d-------- C:\Program Files\EndItAll
2008-05-04 15:29 . 2008-05-04 15:29 900,015 --a------ C:\WINDOWS\system32\TmpA1723360640
2008-05-04 15:27 . 2008-05-04 15:27 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-05-04 15:27 . 2008-05-04 15:39 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-05-04 15:27 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-03 21:11 . 2008-05-03 21:14 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\Deckadance
2008-05-03 18:53 . 2008-05-03 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-29 17:37 . 2008-04-29 17:37 <DIR> d-------- C:\Program Files\M-Audio
2008-04-29 17:37 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-04-24 18:08 . 2008-04-24 18:08 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\Ableton
2008-04-24 18:08 . 2008-04-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-04-24 18:05 . 2008-04-24 18:05 <DIR> d-------- C:\Program Files\Ableton
2008-04-18 08:12 . 2008-04-18 08:12 151,552 --a------ C:\WINDOWS\system32\InaGrid.ocx
2008-04-18 08:12 . 2008-04-18 08:12 89,600 -ra------ C:\WINDOWS\system32\MSCAL.OCX
2008-04-18 08:12 . 2008-04-18 08:12 36,864 --a------ C:\WINDOWS\system32\InaCombo.ocx
2008-04-18 08:12 . 2008-04-18 08:12 32,768 --a------ C:\WINDOWS\system32\InaEdit.ocx
2008-04-18 08:12 . 2008-04-18 08:12 32,768 --a------ C:\WINDOWS\system32\InaCheck.ocx
2008-04-18 08:12 . 2008-04-18 08:12 405 --a------ C:\WINDOWS\system32\InaGrid.lic
2008-04-16 17:08 . 2008-04-16 17:08 <DIR> d-------- C:\Program Files\AnalogX
2008-04-12 12:49 . 2008-04-12 12:49 <DIR> d-------- C:\Program Files\AAS
2008-04-12 12:49 . 2008-04-12 12:49 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\Applied Acoustics Systems
2008-04-12 12:35 . 2008-04-12 12:35 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\NetMedia Providers
2008-04-12 12:31 . 2008-04-12 12:31 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-12 12:22 . 2008-04-12 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-04-12 12:19 . 2008-05-29 18:47 <DIR> d-------- C:\Program Files\Sony Setup
2008-04-12 00:50 . 2008-05-11 08:00 <DIR> d-------- C:\Documents and Settings\Annette\Application Data\AVG7
2008-04-11 16:24 . 2008-05-30 22:26 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-11 16:00 . 2008-04-11 16:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-11 16:00 . 2008-05-29 19:50 <DIR> d-------- C:\Documents and Settings\Edmund\Application Data\AVG7
2008-04-11 15:59 . 2008-04-11 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-11 15:59 . 2008-05-30 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-07 17:50 . 2008-05-15 15:27 <DIR> d-------- C:\Program Files\Native Instruments
2008-04-05 14:45 . 2002-07-07 15:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-05 14:43 . 2008-04-05 14:43 <DIR> d-------- C:\Program Files\Outsim
2008-04-05 14:41 . 2008-05-15 15:43 <DIR> d-------- C:\Program Files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 03:24 --------- d-----w C:\Documents and Settings\Edmund\Application Data\Publish Providers
2008-05-30 02:36 --------- d-----w C:\Program Files\Sony
2008-05-30 01:51 --------- d-----w C:\Documents and Settings\Edmund\Application Data\Sony
2008-05-27 06:37 --------- d-----w C:\Program Files\VCW VicMan's Photo Editor
2008-05-23 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 22:48 --------- d-----w C:\Program Files\Vstplugins
2008-05-13 23:47 --------- d-----w C:\Program Files\WarRock
2008-05-13 23:47 --------- d-----w C:\Program Files\ordrumbox
2008-05-13 01:33 --------- d-----w C:\Program Files\Last.fm
2008-05-11 00:34 --------- d-----w C:\Program Files\Opera
2008-05-09 01:16 --------- d-----w C:\Program Files\LimeWire
2008-04-26 02:34 --------- d-----w C:\Documents and Settings\Annette\Application Data\Skype
2008-04-26 02:32 --------- d-----w C:\Documents and Settings\Annette\Application Data\skypePM
2008-04-15 03:25 --------- d-----w C:\Program Files\Winamp
2008-04-12 21:06 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-12 17:36 --------- d-----w C:\Program Files\Symantec Client Security
2008-04-12 17:36 --------- d-----w C:\Program Files\Symantec
2008-04-12 17:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 20:42 --------- d-----w C:\Program Files\BitTorrent
2008-03-31 04:37 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2008-03-30 04:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-30 04:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-28 03:02 --------- d-----w C:\Program Files\Maxthon2
2008-03-28 03:01 --------- d-----w C:\Documents and Settings\Edmund\Application Data\MxBoost
2008-01-21 22:17 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-08-19 23:26 16,504,464 ----a-w C:\Program Files\jre-1_5_0_08-windows-i586-p.exe
2007-05-20 04:41 1,324,987 ----a-w C:\Program Files\CarViewer.zip
2007-03-02 01:02 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe
2007-02-19 22:11 4,762,918 ----a-w C:\Program Files\pspVideo9_Install.exe
2007-02-18 19:44 6,196,681 ----a-w C:\Program Files\BitTorrent-5.0.5.exe
2007-02-10 03:56 118,224,046 ----a-w C:\Program Files\MOHHServerSetupNA.exe
2008-02-08 04:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 04:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 04:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2006-06-16 04:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-26 02:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 22:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 21:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2008-02-08 04:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 04:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 04:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 04:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2005-02-02 20:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2007-03-17 00:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 00:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 00:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2006-04-11 02:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 19:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 19:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 19:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 19:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2007-07-20 19:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 04:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-01-21 22:24 75 --sh--r C:\WINDOWS\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 483,328 2004-12-14 10:12:02 C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe
----a-w 483,328 2006-01-13 03:52:32 C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

----a-w 67,112 2006-08-01 23:35:36 C:\Program Files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 23:35:36 C:\Program Files\AIM\aim.exe

----a-w 155,648 2006-01-13 00:40:44 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe

----a-w 53,408 2006-03-25 01:14:48 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 241,664 2003-12-22 16:38:42 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

----a-w 324 2008-04-12 07:47:44 C:\Program Files\HP\hpcoretech\bak\data\EvntData-543229842.xml

----a-w 49,263 2006-11-09 23:07:30 C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe

----a-w 282,624 2007-02-06 23:18:25 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\QTTask.exe

----a-w 124,656 2006-06-15 09:40:34 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe

----a-w 35,328 2006-06-21 17:14:50 C:\Program Files\Winamp\bak\winampa.exe

----a-w 15,360 2004-08-04 01:07:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 01:07:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BA7292A-0FD9-4AA1-84A2-6A812D9AACA4}]
C:\WINDOWS\system32\tuvWnkIC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 00:14 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 18:03 94208]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 15:01 155648]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 02:42 53341]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 13:01 5513216]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"V0410Mon.exe"="C:\WINDOWS\V0410Mon.exe" [2007-06-06 18:00 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 09:01 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-11 16:00 219136]

C:\Documents and Settings\Edmund\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-11-14 21:28:13 947544]

C:\Documents and Settings\Annette\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-16 16:14:02 106496]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-01 19:37:06 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-01-23 19:12:59 25214]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-28 18:53:52 0]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\LimeWire\\LimeWire.exe"=

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 18:07]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 18:57]
S3 dpartmgr;dpartmgr;C:\DOCUME~1\Edmund\LOCALS~1\Temp\dpartmgr.sys []
S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 13:44]
S3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;C:\WINDOWS\system32\DRIVERS\V0410Afx.sys [2007-06-10 18:01]
S3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;C:\WINDOWS\system32\DRIVERS\V0410Aud.sys [2007-02-14 03:14]
S3 V0410Dev;Creative Camera VF0410 Driver;C:\WINDOWS\system32\DRIVERS\V0410Dev.sys [2007-07-03 18:00]
S3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\V0410Vfx.sys [2006-12-04 22:37]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 00:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-28 19:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 07:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-28 16:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-28 17:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-28 18:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-30 19:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-30 20:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-30 21:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-30 22:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-30 23:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 00:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 01:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-28 08:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 02:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 03:00:03 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 04:00:01 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 05:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-31 06:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-30 09:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-26 10:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-20 11:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-20 12:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-20 13:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-20 14:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
"2008-05-20 15:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\kQEMxr2y.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 23:47:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-05-30 23:59:27 - machine was rebooted [Annette]
ComboFix-quarantined-files.txt 2008-05-31 06:59:25

Pre-Run: 186,639,589,376 bytes free
Post-Run: 187,571,957,760 bytes free

363



Thank you so very much in advance!!
Blade81
2008-05-31, 22:05
Hi

I think you missed both BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) and Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806) sticky. ;)


Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here. :)
Blade81
2008-06-06, 09:38
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.