Virtumonde! [Archive] - Safer-Networking Forums

View Full Version : Virtumonde!

DCashdollar

2008-06-26, 05:32

Been on the computer for a week. Can't search google, yahoo, or go to gmail. Annoying bug.

--------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:31 PM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {190B6B3A-2F15-4D91-B44D-914A2104BF35} - C:\WINDOWS\system32\ssqNHxvv.dll (file missing)
O2 - BHO: (no name) - {280EE6F9-E414-4D35-8FEF-8180BB5AC916} - C:\WINDOWS\system32\opnmJYPf.dll (file missing)
O2 - BHO: {9413dd69-94f5-9f5a-6f04-1f0ed8d29214} - {41292d8d-e0f1-40f6-a5f9-5f4996dd3149} - C:\WINDOWS\system32\cpnggnyl.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {70E739FC-5630-420F-B59C-70AA0A04A5BF} - C:\WINDOWS\system32\khfDvsRH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8B4F7874-6EBA-421F-AD13-04955D7851C3} - C:\WINDOWS\system32\vtUnomll.dll (file missing)
O2 - BHO: (no name) - {8DE4268D-964A-409F-AF1A-E18496E523B6} - C:\WINDOWS\system32\jkkJyAQJ.dll (file missing)
O2 - BHO: (no name) - {BB3ADF99-56C4-4BAA-BB25-2D6802843762} - C:\WINDOWS\system32\cbXRIbyW.dll (file missing)
O2 - BHO: (no name) - {D3B2F912-663E-41C5-B46A-B44B72A43073} - C:\WINDOWS\system32\tuvSmlJa.dll (file missing)
O2 - BHO: (no name) - {F53EFBAE-DF43-4885-A6AE-CAC877954839} - C:\WINDOWS\system32\fccbAPgF.dll (file missing)
O2 - BHO: (no name) - {F83D34E5-64B7-4023-A67B-263B818040EB} - C:\WINDOWS\system32\tuvWqNDV.dll (file missing)
O2 - BHO: (no name) - {F9EFB05B-D493-48C0-9447-303CC593F41D} - C:\WINDOWS\system32\vtUlKEWP.dll (file missing)
O2 - BHO: (no name) - {FC0825F5-D1C0-4BDA-8C96-273F04E4EE13} - C:\WINDOWS\system32\cbXRKBsT.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [a473a7a5] rundll32.exe "C:\WINDOWS\system32\xsusdwwj.dll",b
O4 - HKLM\..\Run: [BMa7409439] Rundll32.exe "C:\WINDOWS\system32\tnhorauq.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/raptisoftgameloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209854439593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209854431406
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: huqkflbp.dll lvcjqvbu.dll
O20 - Winlogon Notify: opnmJYPf - opnmJYPf.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 7944 bytes

DCashdollar

2008-06-26, 07:10

ComboFix

-------------------------------

ComboFix 08-06-20.4 - Owner 2008-06-26 1:04:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1612 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa7409439.xml
C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BMa7409439.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aJlmSvut.ini
C:\WINDOWS\system32\aJlmSvut.ini2
C:\WINDOWS\system32\amxxkteg.ini
C:\WINDOWS\system32\bebpxqpx.ini
C:\WINDOWS\system32\dcyopsos.ini
C:\WINDOWS\system32\fauafiou.ini
C:\WINDOWS\system32\FgPAbccf.ini
C:\WINDOWS\system32\FgPAbccf.ini2
C:\WINDOWS\system32\HRsvDfhk.ini
C:\WINDOWS\system32\HRsvDfhk.ini2
C:\WINDOWS\system32\JQAyJkkj.ini
C:\WINDOWS\system32\JQAyJkkj.ini2
C:\WINDOWS\system32\jwwdsusx.ini
C:\WINDOWS\system32\llmonUtv.ini
C:\WINDOWS\system32\llmonUtv.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\olwdvnkf.ini
C:\WINDOWS\system32\oucxggqt.ini
C:\WINDOWS\system32\ouwkvqtp.ini
C:\WINDOWS\system32\psqpeicm.ini
C:\WINDOWS\system32\PWEKlUtv.ini
C:\WINDOWS\system32\PWEKlUtv.ini2
C:\WINDOWS\system32\qewxtfva.ini
C:\WINDOWS\system32\TsBKRXbc.ini
C:\WINDOWS\system32\TsBKRXbc.ini2
C:\WINDOWS\system32\twsavskn.ini
C:\WINDOWS\system32\VDNqWvut.ini
C:\WINDOWS\system32\VDNqWvut.ini2
C:\WINDOWS\system32\vvxHNqss.ini
C:\WINDOWS\system32\vvxHNqss.ini2
C:\WINDOWS\system32\WybIRXbc.ini
C:\WINDOWS\system32\WybIRXbc.ini2
C:\WINDOWS\system32\xwbgddds.ini
C:\WINDOWS\system32\ydusftsn.ini
C:\WINDOWS\system32\ykldpvwy.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 23:31 . 2008-06-25 23:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-25 23:15 . 2008-06-25 23:15 <DIR> d-------- C:\Program Files\COMODO
2008-06-25 23:15 . 2008-06-25 23:15 <DIR> d-------- C:\Program Files\AskSBar
2008-06-25 23:15 . 2008-06-25 23:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2008-06-25 23:15 . 2008-06-25 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-25 23:15 . 2008-06-25 23:15 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-06-25 23:15 . 2008-06-25 23:15 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-06-25 23:15 . 2008-06-25 23:15 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-25 23:15 . 2008-06-25 23:15 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-25 22:53 . 2008-06-25 22:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 09:48 . 2008-06-25 09:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-25 09:48 . 2008-06-25 09:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-25 09:48 . 2008-06-25 09:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-25 09:48 . 2008-06-25 09:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-25 09:46 . 2008-06-25 09:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-25 09:41 . 2008-06-25 09:41 <DIR> d-------- C:\WINDOWS\EHome
2008-06-25 09:25 . 2008-04-13 20:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-06-25 08:28 . 2008-06-25 08:28 91,136 --a------ C:\WINDOWS\system32\tnhorauq.dll
2008-06-24 21:36 . 2008-06-24 21:36 99,840 --a------ C:\WINDOWS\system32\cpnggnyl.dll
2008-06-24 21:33 . 2008-06-24 21:33 81,920 --a------ C:\WINDOWS\system32\xsusdwwj.dll
2008-06-24 21:30 . 2008-06-24 21:30 91,136 --a------ C:\WINDOWS\system32\yhbokkeg.dll
2008-06-24 14:38 . 2008-06-24 14:38 99,840 --a------ C:\WINDOWS\system32\pxpthvgd.dll
2008-06-24 14:32 . 2008-06-24 14:32 91,136 --a------ C:\WINDOWS\system32\bxkinmbe.dll
2008-06-24 11:21 . 2008-06-24 11:21 105,472 --a------ C:\WINDOWS\system32\lvcjqvbu.dll
2008-06-24 11:19 . 2008-06-24 11:19 91,136 --a------ C:\WINDOWS\system32\ymgoacvj.dll
2008-06-24 01:34 . 2004-08-04 15:00 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2008-06-24 01:34 . 2004-08-04 15:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-06-24 01:33 . 2008-04-13 20:11 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2008-06-24 01:26 . 2008-06-24 01:27 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-23 11:07 . 2008-06-23 11:07 81,408 --a------ C:\WINDOWS\system32\tqggxcuo.dll
2008-06-23 11:06 . 2008-06-23 11:06 105,984 --a------ C:\WINDOWS\system32\huqkflbp.dll
2008-06-23 11:04 . 2008-06-23 11:04 91,136 --a------ C:\WINDOWS\system32\yhrwhwki.dll
2008-06-23 10:00 . 2008-06-23 10:00 99,328 --a------ C:\WINDOWS\system32\epaowvgq.dll
2008-06-23 09:54 . 2008-06-23 09:54 91,136 --a------ C:\WINDOWS\system32\ojfovtms.dll
2008-06-21 15:19 . 2008-06-21 15:19 0 --a------ C:\WINDOWS\iplayer.INI
2008-06-21 15:16 . 2008-06-21 15:17 <DIR> d-------- C:\Program Files\InterActual
2008-06-21 15:15 . 2008-06-21 15:15 99,328 --a------ C:\WINDOWS\system32\jvanvpnm.dll
2008-06-21 15:13 . 2008-06-21 15:13 90,112 --a------ C:\WINDOWS\system32\pbdidakl.dll
2008-06-19 22:08 . 2008-06-19 22:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-19 21:44 . 2008-06-19 21:44 79,360 --a------ C:\WINDOWS\system32\uoifauaf.dll
2008-06-17 23:38 . 2008-06-17 23:39 <DIR> d-------- C:\Program Files\BitLord
2008-06-17 23:01 . 2008-06-17 23:01 2 --a------ C:\WINDOWS\msoffice.ini
2008-06-16 13:25 . 2008-06-16 13:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-06-16 13:25 . 2008-06-16 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-16 13:24 . 2008-06-16 13:24 <DIR> dr-hs---- C:\_Backup.RC
2008-06-16 13:24 . 2008-06-21 16:46 <DIR> d--h----- C:\_Backup
2008-06-16 13:21 . 2008-06-16 13:21 <DIR> d-------- C:\Program Files\Avanquest
2008-06-16 13:21 . 2008-06-16 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avanquest
2008-06-15 20:17 . 2008-06-25 08:24 963 --a------ C:\WINDOWS\wininit.ini
2008-06-15 19:49 . 2008-06-15 19:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-15 19:49 . 2008-06-15 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 17:00 . 2008-06-15 17:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 17:00 . 2008-06-15 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 16:59 . 2008-06-25 23:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 04:36 . 2008-06-15 04:36 <DIR> d-------- C:\Program Files\Base
2008-06-14 00:38 . 2008-06-14 00:38 <DIR> d-------- C:\Program Files\Ultra Utility
2008-06-12 04:12 . 2008-06-12 04:20 318 --a------ C:\WINDOWS\WPE PRO.INI
2008-06-12 00:01 . 2008-06-12 00:01 <DIR> d-------- C:\Program Files\LucasArts
2008-06-11 23:58 . 2008-06-11 23:58 <DIR> d-------- C:\Program Files\MagicDisc
2008-06-11 23:58 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-06-11 23:54 . 2008-06-11 23:54 <DIR> d-------- C:\Program Files\MagicISO
2008-06-11 02:51 . 2008-06-13 07:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 02:51 . 2008-06-13 07:05 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 02:51 . 2008-05-08 10:02 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 05:18 . 2004-03-09 16:45 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-10 04:06 . 2008-06-10 04:09 <DIR> d-------- C:\WINDOWS\.file_store_32
2008-06-10 03:50 . 2008-06-10 03:51 <DIR> d-------- C:\WINDOWS\.mpr_file_store_32
2008-06-10 03:38 . 2008-06-18 01:14 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-06-10 03:28 . 2008-06-10 03:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-09 17:40 . 2008-06-09 17:40 <DIR> d-------- C:\WINDOWS\Logs
2008-06-09 17:40 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-09 17:40 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-09 17:40 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-09 17:40 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-09 17:40 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-09 17:40 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-09 17:40 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-07 18:53 . 2008-06-07 18:53 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-07 18:53 . 2008-06-07 18:53 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-06-07 16:26 . 2008-06-07 16:23 9,101,520 --a------ C:\Azureus_3.0.5.2b_windows.exe
2008-06-07 16:25 . 2008-06-11 23:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-06-07 16:25 . 2008-06-07 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-04 16:08 . 2008-06-06 13:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-02 18:36 . 2008-06-02 18:56 <DIR> d-------- C:\WINDOWS\.uncutweb_store_u2_32
2008-06-01 18:34 . 2008-06-01 19:17 <DIR> d-------- C:\WINDOWS\.uncutweb_store_u1_32
2008-06-01 16:45 . 2008-06-17 23:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-06-01 13:36 . 2008-06-17 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-01 13:35 . 2008-06-17 23:03 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-30 21:13 . 2008-05-30 21:15 <DIR> d-------- C:\WINDOWS\.uncutweb_files_32
2008-05-30 10:05 . 2008-05-30 10:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Raptisoft
2008-05-26 16:05 . 2008-05-26 16:06 <DIR> d-------- C:\WINDOWS\.uncutweb_file_store_32
2008-05-26 15:54 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 21:24 2,484 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-23 05:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-23 04:46 --------- d-----w C:\Program Files\mIRC
2008-06-18 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 03:11 --------- d-----w C:\Program Files\BigFix
2008-06-18 03:02 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-18 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-16 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-14 15:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-12 23:31 --------- d-----w C:\Program Files\Rio
2008-06-12 23:31 --------- d-----w C:\Program Files\QuickTime
2008-06-05 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-26 19:54 --------- d-----w C:\Program Files\Java
2008-05-25 19:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 16:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\SecondLife
2008-05-25 06:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ontrack
2008-05-24 22:53 --------- d-----w C:\Program Files\Sierra On-Line
2008-05-17 01:45 --------- d-----w C:\Program Files\PT Software
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 06:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-11 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-05-05 03:41 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-05 00:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template
2008-05-04 14:47 --------- d-----w C:\Program Files\iTunes
2008-05-04 14:47 --------- d-----w C:\Program Files\iPod
2008-05-04 14:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-04 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-04 14:45 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-04 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-04 04:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Watchtower
2008-05-04 04:46 --------- d-----w C:\Program Files\Watchtower
2008-05-04 04:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\.myibay
2008-05-04 04:23 --------- d-----w C:\Program Files\myibay
2008-05-04 03:13 --------- d-----w C:\Program Files\S3
2008-05-04 03:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 03:05 --------- d-----w C:\Program Files\VIA
2008-05-04 02:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-05-04 02:31 --------- d-----w C:\Program Files\Picasa2
2008-05-04 02:30 --------- d-----w C:\Program Files\Google
2008-05-04 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\SampleView
2008-05-04 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-04 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-04 01:06 --------- d-----w C:\Program Files\Digital Media Reader
2008-05-03 16:05 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2008-05-03 15:58 --------- d-----w C:\Program Files\Microsoft Works
2008-05-03 15:55 --------- d-----w C:\Program Files\Ahead
2008-05-03 15:54 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-05-03 15:54 --------- d-----w C:\Program Files\Viewpoint
2008-05-03 15:54 --------- d-----w C:\Program Files\Learn2.com
2008-05-03 15:54 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-03 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-03 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-05-03 15:52 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-03 15:52 --------- d-----w C:\Program Files\Real
2008-05-03 15:52 --------- d-----w C:\Program Files\Common Files\Real
2008-05-03 15:52 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-05-03 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-03 15:49 --------- d-----w C:\Program Files\Microsoft Money
2008-05-03 15:48 --------- d-----w C:\Program Files\Realtek
2008-05-03 15:48 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-05-03 15:47 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-05-03 15:47 --------- d-----w C:\Program Files\Common Files\Java
2008-05-03 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-05-03 15:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{190B6B3A-2F15-4D91-B44D-914A2104BF35}]
C:\WINDOWS\system32\ssqNHxvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41292d8d-e0f1-40f6-a5f9-5f4996dd3149}]
2008-06-24 21:36 99840 --a------ C:\WINDOWS\system32\cpnggnyl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70E739FC-5630-420F-B59C-70AA0A04A5BF}]
C:\WINDOWS\system32\khfDvsRH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B4F7874-6EBA-421F-AD13-04955D7851C3}]
C:\WINDOWS\system32\vtUnomll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DE4268D-964A-409F-AF1A-E18496E523B6}]
C:\WINDOWS\system32\jkkJyAQJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB3ADF99-56C4-4BAA-BB25-2D6802843762}]
C:\WINDOWS\system32\cbXRIbyW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3B2F912-663E-41C5-B46A-B44B72A43073}]
C:\WINDOWS\system32\tuvSmlJa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53EFBAE-DF43-4885-A6AE-CAC877954839}]
C:\WINDOWS\system32\fccbAPgF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F83D34E5-64B7-4023-A67B-263B818040EB}]
C:\WINDOWS\system32\tuvWqNDV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9EFB05B-D493-48C0-9447-303CC593F41D}]
C:\WINDOWS\system32\vtUlKEWP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC0825F5-D1C0-4BDA-8C96-273F04E4EE13}]
C:\WINDOWS\system32\cbXRKBsT.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a473a7a5"="C:\WINDOWS\system32\xsusdwwj.dll" [2008-06-24 21:33 81920]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-06-25 23:15 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-25 23:15 1655552]
"BMa7409439"="C:\WINDOWS\system32\tnhorauq.dll" [2008-06-25 08:28 91136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-06-11 23:58:04 547840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmJYPf]
opnmJYPf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=huqkflbp.dll lvcjqvbu.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"C:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe"=
"C:\\Sierra\\Homeworld\\homeworld.exe"=
"C:\\Program Files\\Java\\j2re1.4.2\\bin\\java.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\JediAcademy.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jasp.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 23:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 23:39]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-25 23:15]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-25 23:15]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys []
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2003-07-02 13:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 03:31:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 01:07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 1:08:23
ComboFix-quarantined-files.txt 2008-06-26 05:08:19

Pre-Run: 132,444,516,352 bytes free
Post-Run: 132,440,535,040 bytes free

348 --- E O F --- 2008-06-25 14:01:06

DCashdollar

2008-06-26, 07:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:05 AM, on 6/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: {9413dd69-94f5-9f5a-6f04-1f0ed8d29214} - {41292d8d-e0f1-40f6-a5f9-5f4996dd3149} - C:\WINDOWS\system32\cpnggnyl.dll
O4 - HKLM\..\Run: [a473a7a5] rundll32.exe "C:\WINDOWS\system32\xsusdwwj.dll",b
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [BMa7409439] Rundll32.exe "C:\WINDOWS\system32\tnhorauq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/raptisoftgameloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209854439593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209854431406
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} - http://install.anark.com/client/version1/windows-ie/en/AMClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: huqkflbp.dll lvcjqvbu.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: opnmJYPf - opnmJYPf.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6222 bytes

DCashdollar

2008-06-26, 09:00

Seemed to be fixed. I went ahead and followed what mods said in other users posts. I did a Spybot search and didn't find Virtumonde! But, when windows defender searched it still found the Vundo Trojan. Any help would be appreciated. This is one pesky little bug and I can't seem to squash it!

DCashdollar

2008-06-26, 17:54

Avast isn't finding it anymore but is there anyway it might still be on my computer?

tashi

2008-07-04, 07:36

Hello.

Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

Only the one HJT log is requested before someone responds.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'fixes' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )

For people waiting who have not resolved their problem, we have a sticky topic:
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

Regards. :)