Virtumund Help Plz [Archive] - Safer-Networking Forums

metalman32060

2008-12-24, 20:04

Nasty little virus isn't it, see I'm not the only one.Have posted a HJT and Combofix file> Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:40 PM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {558c22ef-1fa5-42ca-8bce-e3343c4e9cd3} - C:\WINDOWS\system32\tilideze.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [gatukekafi] Rundll32.exe "C:\WINDOWS\system32\kegosipi.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169776067890
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88650482-3892-11D5-8997-00104BD12D94} - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{973820C8-22DA-4354-A777-20493F016719}: NameServer = 192.168.254.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\jojekuya.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 4875 bytes

ComboFix 08-12-23.01 - ME 2008-12-24 12:54:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1603 [GMT -5:00]
Running from: c:\documents and settings\ME\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-07 02:37 . 2008-12-07 02:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-12-07 00:51 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-12-07 00:51 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-12-07 00:51 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-12-07 00:51 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-12-07 00:51 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-12-07 00:51 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2008-12-07 00:51 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 01:12 --------- d-----w c:\documents and settings\ME\Application Data\Vso
2008-12-22 21:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-17 03:57 --------- d-----w c:\program files\World of Warcraft
2008-12-07 22:00 --------- d-----w c:\documents and settings\ME\Application Data\Autodesk
2008-12-07 22:00 --------- d-----w c:\documents and settings\ME\Application Data\Apple Computer
2008-12-07 22:00 --------- d-----w c:\documents and settings\ME\Application Data\Ahead
2008-12-07 22:00 --------- d-----w c:\documents and settings\ME\Application Data\Acreon
2008-12-07 06:13 --------- d-----w c:\program files\dvdSanta
2008-12-07 05:52 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-12-07 05:52 47,360 ----a-w c:\documents and settings\ME\Application Data\pcouffin.sys
2008-12-07 05:51 --------- d-----w c:\program files\vso
2008-12-05 21:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-04 00:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-16 21:34 --------- d-----w c:\program files\Ventrilo
2008-11-16 21:34 --------- d-----w c:\documents and settings\ME\Application Data\Ventrilo
2008-11-16 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 01:43 --------- d-----w c:\documents and settings\ME\Application Data\Sony
2008-11-12 01:41 --------- d-----w c:\documents and settings\ME\Application Data\Publish Providers
2008-11-12 01:41 --------- d-----w c:\documents and settings\ME\Application Data\NetMedia Providers
2008-11-12 01:38 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-12 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-11-12 01:36 --------- d-----w c:\program files\Vstplugins
2008-11-12 01:36 --------- d-----w c:\program files\Sony
2008-11-12 01:35 --------- d-----w c:\program files\Sony Setup
2008-11-09 18:21 --------- d-----w c:\documents and settings\ME\Application Data\Winamp
2008-11-08 20:41 --------- d-----w c:\documents and settings\ME\Application Data\Media Player Classic
2008-11-07 19:06 30 ----a-w c:\documents and settings\ME\jagex_runescape_preferences.dat
2008-10-30 21:24 --------- d-----w c:\documents and settings\ME\Application Data\Malwarebytes
2008-10-30 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-30 11:24 --------- d-----w c:\program files\BitTorrent
2008-10-29 16:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-26 04:16 --------- d-----w c:\program files\Curse
2008-10-26 04:14 --------- d-----w c:\documents and settings\ME\Application Data\DNA
2008-10-26 04:13 --------- d-----w c:\program files\Bonjour
2007-10-28 14:28 232 ----a-w c:\documents and settings\ME\Application Data\wklnhst.dat
2007-07-08 14:53 774,144 ----a-w c:\program files\RngInterstitial.dll
2007-02-08 03:02 81,920 ----a-w c:\documents and settings\ME\Application Data\ezpinst.exe
2007-07-31 21:05 88 --sh--r c:\windows\system32\27BAD68207.sys
2008-09-22 12:00 63,700 --sha-w c:\windows\system32\kemolihi.dll
2007-12-17 02:17 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-18 08:00 64,141 --sha-w c:\windows\system32\kikuvupi.dll
2008-09-20 10:00 63,584 --sha-w c:\windows\system32\mafahipe.dll
2008-09-18 08:00 64,141 --sha-w c:\windows\system32\sodiguso.dll
2008-09-20 10:00 63,584 --sha-w c:\windows\system32\vihateto.dll
2008-09-22 12:00 63,700 --sha-w c:\windows\system32\zudorava.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{558c22ef-1fa5-42ca-8bce-e3343c4e9cd3}]
2008-09-24 09:00 62212 --ahs---- c:\windows\system32\tilideze.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"gatukekafi"="c:\windows\system32\kegosipi.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\jojekuya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windstream Broadband Check-up Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windstream Broadband Check-up Center.lnk
backup=c:\windows\pss\Windstream Broadband Check-up Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ME^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\ME\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 00:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-06-26 18:50 212992 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-19 12:26 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-19 12:26 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a------ 2002-12-03 17:06 45056 c:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-11-13 07:18 24576 c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-function Keyboard]
--a------ 2001-08-28 11:13 98361 c:\windows\GWHotKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-19 12:26 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Intel\\NCS\\Sync\\NetSvc.exe"=
"c:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-13 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-13 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-03-31 14336]
R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2008-09-13 15840]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\Multi Password Recovery\mpr_freader.sys []
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2007-08-16 99200]
S3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [2007-07-23 176640]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ed12426-da0b-11dc-af48-000cf1e30132}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc808dc1-ad8a-11db-8838-000cf1e30132}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1169856290.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {973820C8-22DA-4354-A777-20493F016719} = 192.168.254.254

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\PCPitstop.dll - c:\windows\Downloaded Program Files\DiskFAU.dll
c:\windows\system32\sysres.dll
c:\windows\system32\pcpbios.exe
O16 -: {88650482-3892-11D5-8997-00104BD12D94}
hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
c:\windows\Downloaded Program Files\PCPitstop.inf
FF - ProfilePath - c:\documents and settings\ME\Application Data\Mozilla\Firefox\Profiles\9zt9nbnl.default\
FF - prefs.js: browser.search.selectedEngine - FireSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.20813.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 12:57:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wwSecure.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-24 13:00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-24 18:00:44
ComboFix2.txt 2007-10-27 22:46:18

Pre-Run: 135,228,248,064 bytes free
Post-Run: 135,213,285,376 bytes free

216 --- E O F --- 2008-07-08 07:03:13

pskelley

2008-12-29, 13:59

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

http://forums.spybot.info/showthread.php?t=20965 <<< see this

ComboFix is not a general purpose cleaning tool, please do not use this tool without supervision.

Do NOT run 'FIXES' before helpers have analyzed the HJT log
http://forums.spybot.info/showthread.php?t=16806

I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.

If you still need help, and you have read and followed the directions, post a new HJT log since it has been five days, and I will take a look. Please describe any symptoms and post any error messages you receive word for word.

Thanks

pskelley

2009-01-04, 13:30

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.