Results 1 to 10 of 102

Thread: Please Help! Virtumonde, MalwareAlarm (SecCenter), etc.

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #11
    Member
    Join Date
    Dec 2007
    Posts
    62

    Default

    ComboFix 07-12-21.4 - **** 2007-12-26 10:50:24.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.106 [GMT -5:00]Running from: C:\Documents and Settings\****\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\pprqr.ini
    C:\WINDOWS\system32\pprqr.ini2
    C:\WINDOWS\system32\rqrpp.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
    .

    2007-12-26 11:14 . 2007-12-26 11:14 388,608 --a------ C:\WINDOWS\system32\cmd .exe
    2007-12-24 20:56 . 2007-12-26 11:13 335,360 --a------ C:\WINDOWS\system32\rqrpp.exe
    2007-12-24 20:34 . 2007-12-26 11:06 331,776 --------- C:\WINDOWS\system32\rqrpp.dll
    2007-12-23 12:53 . 2007-12-23 12:53 <DIR> d-------- C:\WINDOWS\ppqvmpqr
    2007-12-22 23:11 . 2007-12-22 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-12-21 23:45 . 2007-12-21 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-21 23:44 . 2007-12-21 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-20 21:53 . 2007-12-20 21:54 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-12-20 18:40 . 2007-12-20 21:46 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
    2007-12-20 18:24 . 2007-12-20 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
    2007-12-20 18:19 . 2007-12-20 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-20 18:16 . 2007-12-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
    2007-12-20 18:14 . 2007-12-20 18:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
    2007-12-20 18:13 . 2004-11-15 22:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
    2007-12-20 18:13 . 2004-11-16 00:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2007-12-20 18:13 . 2001-04-04 04:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
    2007-12-20 18:13 . 2004-11-16 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-12-20 18:13 . 2004-11-15 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
    2007-12-20 18:13 . 2004-11-16 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
    2007-12-20 18:13 . 2004-11-16 00:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
    2007-12-20 18:13 . 2005-04-23 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
    2007-12-19 20:48 . 2007-12-19 20:48 <DIR> d-------- C:\WINDOWS\system32\njprckha
    2007-12-19 19:45 . 2007-12-22 23:04 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-19 19:43 . 2007-12-24 20:45 94,208 --a------ C:\WINDOWS\MXOALDR .EXE
    2007-12-19 19:42 . 2007-12-24 20:44 94,208 --a------ C:\WINDOWS\SM1BG .EXE
    2007-12-19 19:41 . 2007-12-22 14:00 339,968 --a------ C:\WINDOWS\system32\hphmon04 .exe
    2007-12-19 19:39 . 2007-12-22 13:58 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
    2007-12-19 19:39 . 2007-12-22 13:57 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
    2007-12-17 20:10 . 2007-12-17 21:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-17 20:10 . 2007-12-17 20:10 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\Program Files\Retrospect
    2007-12-06 17:28 . 2007-12-26 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RetroExp
    2007-12-06 17:24 . 2007-12-06 17:24 <DIR> d-------- C:\Program Files\Maxtor
    2007-12-05 22:06 . 2007-12-05 22:06 <DIR> d-------- C:\Program Files\2BrightSparks
    2007-12-02 16:53 . 2007-12-09 13:42 <DIR> d-------- C:\Program Files\F2atv_Forums

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-26 16:13 430,592 ----a-w C:\WINDOWS\SM1BG.EXE
    2007-12-26 16:13 430,592 ----a-w C:\WINDOWS\MXOALDR.EXE
    2007-12-26 16:13 --------- d-----w C:\Program Files\QuickTime
    2007-12-26 16:12 --------- d-----w C:\Program Files\Notebook Maximizer
    2007-12-26 16:12 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-12-26 16:12 --------- d-----w C:\Program Files\ltmoh
    2007-12-26 16:12 --------- d-----w C:\Program Files\BitTorrent_DNA
    2007-12-23 04:50 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent DNA
    2007-12-22 19:15 --------- d-----w C:\Program Files\Trend Micro
    2007-12-20 23:41 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-12-19 13:53 --------- d-----w C:\Program Files\eMule
    2007-12-19 03:47 --------- d-----w C:\Documents and Settings\****\Application Data\BitTorrent
    2007-12-06 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-23 04:32 --------- d-----w C:\Program Files\VideoLAN
    2007-11-18 20:14 --------- d-----w C:\Program Files\iNav
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 19:21 --------- d-----w C:\Program Files\PdaNet for Windows Mobile
    2007-11-07 22:15 --------- d-----w C:\Program Files\DAEMON Tools
    2007-11-07 22:07 --------- d-----w C:\Program Files\PeerGuardian2
    2007-11-07 22:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-11-07 14:02 --------- d-----w C:\Program Files\BitTorrent
    2007-11-07 13:47 --------- d-----w C:\Program Files\eDonkey2000
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-07-02 20:41 630,784 ----a-w C:\Documents and Settings\****\GoToAssist_chat2way__317_en.exe
    2006-07-26 23:53 557,056 ----a-w C:\Documents and Settings\****\chatlnk.exe
    2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE8297E5-2CA0-46EF-BD44-6EFDDA4A96E2}]
    2007-12-26 11:06 331776 --------- C:\WINDOWS\system32\rqrpp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-26 11:12]
    "OfotoNow USB Detection"="C:\WINDOWS\system32\RunDLL32.exe" [2004-08-04 07:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm .exe" [2007-12-26 11:21]
    "SpriteService"="" []
    "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna .exe" [2007-12-26 11:25]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-26 11:12]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-26 11:12]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2007-12-26 11:12]
    "NDSTray.exe"="NDSTray.exe" []
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-12-26 11:12]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 17:37 C:\WINDOWS\agrsmmsg.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-12-26 11:12]
    "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2007-12-26 11:12]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2007-12-26 11:12]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" [2007-12-26 11:19]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
    "TFncKy"="TFncKy.exe" []
    "TPSMain"="TPSMain.exe" [2004-08-27 12:34 C:\WINDOWS\system32\TPSMain.exe]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" []
    "Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2007-12-26 11:12]
    "Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2007-12-26 11:12]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" []
    "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" []
    "pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe" [2007-12-26 11:13]
    "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2007-12-26 11:13]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-12-26 11:13]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-12-26 11:13]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-12-26 11:13]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-12-26 11:13]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-12-26 11:13]
    "MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" []
    "MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2007-12-26 11:13]
    "RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe" [2007-12-26 11:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-26 11:21]

    C:\Documents and Settings\..............................................................................................................................................................................................................................................\Start Menu\Programs\Startup\
    Anapod Manager.lnk - C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [2006-12-05 01:15:34]
    PdaNet Desktop.lnk - C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe [2007-11-12 14:21:09]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-12-07 22:02:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2006-01-27 05:12 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\rqrpp.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqrpp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
    2002-05-24 07:47 49152 --a------ C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    2005-03-09 19:10 11776 --a------ C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware14]
    2005-10-04 18:09 57344 --a------ C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2005-03-08 21:13 1695744 --a------ C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
    2007-08-23 07:24 8793064 --a------ C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkFlowTray]
    2005-10-04 18:10 155757 --a------ C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de021171-b460-11d9-bb13-000e35f2ff28}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a2970d-d3f7-11da-bba5-000e35f2ff28}]
    \Shell\AutoRun\command - setupSNK.exe

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-26 11:17:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\pprqr.ini 493 bytes
    C:\WINDOWS\system32\pprqr.ini2 493 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    Completion time: 2007-12-26 11:33:33 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-24 20:42
    C:\ComboFix3.txt ... 2007-12-24 01:34
    .
    2007-12-21 14:19:06 --- E O F ---
    Last edited by Shaba; 2008-04-23 at 20:01.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •