Results 1 to 2 of 2

Thread: Virtuemonde!

  1. 2009-01-04, 00:33 #1
    sk8rrevolt
    sk8rrevolt is offline
    Junior Member
    Join Date
    Jan 2009
    Posts
    3

    Default Virtuemonde!

    ComboFix 09-01-02.01 - Sal 2009-01-03 14:21:46.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.873 [GMT -8:00]
    Running from: c:\documents and settings\Sal\Desktop\Secret Folder\Software Repairs\ComboFix.exe
    AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Sal\Application Data\gadcom
    c:\documents and settings\Sal\Application Data\gadcom\gadcom.exe_old
    c:\documents and settings\Sal\Application Data\SpeedRunner
    c:\documents and settings\Sal\Local Settings\Temporary Internet Files\fbk.sts
    c:\windows\system32\asrquhaf.dll_old
    c:\windows\system32\coohjksk.dll
    c:\windows\system32\QAdMUvut.ini
    c:\windows\system32\QAdMUvut.ini2
    c:\windows\system32\tuvUMdAQ.dll
    c:\windows\system32\vtUmNFxU.dll
    c:\windows\system32\wpv441229907443.cpx
    c:\windows\system32\zebaeo.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
    .

    2009-01-03 14:21 . 2008-01-19 20:12 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys
    2009-01-03 14:20 . 2008-01-19 19:40 15,088 --a------ c:\windows\system32\drivers\vproeventmonitor.sys
    2009-01-03 14:18 . 2009-01-03 14:18 <DIR> d-------- c:\program files\Norton Ghost
    2009-01-03 14:05 . 2009-01-03 14:05 26 --a------ c:\windows\ExplorerXP.INI
    2008-12-29 22:06 . 2009-01-03 13:58 <DIR> d-------- c:\program files\Windows Live Safety Center
    2008-12-29 21:17 . 2008-12-29 21:21 <DIR> d-------- c:\program files\ExplorerXP
    2008-12-29 21:07 . 2008-12-29 22:00 <DIR> d-------- c:\program files\Enigma Software Group
    2008-12-28 22:50 . 2008-12-28 22:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Webroot
    2008-12-28 22:49 . 2008-12-28 22:49 <DIR> d--h----- c:\windows\PIF
    2008-12-28 22:47 . 2008-12-28 23:27 <DIR> d-------- c:\documents and settings\Sal\Application Data\Lavasoft
    2008-12-28 14:43 . 2009-01-03 14:01 766 --a------ c:\windows\wininit.ini
    2008-12-15 16:07 . 2008-12-25 13:11 <DIR> d-------- c:\program files\Incomplete
    2008-12-14 15:43 . 2008-12-14 15:43 <DIR> d-------- c:\documents and settings\Majed\Application Data\InterVideo
    2008-12-07 23:47 . 2008-12-07 23:47 <DIR> d-------- c:\documents and settings\Sal\System
    2008-12-07 23:47 . 2008-12-08 00:13 <DIR> d-------- c:\documents and settings\Sal\Application Data\SmartDraw
    2008-12-07 23:42 . 2008-12-07 23:47 <DIR> d-------- c:\program files\SmartDraw 2009

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-03 22:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-03 22:33 --------- d-----w c:\program files\Steam
    2009-01-03 22:33 --------- d-----w c:\documents and settings\Sal\Application Data\AVG7
    2009-01-03 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2009-01-03 22:09 --------- d-----w c:\documents and settings\Sal\Application Data\mIRC
    2009-01-03 22:08 --------- d-----w c:\program files\mIRC
    2009-01-02 22:45 --------- d-----w c:\program files\PokerStars
    2009-01-02 21:57 --------- d-----w c:\documents and settings\Majed\Application Data\AVG7
    2008-12-30 05:02 --------- d-----w c:\documents and settings\Sal\Application Data\U3
    2008-12-29 07:58 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-12-29 07:38 --------- d-----w c:\program files\Spyware Doctor
    2008-12-29 06:10 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-25 03:14 --------- d-----w c:\program files\LimeWire
    2008-12-25 01:33 --------- d-----w c:\documents and settings\Sal\Application Data\LimeWire
    2008-12-11 06:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-01 22:52 --------- d-----w c:\program files\HP
    2008-11-20 00:22 202,648 ----a-w c:\windows\system32\PnkBstrB.exe
    2008-11-20 00:22 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-19 23:50 --------- d-----w c:\program files\Microsoft SQL Server
    2008-11-19 19:39 --------- d-----w c:\program files\ASUS WiFi-AP Solo
    2008-11-19 19:21 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-19 19:06 --------- d-----w c:\documents and settings\Sal\Application Data\InterVideo
    2008-11-19 19:03 --------- d-----w c:\program files\InterVideo
    2008-11-19 18:57 --------- d-----w c:\documents and settings\Sal\Application Data\Roxio
    2008-11-19 18:34 --------- d-----w c:\documents and settings\Sal\Application Data\vlc
    2008-11-19 05:08 --------- d-----w c:\documents and settings\Sal\Application Data\Symantec
    2008-11-18 19:35 --------- d-----w c:\program files\microsoft frontpage
    2008-11-17 22:00 --------- d-----w c:\documents and settings\Sal\Application Data\GetRightToGo
    2008-11-17 21:47 --------- d-----w c:\program files\Microsoft Small Business
    2008-11-17 21:01 --------- d-----w c:\program files\Microsoft Works
    2008-11-17 21:00 --------- d-----w c:\program files\Microsoft.NET
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
    2007-11-28 00:47 22,328 ----a-w c:\documents and settings\Sal\Application Data\PnkBstrK.sys
    2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
    2008-09-08 05:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Steam"="c:\program files\steam\steam.exe" [2008-10-16 1410296]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-19 36864]
    "36X Raid Configurer"="c:\windows\System32\xRaidSetup.exe" [2007-03-21 1953792]
    "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
    "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-19 2245984]
    "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-26 219136]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2008-11-19 987136]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-11-19 81920]
    Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2003-10-09 1622016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=zebaeo.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\counter-strike\\hl.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"=
    "c:\\Program Files\\HLSW\\hlsw.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
    "c:\\Program Files\\HLTV Tool by Marach\\HLTV Tool.exe"=
    "c:\\Program Files\\Steam\\steam.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\ijji\\ENGLISH\\u_gbound.exe"=
    "c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\dedicated server\\hlds.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
    R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
    R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
    R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-28 356920]
    R4 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-12-29 2368]
    R4 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2002-08-29 5120]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-19 99376]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
    S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-25 176128]
    S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-11-19 13532]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09940c7d-9d40-11dc-a9f9-001d60e4f157}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3001ce7f-9bee-11dc-8714-001d60e4f157}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabe929d-d62c-11dd-b98e-001d60e4f157}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    *Newly Created Service* - NORTON_GHOST
    *Newly Created Service* - SYMANTEC_SYMSNAP_VSS_PROVIDER
    *Newly Created Service* - SYMSNAPSERVICE
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-03 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 06:29]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{7d847252-642f-49a6-8be9-6cfbc167a4c5} - c:\windows\system32\zebaeo.dll
    BHO-{AAECCACE-747B-4D2F-895A-B571C54D48E6} - c:\windows\system32\tuvUMdAQ.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = securityresponse.symantec.com/avcenter/fix_homepage/
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    FF - ProfilePath - c:\documents and settings\Sal\Application Data\Mozilla\Firefox\Profiles\zizfnoc8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-03 14:35:26
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\progra~1\Grisoft\AVG7\avgamsvr.exe
    c:\progra~1\Grisoft\AVG7\avgupsvc.exe
    c:\progra~1\Grisoft\AVG7\avgemc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Norton Ghost\Agent\VProSvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\program files\Norton Ghost\Console\VProConsole.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\iTunes\iTunes.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-03 14:41:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-03 22:41:31

    Pre-Run: 165,881,679,872 bytes free
    Post-Run: 165,992,566,784 bytes free

    254 --- E O F --- 2008-12-19 05:55:01
  2. 2009-01-04, 00:33 #2
    sk8rrevolt
    sk8rrevolt is offline
    Junior Member
    Join Date
    Jan 2009
    Posts
    3

    Default

    I keep getting virtuemonde over and over on my spy s&d and idk what to do.. it has like all of them...
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules