Virtumonde.dll/virtumonde.generic

**navyamairman** · 2009-02-01, 08:38

Yes you're right, there was alot of crap on my computer, I'm mostly to blame for that, I guess i'm too trusting to let people use my computer. All that utorrent crap, I know just who put it there, rest assured they wont be using my computer any longer! As for the MSN garbage, I'll have to have my wife log on to change that information, shes the one with a MSN account.

Good News SpyBot came up clean, Here the new Combofix (CFScript) log:

ComboFix 09-01-31.01 - Thomas 2009-02-01 1:52:40.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2615 [GMT -5:00]
Running from: c:\documents and settings\Thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Thomas\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\cbxWNgdd.dll
c:\windows\system32\instLLR.exe
c:\windows\system32\nnnnMCRK.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Austin\Application Data\uTorrent
c:\documents and settings\Austin\Application Data\uTorrent\dht.dat
c:\documents and settings\Austin\Application Data\uTorrent\resume.dat
c:\documents and settings\Austin\Application Data\uTorrent\rss.dat
c:\documents and settings\Austin\Application Data\uTorrent\settings.dat
c:\documents and settings\Kerri\Application Data\uTorrent
c:\documents and settings\Kerri\Application Data\uTorrent\Akon-Freedom-2008-[NoFS].1.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Akon-Freedom-2008-[NoFS].torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).1.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).2.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).3.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).4.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).5.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).6.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).7.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).8.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Big Kuntry King - My Turn To Eat (2008).torrent
c:\documents and settings\Kerri\Application Data\uTorrent\dht.dat
c:\documents and settings\Kerri\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Kerri\Application Data\uTorrent\DJ_Drama_And_Lil_Wayne-Dedication_3_(Gangsta_Grillz_Edition)-2008-MIXFIEND.1.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\DJ_Drama_And_Lil_Wayne-Dedication_3_(Gangsta_Grillz_Edition)-2008-MIXFIEND.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\DJ_Spintaik_&_Alfamega-Street_Runnaz_(Respect_The_Hustle_Edition)-2008-MIXFIEND.1.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\DJ_Spintaik_&_Alfamega-Street_Runnaz_(Respect_The_Hustle_Edition)-2008-MIXFIEND.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Go Hard Remix Ft. DJ Khaled, T-Pain, Juelz Santana, Rock City, Sway, Kanye West & Twista.mp3.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Grand Theft Auto Liberty City Stories.iso.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Hancock.mp4.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Jamie Foxx - Intuition.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Jazmine Sullivan - Fearless (2008).torrent
c:\documents and settings\Kerri\Application Data\uTorrent\JUELZ SANTANA & LIL WAYNE PRESENT GAME FACE.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Kanye West - 808s and Heartbreaks.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Keyshia Cole - A Different Me (2008).torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Lil.Wayne-Louisianimal-(Bootleg)-2008-[NoFS].torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Ludacris-Theater.Of.The.Mind-Explicit.Retail-2007-[NoFS].torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Ludacris - Theater Of The Mind (2oo8).torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Ludacris - Theatre Of The Mind.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Ludacris -Theater Of The Mind [2008][CD+3 SkidVid_XviD+Cov].torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Pastor Troy - Troy (2008) - Rap [www.torrentazos.com].torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Plies-Da_Realist-2008-H3X.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\PSP 145 Iso Games.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\PSP Demos by wabbitZ.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\PSP Grand Theft Auto Vice City Stories PAL ESP.[www.TmasGames.com].torrent
c:\documents and settings\Kerri\Application Data\uTorrent\resume.dat
c:\documents and settings\Kerri\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Kerri\Application Data\uTorrent\rss.dat
c:\documents and settings\Kerri\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Kerri\Application Data\uTorrent\settings.dat
c:\documents and settings\Kerri\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Kerri\Application Data\uTorrent\Soulja_Boy-iSouljaBoyTellem-2008-H3X.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Step Up 2 The Streets - Soundtrack.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\T-Pain - Thr33 Ringz Deluxe Edition [2008] - Hip Hop.torrent
c:\documents and settings\Kerri\Application Data\uTorrent\Yu-Gi-Oh_GX_Tag_Force_3_EUR_PSP-pSyPSP.torrent
c:\windows\ettjyfgp\
c:\windows\system32\cbxWNgdd.dll
c:\windows\system32\instLLR.exe
c:\windows\system32\nnnnMCRK.dll.vir
c:\windows\tckbeuqg\

.
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-02-01 01:50 . 2009-02-01 01:50 <DIR> d-------- c:\windows\LastGood
2009-01-31 15:23 . 2009-01-31 16:25 4 --a------ c:\windows\tckbeuqg
2009-01-30 20:22 . 2009-01-30 20:22 <DIR> d-------- c:\program files\ERUNT
2009-01-28 10:24 . 2009-01-28 10:24 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-27 02:49 . 2009-01-31 15:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 02:49 . 2009-01-27 02:49 <DIR> d-------- c:\documents and settings\Thomas\Application Data\Malwarebytes
2009-01-27 02:49 . 2009-01-27 02:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 02:49 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 02:49 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-27 01:09 . 2009-01-27 01:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-01-26 23:14 . 2009-01-26 23:14 <DIR> d---s---- c:\windows\system32\%SystemDrive%
2009-01-26 23:14 . 2009-01-26 23:25 <DIR> d-------- c:\windows\__SkypeIEToolbar_Cache
2009-01-26 22:54 . 2009-01-31 18:47 197 --a------ c:\windows\wininit.ini
2009-01-26 17:21 . 2009-01-31 13:04 3,024 --a------ c:\windows\ettjyfgp
2009-01-24 18:07 . 2009-01-24 18:07 244 --ah----- C:\sqmnoopt04.sqm
2009-01-24 18:07 . 2009-01-24 18:07 232 --ah----- C:\sqmdata04.sqm
2009-01-24 00:17 . 2009-01-24 00:17 244 --ah----- C:\sqmnoopt03.sqm
2009-01-24 00:17 . 2009-01-24 00:17 232 --ah----- C:\sqmdata03.sqm
2009-01-23 13:09 . 2009-01-23 13:09 244 --ah----- C:\sqmnoopt02.sqm
2009-01-23 13:09 . 2009-01-23 13:09 232 --ah----- C:\sqmdata02.sqm
2009-01-22 23:28 . 2009-01-22 23:28 244 --ah----- C:\sqmnoopt01.sqm
2009-01-22 23:28 . 2009-01-22 23:28 232 --ah----- C:\sqmdata01.sqm
2009-01-22 12:50 . 2009-01-22 12:50 244 --ah----- C:\sqmnoopt00.sqm
2009-01-22 12:50 . 2009-01-22 12:50 232 --ah----- C:\sqmdata00.sqm
2009-01-20 10:13 . 2009-01-31 11:10 3,994,887 --a------ c:\windows\pfirewall.log.old
2009-01-19 21:35 . 2008-05-14 12:33 121,376 --a------ c:\windows\system32\bfLLR.dll
2009-01-18 17:37 . 2004-09-29 15:36 15,360 --a------ c:\windows\system32\drivers\NetMotCM.sys
2009-01-18 16:29 . 2009-01-18 16:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Support.com
2009-01-18 14:48 . 2009-01-18 14:48 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-01-18 14:48 . 2009-01-18 14:48 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-18 14:48 . 2008-12-11 07:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-18 14:47 . 2009-01-18 14:47 <DIR> d-------- c:\documents and settings\Thomas\Application Data\TuneUp Software
2009-01-18 14:47 . 2009-01-18 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-18 14:46 . 2009-01-18 14:48 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-18 14:46 . 2009-01-18 14:46 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 17:02 . 2009-01-17 17:02 <DIR> d-------- c:\program files\SupportSoft
2009-01-17 16:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-17 16:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-17 16:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-17 16:50 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-01-17 16:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-17 16:50 . 2008-07-30 06:20 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-01-17 16:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-17 16:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-17 16:50 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-17 16:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-17 16:49 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-17 16:49 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2009-01-17 16:49 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-01-17 16:49 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2009-01-17 16:49 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2009-01-17 16:49 . 2008-07-10 11:01 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-01-17 16:49 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2009-01-17 16:49 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2009-01-17 16:49 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2009-01-15 23:38 . 2009-01-15 23:38 <DIR> d-------- c:\documents and settings\Thomas\Application Data\CoxFastConnect20
2009-01-12 17:49 . 2009-01-12 17:50 57 --a------ c:\windows\TaxACT08.ini
2009-01-09 17:30 . 2009-01-09 17:30 <DIR> d-------- c:\windows\Logs
2009-01-09 17:30 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-09 17:30 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-09 17:30 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-09 17:30 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-09 17:30 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-09 17:30 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-09 17:30 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-03 09:57 . 2009-01-03 09:57 81,920 --a------ c:\windows\system32\frapsvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 06:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-31 22:11 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-31 22:11 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-30 15:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-28 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-27 15:05 --------- d-----w c:\program files\Java
2009-01-22 21:16 --------- d-----w c:\documents and settings\Diane\Application Data\Pogo Games
2009-01-22 21:15 --------- d-----w c:\program files\Oberon Media
2009-01-20 02:38 --------- d-----w c:\program files\Bigfoot Networks
2009-01-20 01:58 --------- d-----w c:\program files\Download Manager
2009-01-19 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-01-19 02:56 --------- d-----w c:\program files\Astraware
2009-01-12 22:49 --------- d-----w c:\program files\2nd Story Software
2009-01-03 22:25 --------- d-----w c:\documents and settings\Thomas\Application Data\Xfire
2008-12-28 18:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 18:31 --------- d-----w c:\program files\MySpace
2008-12-28 18:30 --------- d-----w c:\program files\Activision
2008-12-28 02:53 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-27 19:32 --------- d-----w c:\program files\Western Digital Technologies
2008-12-27 19:09 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-12-27 17:08 --------- d-----w c:\documents and settings\Diane\Application Data\ArcSoft
2008-12-27 00:25 --------- d-----w c:\documents and settings\Austin\Application Data\ArcSoft
2008-12-26 22:08 --------- d-----w c:\documents and settings\Kerri\Application Data\ArcSoft
2008-12-26 21:46 --------- d-----w c:\documents and settings\Thomas\Application Data\ArcSoft
2008-12-26 21:42 339,968 ----a-w c:\windows\system32\WDBtnMgr.exe
2008-12-26 21:42 --------- d-----w c:\program files\My Book
2008-12-26 21:42 --------- d-----w c:\program files\Common Files\ArcSoft
2008-12-26 20:43 --------- d-----w c:\documents and settings\Thomas\Application Data\MySpace
2008-12-24 18:23 --------- d-----w c:\documents and settings\Kerri\Application Data\Skype
2008-12-24 02:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-22 01:05 --------- d-----w c:\program files\Xfire
2008-12-18 05:48 --------- d-----w c:\documents and settings\Thomas\Application Data\Skype
2008-12-18 04:13 --------- d-----w c:\documents and settings\Thomas\Application Data\skypePM
2008-12-18 03:44 --------- d-----w c:\program files\Digsby
2008-12-15 03:28 --------- d-----w c:\program files\Google
2008-12-14 00:33 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 21:55 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-07 01:51 --------- d-----w c:\documents and settings\Diane\Application Data\Move Networks
2008-12-03 01:20 --------- d-----w c:\documents and settings\Austin\Application Data\Winamp
2008-12-03 01:19 --------- d-----w c:\documents and settings\Austin\Application Data\Windows Search
2008-03-22 18:49 56,912 ----a-w c:\documents and settings\Thomas\g2mdlhlpx.exe
2008-02-23 06:12 22,328 -c--a-w c:\documents and settings\Thomas\Application Data\PnkBstrK.sys
2008-05-31 14:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008053120080601\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-31_19.08.06.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-1-2009\ERDNT.EXE
+ 2009-02-01 06:44:43 8,871,936 ----a-w c:\windows\ERDNT\AutoBackup\2-1-2009\Users\00000001\NTUSER.DAT
+ 2009-02-01 06:44:43 192,512 ----a-w c:\windows\ERDNT\AutoBackup\2-1-2009\Users\00000002\UsrClass.dat
+ 2005-03-01 15:27:04 245,408 ----a-w c:\windows\LastGood\system32\unicows.dll
+ 2009-02-01 06:44:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-18 950664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Thomas\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Killer Tray Menu.lnk - c:\program files\Bigfoot Networks\Killer Driver\KillerTray.exe [2009-01-19 604672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-02 14:33 184320 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll
"VIDC.D263"= xl_x263dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD_SRT]
c:\program files\Western Digital Technologies\WD Win98 SE USB Disk Driver [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a--c--- 2006-01-12 20:52 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2005-08-05 13:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 15:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-12 13:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-12-26 00:08 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-12-26 00:08 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-12-26 00:08 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-08-17 05:39 90112 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2008-12-26 16:42 339968 c:\windows\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"mi-raysat_3dsmax9_32"=2 (0x2)
"iPod Service"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=2 (0x2)
"WZCSVC"=2 (0x2)
"WLSetupSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SupportSoft\\bin\\tgcmd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"22135:TCP"= 22135:TCP:Utorrent
"51717:TCP"= 51717:TCP:Utorrent

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-16 15424]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [2007-12-13 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [2007-12-13 22048]
R4 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [2009-01-19 236544]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-18 603904]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2008-08-06 899700]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mind-medley/gamehouseplayer.cab
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 01:55:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-220523388-790525478-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0d,26,bd,b5,ed,a5,a9,bf,3c,bb,65,90,e5,1c,2f,db,a9,32,1e,7d,ca,
c3,be,42,a7,fc,ee,a6,4e,d8,1c,03,cf,20,3f,4b,22,80,a7,12,9d,bd,d7,40,11,28,\
"rkeysecu"=hex:96,81,60,8e,8e,1f,2d,75,33,65,f8,76,4b,12,5a,58
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1672)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2009-02-01 1:57:36
ComboFix-quarantined-files.txt 2009-02-01 06:57:22
ComboFix2.txt 2009-02-01 00:09:16
ComboFix3.txt 2009-01-31 20:31:22

Pre-Run: 95,034,617,856 bytes free
Post-Run: 95,020,212,224 bytes free

397 --- E O F --- 2009-01-14 15:42:20

And finallythe HJT log:

--- Report generated: 2009-01-31 18:47 ---

Hint of the Day: Click the bar at the right of this to see more information! ()

Win32.Agent.pz: [SBI $7EC6899E] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $8980C6CD] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, fixed)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\instkey

Smitfraud-C.: [SBI $99619F8C] Settings (Registry key, fixed)
HKEY_USERS\PE_C_DIANE\Software\Microsoft\instkey

Win32.Banker.xe: [SBI $231D8296] Program directory (Directory, fixed)
C:\WINDOWS\system32\twain32\

Win32.Banker.xe: [SBI $69B908AB] Data (File, fixed)
C:\WINDOWS\system32\twain32\user.ds

Win32.Banker.xe: [SBI $83C7F981] Data (File, fixed)
C:\WINDOWS\system32\twain32\local.ds

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-09-23 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-08-14 Tools.dll (2.1.5.7)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2009-01-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-01-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-01-28 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-01-27 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-01-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-01-21 Includes\Trojans.sbi (*)
2009-01-27 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Since SpyBot came up clean did you still want to see the log???

**pskelley** · 2009-02-01, 12:48

You posted the Spybot S&D log and not the HJT log? I really don't need to see anything else if the computer is running as it should. You may use the same run command to remove combofix. No reason to keep it, it does not update.

Thanks

**navyamairman** · 2009-02-01, 17:36

LMAO, I'm such a dork, it was 2 almost 3am and I thought I could get somewhere before I go to bed, lol.

Thank you for all your help I greatly appreciate it. Its good to know that when theres morons trying to cheat/steal/and infect computers, they're are people out there fighting back!

BTW, I'll be send a friend your (spybot) way, he is having troubles too....

Thread: Virtumonde.dll/virtumonde.generic

Thread Tools

Display

Posting Permissions