Virtumonde infection please help!!

**ken545** · 2009-03-21, 17:48

Hi,

I'll tell ya, this garbage is getting harder to remove as each day goes by.

Remove these with HJT.

O2 - BHO: {2b4bf8bf-fee4-688a-cd04-a827ea19c820} - {028c91ae-728a-40dc-a886-4eeffb8fb4b2} - C:\WINDOWS\system32\tsuyaq.dll
O2 - BHO: (no name) - {ffaab799-0354-4a06-9bee-d3dce95e72e9} - C:\WINDOWS\system32\totodele.dll

O4 - HKLM\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\rewuvafu.dll",s
O4 - HKLM\..\Run: [CPM4fb7f5df] Rundll32.exe "c:\windows\system32\gekuhiri.dll",a
O4 - HKLM\..\Run: [4c84c643] rundll32.exe "C:\WINDOWS\system32\soremeno.dll",b
O4 - HKUS\S-1-5-19\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\rewuvafu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\rewuvafu.dll",s (User 'NETWORK SERVICE')

O20 - AppInit_DLLs: C:\WINDOWS\system32\sidikeyu.dll tsuyaq.dll c:\windows\system32\gekuhiri.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gekuhiri.dll (file missing)

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gekuhiri.dll (file missing)

Its important that you run Combofix, if it still wont run try running it in Safemode.

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

Delete any Combofixe that you downloaded and grab a fresh copy as its updated daily.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

**ace305** · 2009-03-22, 05:44

ComboFix 09-03-19.02 - Dave 2009-03-22 0:31:12.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1652 [GMT -4:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dave\LOCALS~1\Temp\tmp1.tmp
c:\windows\system32\lqhdwk.dll
c:\windows\system32\onemeros.ini
c:\windows\system32\pabewisa.dll
c:\windows\system32\popiwoba.dll
c:\windows\system32\qxepnl.dll
c:\windows\system32\sidikeyu.dll
c:\windows\system32\sirifiwi.dll
c:\windows\system32\sizugomu.dll
c:\windows\system32\suluyeba.dll
c:\windows\system32\tsuyaq.dll
c:\windows\system32\umoguzis.ini
c:\windows\system32\wogisewo.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-22 00:09 . 2009-03-22 00:12 <DIR> d-------- C:\32788R22FWJFW.5.tmp
2009-03-21 23:55 . 2009-03-21 23:57 <DIR> d-------- C:\32788R22FWJFW.4.tmp
2009-03-21 19:08 . 2008-04-13 20:12 82,432 ---h---t- c:\windows\system32\8d9c01.dll
2009-03-21 19:08 . 2008-04-13 20:12 82,432 ---h---t- c:\windows\system32\81835da.dll
2009-03-21 12:11 . 2009-03-21 12:11 <DIR> d-------- C:\_OTMoveIt
2009-03-20 20:08 . 2009-03-21 23:55 <DIR> d-------- C:\32788R22FWJFW.3.tmp
2009-03-20 20:07 . 2009-03-20 20:08 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-03-20 20:07 . 2009-03-20 20:07 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-03-20 20:06 . 2009-03-20 20:07 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-03-20 13:41 . 2009-03-20 13:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 13:41 . 2009-03-20 13:41 <DIR> d-------- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-03-20 13:41 . 2009-03-20 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 13:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 13:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 12:48 . 2009-03-21 12:10 327 --a------ c:\windows\wininit.ini
2009-03-15 01:49 . 2009-03-15 01:49 268 --ah----- C:\sqmdata10.sqm
2009-03-15 01:49 . 2009-03-15 01:49 268 --ah----- C:\sqmdata09.sqm
2009-03-15 01:49 . 2009-03-15 01:49 244 --ah----- C:\sqmnoopt09.sqm
2009-03-15 01:49 . 2009-03-15 01:49 136 --ah----- C:\sqmnoopt10.sqm
2009-03-15 01:49 . 2009-03-15 01:49 136 --ah----- C:\sqmdata11.sqm
2009-03-15 01:23 . 2009-03-15 13:02 <DIR> d-------- c:\windows\PaltalkScene
2009-03-15 01:23 . 2009-03-15 14:33 <DIR> d-------- c:\program files\Paltalk Messenger
2009-03-14 14:51 . 2009-03-19 15:31 <DIR> d-------- c:\program files\LimeWire
2009-03-12 20:44 . 2009-03-12 21:10 <DIR> d-------- c:\program files\PhotoFiltre
2009-03-12 17:53 . 2009-03-12 17:53 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-03-12 17:48 . 2009-03-12 17:48 <DIR> d-------- c:\program files\Western Digital
2009-03-12 17:47 . 2009-03-12 17:47 <DIR> d-------- c:\program files\Western Digital Technologies
2009-03-12 17:47 . 2009-03-12 19:07 <DIR> d---s---- c:\documents and settings\All Users\Application Data\Memeo
2009-03-12 01:33 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-03-12 01:33 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys
2009-03-12 00:25 . 2009-03-12 00:25 419 --a------ c:\windows\BRWMARK.INI
2009-03-12 00:25 . 2009-03-12 00:25 27 --a------ c:\windows\BRPP2KA.INI
2009-03-10 22:34 . 2009-03-10 22:34 <DIR> d-------- c:\program files\RyTech Software
2009-03-10 22:25 . 2009-03-10 22:25 31 --a------ c:\windows\system32\Days5.ini
2009-03-10 21:52 . 2009-03-10 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-10 21:39 . 2009-03-10 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2009-03-10 21:37 . 2009-03-10 22:04 <DIR> d-------- c:\program files\NCH Swift Sound
2009-03-10 18:32 . 2009-03-10 18:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-10 15:08 . 2009-03-10 15:08 <DIR> d-------- c:\program files\DVDVideoSoft
2009-03-10 15:08 . 2009-03-10 15:09 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2009-03-10 03:02 . 2009-03-10 03:02 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-09 23:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-09 23:32 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-09 23:32 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-09 21:53 . 2009-02-16 20:39 2,736,890 --a------ c:\windows\system32\GameMon.des
2009-03-09 21:51 . 2003-07-17 05:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-03-09 21:51 . 2004-12-31 20:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-03-09 21:50 . 2009-03-09 21:50 <DIR> d-------- c:\program files\Common Files\INCA Shared
2009-03-09 21:24 . 2009-03-09 21:24 <DIR> d-------- c:\program files\Subagames
2009-03-09 19:26 . 2009-03-09 19:26 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-09 02:02 . 2009-03-09 02:02 72,758 --a------ c:\windows\system32\rn.tmp
2009-03-06 10:35 . 2009-03-06 10:35 <DIR> d-------- c:\program files\FaxTools
2009-03-06 10:35 . 2009-03-06 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-03-06 10:27 . 2009-03-06 10:50 251 --a------ c:\windows\lexstat.ini
2009-03-06 10:24 . 2008-04-13 14:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-06 10:24 . 2008-04-13 14:47 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2009-03-06 10:23 . 2009-03-06 10:24 <DIR> d-------- c:\program files\Lexmark X1100 Series
2009-03-06 10:23 . 2001-08-17 23:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-03-06 10:23 . 2001-08-17 23:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-03-06 10:23 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-06 10:23 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2009-03-04 19:56 . 2009-03-04 19:56 <DIR> d-------- c:\program files\Avery Dennison
2009-03-04 19:56 . 2009-03-04 19:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avery
2009-03-01 22:47 . 2005-12-07 21:46 106,496 --a------ c:\windows\system32\jacob.dll
2009-03-01 22:46 . 2009-03-01 23:00 <DIR> d-------- c:\program files\Tune Tools 2
2009-03-01 22:35 . 2009-03-01 22:36 <DIR> d-------- C:\4e3b464d9b5ce38f1627d6db710891
2009-02-25 19:48 . 2009-02-28 01:17 <DIR> d-------- C:\Nexon
2009-02-25 19:44 . 2009-02-25 20:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NexonUS
2009-02-25 18:54 . 2009-02-25 18:54 <DIR> d-------- c:\program files\Pando Networks
2009-02-25 18:54 . 2009-02-25 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-02-23 17:38 . 2009-02-23 17:38 268 --ah----- C:\sqmdata08.sqm
2009-02-23 17:38 . 2009-02-23 17:38 244 --ah----- C:\sqmnoopt08.sqm
2009-02-23 17:35 . 2009-02-23 17:35 244 --ah----- C:\sqmnoopt07.sqm
2009-02-23 17:35 . 2009-02-23 17:35 232 --ah----- C:\sqmdata07.sqm
2009-02-23 17:34 . 2009-02-23 17:34 244 --ah----- C:\sqmnoopt06.sqm
2009-02-23 17:34 . 2009-02-23 17:34 232 --ah----- C:\sqmdata06.sqm
2009-02-23 17:28 . 2009-02-23 17:28 244 --ah----- C:\sqmnoopt05.sqm
2009-02-23 17:28 . 2009-02-23 17:28 244 --ah----- C:\sqmnoopt04.sqm
2009-02-23 17:28 . 2009-02-23 17:28 232 --ah----- C:\sqmdata05.sqm
2009-02-23 17:28 . 2009-02-23 17:28 232 --ah----- C:\sqmdata04.sqm
2009-02-23 17:26 . 2009-02-23 17:26 244 --ah----- C:\sqmnoopt03.sqm
2009-02-23 17:26 . 2009-02-23 17:26 244 --ah----- C:\sqmnoopt02.sqm
2009-02-23 17:26 . 2009-02-23 17:26 244 --ah----- C:\sqmnoopt01.sqm
2009-02-23 17:26 . 2009-02-23 17:26 232 --ah----- C:\sqmdata03.sqm
2009-02-23 17:26 . 2009-02-23 17:26 232 --ah----- C:\sqmdata02.sqm
2009-02-23 17:26 . 2009-02-23 17:26 232 --ah----- C:\sqmdata01.sqm
2009-02-23 17:24 . 2009-02-23 17:24 244 --ah----- C:\sqmnoopt00.sqm
2009-02-23 17:24 . 2009-02-23 17:24 232 --ah----- C:\sqmdata00.sqm
2009-02-22 16:12 . 2001-08-17 23:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-02-22 16:12 . 2001-08-17 23:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2009-02-22 16:12 . 2001-08-17 23:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-02-22 16:12 . 2001-08-17 23:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2009-02-22 16:12 . 2008-04-13 20:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-02-22 16:12 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-02-22 16:12 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-02-22 16:12 . 2008-04-13 20:09 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll
2009-02-22 16:12 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2009-02-22 16:12 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2009-02-22 16:12 . 2001-08-17 15:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-02-22 16:12 . 2001-08-17 15:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2009-02-22 03:44 . 2009-02-22 03:44 3,462 --a------ c:\windows\system32\spupdsvc.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 16:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-18 18:23 --------- d-----w c:\program files\Bodog Poker
2009-03-18 03:34 --------- d-----w c:\program files\PokerStars
2009-03-13 14:37 --------- d-----w c:\program files\Google
2009-03-12 22:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 07:01 --------- d-----w c:\program files\Microsoft Works
2009-03-01 13:33 --------- d-----w c:\documents and settings\Dave\Application Data\Apple Computer
2009-02-26 21:44 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-22 06:41 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-02-22 06:39 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-22 06:30 --------- d-----w c:\documents and settings\All Users\Application Data\_comodo_
2009-02-19 19:34 --------- d-----w c:\documents and settings\Dave\Application Data\GarageGames
2009-02-19 04:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-19 00:47 --------- d-----w c:\program files\ValuSoft
2009-02-14 23:46 286,720 ----a-w c:\windows\iun506.exe
2009-02-14 23:46 --------- d-----w c:\program files\Millennium Gamepak Gold
2009-02-14 23:21 --------- d-----w c:\program files\directx
2009-02-14 23:09 --------- d-----w c:\program files\Motorsims
2009-02-09 06:04 --------- d-----w c:\program files\DellSupport
2009-02-06 00:17 --------- d-----w c:\documents and settings\Dave\Application Data\CyberLink
2009-02-02 18:04 --------- d-----w c:\program files\Common Files\AVSMedia
2009-02-02 18:02 --------- d-----w c:\program files\AVS4YOU
2009-01-31 23:55 --------- d-----w c:\program files\Common Files\logishrd
2009-01-29 14:29 --------- d-----w c:\program files\Apple Software Update
2009-01-25 23:28 --------- d-----w c:\program files\Trend Micro
2009-01-25 23:26 --------- d-----w c:\documents and settings\Dave\Application Data\LimeWire
2009-01-23 05:01 --------- d-----w c:\program files\MSN Messenger
2009-01-22 16:38 --------- d-----w c:\program files\QuickTime
2009-01-22 16:38 --------- d-----w c:\program files\iTunes
2009-01-22 16:38 --------- d-----w c:\program files\iPod
2009-01-22 16:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-22 16:36 --------- d-----w c:\program files\Common Files\Apple
2009-01-22 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-22 00:03 --------- d-----w c:\program files\MSXML 4.0
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-03-12 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-14 1862144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-02 267048]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-14 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57814:TCP"= 57814:TCP:Pando Media Booster
"57814:UDP"= 57814:UDP:Pando Media Booster

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-21 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-21 24336]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys --> c:\program files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{446325b8-0f4f-11de-9d44-001d09a48193}]
\Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9a85b60a-7b1e-40e3-a100-78a697deaf97} - c:\windows\system32\qxepnl.dll
BHO-{ffaab799-0354-4a06-9bee-d3dce95e72e9} - c:\windows\system32\totodele.dll
HKLM-Run-kazafolipi - c:\windows\system32\rewuvafu.dll

.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\wqcz8nmo.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 00:37:39
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-22 0:39:48 - machine was rebooted [Dave]
ComboFix-quarantined-files.txt 2009-03-22 04:39:42

Pre-Run: 40,480,002,048 bytes free
Post-Run: 38,381,572,096 bytes free

274 --- E O F --- 2009-03-11 07:01:51

**ace305** · 2009-03-22, 05:47

I disabled the anti virus as much as pssible but was diffucult to disable the firewall even tho i had it off. I couldnt enable the windows recovery machine because i dont have internet in safe mode and I tried running combo fix but wouldnt let me do in regular window. Anyways thats the ComboFix log and this is the new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:34 AM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=1071114
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6736 bytes

**ken545** · 2009-03-22, 12:32

Good Morning,

Your doing just fine

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE

Delete these files
C:\32788R22FWJFW.5.tmp
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

c:\windows\system32\8d9c01.dll

The rest of your logs look fine, how are things running now???

**ace305** · 2009-03-22, 17:08

Everything seems to be more stable. How ever, It won't let me delete the five files you mentioned to me to delete It says that the file is stil in use and make sure the dis is not full or copyrighted? How do I go about this?

Other than this now, Everything seems to be be quicker and more responding.

**ken545** · 2009-03-22, 17:52

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Files
C:\32788R22FWJFW.5.tmp
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

c:\windows\system32\8d9c01.dll <--Did you upload this file to VirusTotal, it may be bad????

**ace305** · 2009-03-22, 22:20

This is the Virus Total Report.

MD5: 2ccc474eb85ceaa3e1fa1726580a3e5a
First received: -
Date: 03.18.2009 14:28:44 (CET) [>4D]
Results: 0/37
Permalink: analisis/5a0bcd34750912b4b8bb3d63c05009e2

**ace305** · 2009-03-22, 22:21

This is the OTMoveIt report I just did like you had asked.

========== FILES ==========
C:\32788R22FWJFW.5.tmp moved successfully.
C:\32788R22FWJFW.4.tmp moved successfully.
C:\32788R22FWJFW.3.tmp moved successfully.
C:\32788R22FWJFW.2.tmp moved successfully.
C:\32788R22FWJFW.1.tmp moved successfully.
C:\32788R22FWJFW.0.tmp moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03222009_172052

**ken545** · 2009-03-22, 22:27

ACE, that can't be the entire VirusTotal log. I need to see the entire log

**ace305** · 2009-03-22, 23:42

As soon as I send the file, That is all it showed. How ever, I did notice this and is this the log?

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.18 -
AhnLab-V3 5.0.0.2 2009.03.18 -
AntiVir 7.9.0.116 2009.03.18 -
Authentium 5.1.2.4 2009.03.18 -
Avast 4.8.1335.0 2009.03.17 -
AVG 8.0.0.237 2009.03.18 -
BitDefender 7.2 2009.03.18 -
CAT-QuickHeal 10.00 2009.03.18 -
ClamAV 0.94.1 2009.03.18 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.18 -
eSafe 7.0.17.0 2009.03.18 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.17 -
Fortinet 3.117.0.0 2009.03.18 -
GData 19 2009.03.18 -
Ikarus T3.1.1.45.0 2009.03.18 -
K7AntiVirus 7.10.674 2009.03.17 -
Kaspersky 7.0.0.125 2009.03.18 -
McAfee 5556 2009.03.17 -
McAfee+Artemis 5556 2009.03.17 -
McAfee-GW-Edition 6.7.6 2009.03.18 -
Microsoft 1.4502 2009.03.18 -
NOD32 3944 2009.03.17 -
Norman 6.00.06 2009.03.18 -
nProtect 2009.1.8.0 2009.03.18 -
Panda 10.0.0.10 2009.03.18 -
PCTools 4.4.2.0 2009.03.18 -
Rising 21.21.22.00 2009.03.18 -
Sophos 4.39.0 2009.03.18 -
Sunbelt 3.2.1858.2 2009.03.18 -
Symantec 1.4.4.12 2009.03.18 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.18 -
VBA32 3.12.10.1 2009.03.17 -
ViRobot 2009.3.18.1654 2009.03.18 -
VirusBuster 4.6.5.0 2009.03.17 -
Additional information
File size: 82432 bytes
MD5...: 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1..: 7cf3366c68e402eb3678046fe97651a586044560
SHA256: 6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500
SHA512: 158cdba8cda0da68829f30fa8f5b7a0caca90d9a6ca7480a3de7a3a6c0f2f84d
68533d62c5f72c7f332e90a7a916f4b28c49c0841b3bfb0df5a8b63e4ba5426c
ssdeep: 1536:HRqRC/AJcBuyg2q1htxvSrqtkBx5sALnR4lxCyqnelG:HR0TJKBq1hrvSrM
kBx5swR41Mj

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1273
timedatestamp.....: 0x4802a163 (Mon Apr 14 00:12:19 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12153 0x12200 6.48 cb2c4ac799159013b18999c21e2df4f0
.data 0x14000 0x914 0xa00 4.88 704b5717fb2cf3f297691957debc5e92
.rsrc 0x15000 0x3f8 0x400 3.43 5ff68b649c14d167754073f671ef1ef1
.reloc 0x16000 0xdc8 0xe00 6.65 c085926e9053221b19c5e6bcc1c08384

( 5 imports )
> ADVAPI32.dll: RegNotifyChangeKeyValue, RegDeleteKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegEnumKeyExA
> KERNEL32.dll: GetTickCount, QueryPerformanceCounter, lstrcmpA, HeapReAlloc, HeapFree, HeapAlloc, InterlockedCompareExchange, IsBadWritePtr, GetEnvironmentVariableA, GetComputerNameA, GetVersionExA, GetSystemDirectoryA, GetWindowsDirectoryA, WaitForMultipleObjectsEx, ResetEvent, IsBadReadPtr, TlsSetValue, GetHandleInformation, ExpandEnvironmentStringsA, InterlockedExchange, GetCurrentThreadId, TlsAlloc, GetSystemInfo, HeapCreate, GetProcessHeap, HeapDestroy, TlsFree, lstrlenA, lstrcpyA, IsBadCodePtr, GetProcAddress, CreateEventA, GetModuleFileNameA, LoadLibraryA, CreateThread, FreeLibrary, WaitForSingleObject, CloseHandle, FreeLibraryAndExitThread, EnterCriticalSection, SetEvent, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SwitchToThread, SetLastError, DelayLoadFailureHook, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, LeaveCriticalSection
> msvcrt.dll: __isascii, isspace, _except_handler3, sprintf, _adjust_fdiv, malloc, _initterm, free, _stricmp, fclose, fgets, atoi, strchr, fopen, wcscpy, strtoul, wcscmp, wcslen, wcschr
> ntdll.dll: RtlIpv4StringToAddressW, RtlIpv6StringToAddressExW, RtlIpv4StringToAddressA
> WS2HELP.dll: WahCompleteRequest, WahQueueUserApc, WahEnableNonIFSHandleSupport, WahDisableNonIFSHandleSupport, WahCreateSocketHandle, WahNotifyAllProcesses, WahCreateNotificationHandle, WahWaitForNotification, WahOpenCurrentThread, WahCloseThread, WahInsertHandleContext, WahRemoveHandleContext, WahDestroyHandleContextTable, WahCreateHandleContextTable, WahEnumerateHandleContexts, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahOpenNotificationHandleHelper, WahOpenHandleHelper, WahOpenApcHelper, WahCloseSocketHandle, WahReferenceContextByHandle

( 117 exports )
FreeAddrInfoW, GetAddrInfoW, GetNameInfoW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallProvider, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket

Thread: Virtumonde infection please help!!

Thread Tools

Display

Posting Permissions