Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Shocking, Torjan Vundo help please... >:(  (Read 9519 times)

0 Members and 1 Guest are viewing this topic.

kjames

    Topic Starter


    Beginner

    Re: Shocking, Torjan Vundo help please... >:(
    « Reply #15 on: August 09, 2008, 05:46:22 AM »
    ComboFix 08-08-08.07 - Kenneth L. James II 2008-08-09  7:31:33.1 - NTFSx86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.340 [GMT -4:00]
    Running from: C:\cf2332\ComboFix.exe
     * Created a new restore point
     * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Kenneth L. James II\Application Data\inst.exe
    C:\Documents and Settings\Kristin\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Program Files\Altnet
    C:\WINDOWS\system32\aepeolid.ini
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\bwmitnji.dll
    C:\WINDOWS\system32\fmtujkfb.ini
    C:\WINDOWS\system32\fvtqkihe.ini
    C:\WINDOWS\system32\gpidridc.ini
    C:\WINDOWS\system32\jpnnjm.dll
    C:\WINDOWS\system32\khsshmnl.ini
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\nkpejpgh.ini
    C:\WINDOWS\system32\pekilt.dll
    C:\WINDOWS\system32\pomoscds.dll
    C:\WINDOWS\system32\prcnsz.dll
    C:\WINDOWS\system32\pvskwykr.ini
    C:\WINDOWS\system32\skhhfwwf.ini
    C:\WINDOWS\system32\srylkl.dll
    C:\WINDOWS\system32\tmrsqopu.dll
    C:\WINDOWS\system32\yiwsmjmo.dll

    .
    (((((((((((((((((((((((((   Files Created from 2008-07-09 to 2008-08-09  )))))))))))))))))))))))))))))))
    .

    2008-08-09 07:29 . 2008-08-09 07:29   <DIR>   d--------   C:\cf2332
    2008-08-09 07:17 . 2008-08-09 07:17   <DIR>   d--------   C:\WINDOWS\LastGood
    2008-08-08 08:25 . 2008-08-08 08:25   <DIR>   d--------   C:\WINDOWS\system32\scripting
    2008-08-08 08:25 . 2008-08-08 08:25   <DIR>   d--------   C:\WINDOWS\system32\en
    2008-08-08 08:25 . 2008-08-08 08:25   <DIR>   d--------   C:\WINDOWS\system32\bits
    2008-08-08 08:25 . 2008-08-08 08:25   <DIR>   d--------   C:\WINDOWS\l2schemas
    2008-08-08 08:22 . 2008-08-08 08:25   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
    2008-08-08 08:17 . 2008-08-08 08:44   1,355   --a------   C:\WINDOWS\imsins.BAK
    2008-08-08 08:14 . 2008-08-08 08:14   <DIR>   d--------   C:\WINDOWS\EHome
    2008-08-08 08:07 . 2008-04-13 20:12   1,737,856   ---------   C:\WINDOWS\system32\mtxparhd.dll
    2008-08-08 08:06 . 2008-04-13 20:11   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll
    2008-08-08 08:05 . 2008-04-13 20:11   136,192   ---------   C:\WINDOWS\system32\aaclient.dll
    2008-08-08 08:05 . 2008-04-13 20:11   4,255   ---------   C:\WINDOWS\system32\drivers\adv01nt5.dll
    2008-08-08 08:05 . 2008-04-13 20:11   3,967   ---------   C:\WINDOWS\system32\drivers\adv02nt5.dll
    2008-08-08 08:05 . 2008-04-13 20:11   3,775   ---------   C:\WINDOWS\system32\drivers\adv11nt5.dll
    2008-08-08 08:05 . 2008-04-13 20:11   3,711   ---------   C:\WINDOWS\system32\drivers\adv09nt5.dll
    2008-08-08 08:05 . 2008-04-13 20:11   3,647   ---------   C:\WINDOWS\system32\drivers\adv07nt5.dll
    2008-08-08 08:05 . 2008-04-13 20:11   3,615   ---------   C:\WINDOWS\system32\drivers\adv05nt5.dll
    2008-08-08 08:05 . 2008-04-13 20:11   3,135   ---------   C:\WINDOWS\system32\drivers\adv08nt5.dll
    2008-08-08 07:35 . 2008-08-08 07:35   <DIR>   d--------   C:\Program Files\Sun
    2008-08-08 07:34 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
    2008-08-08 07:32 . 2008-08-08 07:34   <DIR>   d--------   C:\Program Files\Java
    2008-08-08 07:31 . 2008-08-08 07:31   <DIR>   d--------   C:\Program Files\Common Files\Java
    2008-08-07 23:07 . 2008-08-07 23:07   <DIR>   d--------   C:\Program Files\Trend Micro
    2008-08-07 22:36 . 2008-08-07 22:36   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-07 22:36 . 2008-08-07 22:36   <DIR>   d--------   C:\Documents and Settings\Kenneth L. James II\Application Data\Malwarebytes
    2008-08-07 22:36 . 2008-08-07 22:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-07 22:36 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-07 22:36 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-07 17:25 . 2008-08-07 17:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-08-07 17:24 . 2008-08-07 17:24   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
    2008-08-07 17:24 . 2008-08-07 17:24   <DIR>   d--------   C:\Documents and Settings\Kenneth L. James II\Application Data\SUPERAntiSpyware.com
    2008-08-07 17:16 . 2008-08-07 17:16   <DIR>   d--------   C:\Program Files\CCleaner
    2008-07-31 23:31 . 2008-07-31 23:31   131   --a------   C:\Documents and Settings\Kenneth L. James II\reset.cmd
    2008-07-29 09:59 . 2008-08-09 07:14   10,837   --a------   C:\WINDOWS\system32\Config.MPF
    2008-07-29 09:58 . 2006-03-03 08:07   143,360   --a------   C:\WINDOWS\system32\dunzip32.dll
    2008-07-29 09:54 . 2007-11-22 06:44   201,320   --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-07-29 09:54 . 2007-07-13 06:20   113,952   --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
    2008-07-29 09:54 . 2007-11-22 06:44   79,304   --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-07-29 09:54 . 2007-12-02 12:51   40,488   --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
    2008-07-29 09:54 . 2007-11-22 06:44   35,240   --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-07-29 09:54 . 2007-11-22 06:44   33,832   --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
    2008-07-29 09:09 . 2008-07-29 09:09   <DIR>   d--------   C:\Documents and Settings\Kenneth L. James II\Application Data\McAfee
    2008-07-27 15:08 . 2008-07-27 15:08   <DIR>   d--------   C:\Documents and Settings\Kenneth L. James II\Application Data\MSNInstaller
    2008-07-24 22:29 . 2008-07-24 22:29   <DIR>   d--------   C:\VundoFix Backups
    2008-07-24 18:25 . 2008-07-24 18:25   <DIR>   d--------   C:\Program Files\Windows Defender
    2008-07-24 17:20 . 2008-07-29 09:53   <DIR>   d--------   C:\Program Files\McAfee.com
    2008-07-24 17:20 . 2008-07-24 17:26   <DIR>   d--------   C:\Program Files\McAfee
    2008-07-24 17:20 . 2008-07-29 09:54   <DIR>   d--------   C:\Program Files\Common Files\McAfee
    2008-07-22 10:59 . 2008-07-22 10:59   <DIR>   d--------   C:\WINDOWS\McAfee.com
    2008-07-17 12:13 . 2008-07-17 12:14   <DIR>   d--------   C:\Program Files\Dell Support Center
    2008-07-17 09:36 . 2008-07-17 09:36   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
    2008-07-17 09:36 . 2008-07-17 09:36   1,409   --a------   C:\WINDOWS\QTFont.for
    2008-07-17 08:05 . 2008-07-17 08:12   <DIR>   d--------   C:\WINDOWS\system32\aumsDK01
    2008-07-17 08:05 . 2008-07-17 08:05   <DIR>   d--------   C:\Temp\zpv201
    2008-07-17 08:05 . 2008-07-17 08:05   <DIR>   d--------   C:\Temp

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-09 11:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-09 11:15   ---------   d-----w   C:\Program Files\YPOPs
    2008-08-08 11:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-08-08 11:36   ---------   d-----w   C:\Documents and Settings\Kenneth L. James II\Application Data\Lavasoft
    2008-08-07 21:31   ---------   d-----w   C:\Program Files\Google
    2008-08-07 21:23   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-07 21:12   ---------   d-----w   C:\Program Files\Common Files\SupportSoft
    2008-08-07 21:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SupportSoft
    2008-07-29 13:01   ---------   d-----w   C:\Program Files\Yahoo!
    2008-07-29 13:01   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-07-29 12:56   ---------   d-----w   C:\Program Files\Jasc Software Inc
    2008-07-24 22:29   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Dell
    2008-07-24 21:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
    2008-07-24 21:00   ---------   d-----w   C:\Program Files\Symantec
    2008-07-23 22:07   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
    2008-07-23 22:03   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
    2008-07-22 15:04   ---------   d-----w   C:\Program Files\ComcastToolbar
    2008-07-22 15:04   ---------   d-----w   C:\Documents and Settings\Kenneth L. James II\Application Data\ComcastToolbar
    2008-07-05 12:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Comcast
    2008-06-20 17:46   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:46   245,248   ------w   C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:46   147,968   ------w   C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:51   361,600   ------w   C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:40   138,496   ------w   C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 11:08   225,856   ------w   C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-13 12:19   ---------   d-----w   C:\Documents and Settings\Kristin\Application Data\COMCASTTOOLBAR
    2008-06-13 12:18   ---------   d-----w   C:\Documents and Settings\Kristin\Application Data\Yahoo!
    2008-06-13 11:05   272,128   ----a-w   C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 11:05   272,128   ------w   C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-01 13:38   47,360   ----a-w   C:\Documents and Settings\Kenneth L. James II\Application Data\pcouffin.sys
    2008-05-09 23:23   135,168   ----a-w   C:\WINDOWS\system32\SET55.tmp
    2008-05-09 10:53   90,112   ----a-w   C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:53   90,112   ------w   C:\WINDOWS\system32\dllcache\wshext.dll
    2008-05-09 10:53   512,000   ----a-w   C:\WINDOWS\system32\SET5B.tmp
    2008-05-09 10:53   512,000   ------w   C:\WINDOWS\system32\dllcache\jscript.dll
    2008-05-09 10:53   430,080   ----a-w   C:\WINDOWS\system32\SET58.tmp
    2008-05-09 10:53   430,080   ------w   C:\WINDOWS\system32\dllcache\vbscript.dll
    2008-05-09 10:53   180,224   ----a-w   C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:53   180,224   ------w   C:\WINDOWS\system32\dllcache\scrobj.dll
    2008-05-09 10:53   172,032   ----a-w   C:\WINDOWS\system32\SET59.tmp
    2008-05-09 10:53   172,032   ------w   C:\WINDOWS\system32\dllcache\scrrun.dll
    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    2008-06-02 16:56   160496   --a------   C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
    "Auto EPSON Stylus CX3800 Series on DADS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 15:00 98304]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 13:40 172032]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

    C:\Documents and Settings\Kenneth L. James II\Start Menu\Programs\Startup\
    YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [2008-07-28 23:03:26 1327104]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-08-29 16:33:24 499779]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
    backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    --a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    --a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    --a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2002-01-08 12:24 401496 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a--c--- 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a--c--- 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-08-23 11:42 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    --a------ 2005-08-23 11:42 26112 C:\Program Files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    --a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-08-20 16:20]
    R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 19:41]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-06 C:\WINDOWS\Tasks\dfrg.job
    - C:\WINDOWS\system32\dfrg.msc [2004-08-04 06:00]

    2008-07-24 C:\WINDOWS\Tasks\McDefragTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2008-08-09 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-OCAudioIni - C:\Program Files\One-click Audio Converter\OCAudioIni.exe
    MSConfigStartUp-xloadnet - C:\Program Files\xloadnet\xloadnet.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Kenneth L. James II\Application Data\Mozilla\Firefox\Profiles\jercr24b.default\
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-09 07:36:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-09  7:39:02
    ComboFix-quarantined-files.txt  2008-08-09 11:38:15

    Pre-Run: 5,340,323,840 bytes free
    Post-Run: 5,661,806,592 bytes free

    264   --- E O F ---   2008-08-09 11:27:30
    Logged

    kjames

      Topic Starter


      Beginner

      Re: Shocking, Torjan Vundo help please... >:(
      « Reply #16 on: August 09, 2008, 05:47:36 AM »
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 7:46:54 AM, on 8/9/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Dell Support Center\bin\sprtcmd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\YPOPs\YPOPs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on DADS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P39 "Auto EPSON Stylus CX3800 Series on DADS" /O15 "\\DADS\EPSONSty" /M "Stylus CX3800"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - Startup: YPOPs.lnk = ?
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
      O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
      O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5348/mcfscan.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

      --
      End of file - 9391 bytes
      Logged

      CBMatt

      • Mod & Malware Specialist


        • Prodigy

      • Sad and lonely...and loving every minute of it.
        • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: Shocking, Torjan Vundo help please... >:(
      « Reply #17 on: August 10, 2008, 03:20:12 AM »
      Your HJT looks clean.  I would run keep running the SUPERAntiSpyware and MBAM scans, but you should be okay.

      To uninstall ComboFix, simply go to Start > Run and type in combofix /u (note the space between "combofix" and "/u") and click on OK.  As for VundoFix and VirtumondoBeGone, you can simply delete them.  You can also uninstall HijackThis if you'd like, but I would keep it.

      Next, reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files.  This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
      1. Turn off System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      Check Turn off System Restore.
      Click Apply, and then click OK.

      2. Restart your computer.

      3. Turn ON System Restore.
      On the Desktop, right-click My Computer.
      Click Properties.
      Click the System Restore tab.
      UN-Check Turn off System Restore.
      Click Apply, and then click OK.

      System Restore will now be active again.

      Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
      • SpywareBlaster to help prevent spyware from installing in the first place.
      • SpywareGuard to catch and block spyware before it can execute.
      • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
      To keep your operating system up to date visit here monthly: And to keep your system clean run these free malware scanners weekly:
      And be aware of what emails you open and websites you visit.

      To learn more about how to protect yourself while on the internet, read this article by Tony Klein: So how did I get infected in the first place?
      Logged
      Quote
      An undefined problem has an infinite number of solutions.
      —Robert A. Humphrey

      kjames

        Topic Starter


        Beginner

        Re: Shocking, Torjan Vundo help please... >:(
        « Reply #18 on: August 10, 2008, 06:45:41 AM »
        Matt, thanks! cpu seems to be working well... i downloaded the programs you reccommended... should i remove mcafee (free with internet) and windows defender (downloaded it for XP)?
        Logged

        CBMatt

        • Mod & Malware Specialist


          • Prodigy

        • Sad and lonely...and loving every minute of it.
          • Thanked: 167
          • Yes
        • Experience: Experienced
        • OS: Windows 7
        Re: Shocking, Torjan Vundo help please... >:(
        « Reply #19 on: August 11, 2008, 06:42:15 AM »
        That's up to you, really.  I think McAfee is subpar, but if you want to keep it, then feel free.  However, if you wish to remove McAfee, then you should follow the instructions on this page.  As a replacement, Avast! and AVG are good free programs.

        As for Windows Defender...I would that SUPERAntiSpyware is a much better program, but it is okay to have both programs (just don't run them at the same time), so the decision is yours.
        Logged
        Quote
        An undefined problem has an infinite number of solutions.
        —Robert A. Humphrey
        Pages: 1 [2]  All   Go Up
        « previous next »