Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

Virtumonde/Seneka infection please advise

« First

•

Join Date: Jan 2009

Posts: 23

Reputation: OneBlueD is an unknown quantity at this point

Solved Threads: 0

OneBlueD

Offline

Newbie Poster

Re: Virtumonde/Seneka infection please advise

#21

Jan 15th, 2009

I tried a ComboFix run but the same results
I cannot update KAspersky , Spybot Search and destroy or even the Windows update.
And after every fix I have to manually reimput my default gateway and prefered DNSs
I am almost at my wit's end

•

Join Date: Feb 2004

Posts: 10,006

Reputation: crunchie is a splendid one to behold

Solved Threads: 757

crunchie

Offline

Spyware Killer

Re: Virtumonde/Seneka infection please advise

#22

Jan 15th, 2009

My bad. Fixwareout hasn't been updated for a while because MBAM normally takes care of this infection. I don't know why it hasn't in your case.

==

Please download ComboFix by sUBs from
HERE
or
HERE

You must download it to and run it from
your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs
(Antivirus/Antispyware, Guards and Shields) as they could easily interfere
with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that
log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during
the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is
running. That may cause it to stall.

CF disconnects your machine from the internet. The connection
is automatically restored before CF completes its run. If CF runs into
difficulty and terminates prematurely, the connection can be
manually restored by restarting your machine.

Run Combofix ONCE only!!

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

•

Join Date: Jan 2009

Posts: 23

Reputation: OneBlueD is an unknown quantity at this point

Solved Threads: 0

OneBlueD

Offline

Newbie Poster

Re: Virtumonde/Seneka infection please advise

#23

Jan 15th, 2009

ComboFix 09-01-13.04 - MIRA 2009-01-16 2:14:34.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1048.18.1976.654 [GMT 2:00]
Running from: c:\users\MIRA\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 01:49 . 2009-01-16 01:52 <DIR> d-------- C:\fixwareout
2009-01-15 20:08 . 2009-01-15 20:08 <DIR> d-------- c:\program files\Sony
2009-01-15 14:17 . 2009-01-15 14:17 <DIR> d-------- c:\temp\MTGOInstall
2009-01-15 14:17 . 2009-01-15 14:17 <DIR> d-------- C:\Temp
2009-01-15 14:08 . 2009-01-15 14:21 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Wizards of the Coast
2009-01-15 14:07 . 2009-01-15 14:07 <DIR> d-------- c:\program files\Wizards of the Coast
2009-01-15 12:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-15 12:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-15 12:13 . 2009-01-15 12:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Malwarebytes
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-14 23:30 . 2009-01-14 23:30 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-14 14:02 . 2009-01-14 14:02 <DIR> d-------- c:\program files\Panda Security
2009-01-14 14:02 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-01-14 13:09 . 2009-01-14 13:11 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-14 13:09 . 2009-01-14 13:11 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-14 13:09 . 2009-01-14 13:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-14 12:59 . 2009-01-14 12:59 <DIR> d-------- C:\fsaua.data
2009-01-11 20:55 . 2009-01-11 20:55 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Sierra Entertainment
2009-01-11 20:30 . 2009-01-11 20:30 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-11 17:01 . 2009-01-11 17:01 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-11 17:01 . 2009-01-11 17:01 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-11 17:00 . 2009-01-11 17:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 18:00 . 2009-01-06 23:10 <DIR> d-------- c:\program files\Paradox Interactive
2009-01-05 13:12 . 2009-01-05 14:20 <DIR> d-------- c:\users\MIRA\zatikon
2009-01-04 19:12 . 2009-01-04 19:12 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Media Player Classic
2009-01-04 19:12 . 2009-01-04 19:12 <DIR> d-------- c:\program files\Microsoft Games
2009-01-04 18:27 . 2009-01-04 18:27 <DIR> d-------- c:\users\All Users\Real
2009-01-04 18:27 . 2009-01-04 18:27 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-03 01:00 . 2009-01-03 01:00 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Roxio
2008-12-31 02:04 . 2008-12-31 02:04 <DIR> d-------- c:\windows\Ancient Secrets
2008-12-31 01:11 . 2008-12-31 01:11 <DIR> d-------- c:\users\All Users\TEMP
2008-12-31 01:11 . 2008-12-31 01:11 <DIR> d-------- c:\programdata\TEMP
2008-12-31 01:07 . 2008-12-31 01:07 <DIR> d-------- c:\windows\Can You See What I See Dream Machine
2008-12-30 23:22 . 2008-12-30 23:22 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DivX
2008-12-30 23:13 . 2009-01-04 18:26 <DIR> d-------- c:\program files\DivX
2008-12-30 23:05 . 2008-12-30 23:06 <DIR> d-------- c:\users\MIRA\AppData\Roaming\vlc
2008-12-30 23:04 . 2008-12-30 23:04 <DIR> d-------- c:\program files\VideoLAN
2008-12-29 22:14 . 2008-12-29 22:14 <DIR> d-------- c:\program files\QuickTime
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\users\MIRA\AppData\Roaming\BSplayer Pro
2008-12-29 02:16 . 2008-12-29 20:06 <DIR> d-------- c:\users\MIRA\AppData\Roaming\BSplayer
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\program files\Webteh
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\program files\BS.Player ControlBar
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\users\All Users\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\programdata\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\program files\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\program files\Common Files\DFX
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\users\All Users\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:51 <DIR> d-------- c:\users\All Users\OrbNetworks
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\programdata\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:51 <DIR> d-------- c:\programdata\OrbNetworks
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\program files\Winamp Remote
2008-12-28 21:42 . 2008-11-21 23:47 129,784 --------- c:\windows\System32\pxafs.dll
2008-12-28 21:41 . 2008-12-28 22:15 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Winamp
2008-12-28 21:41 . 2008-12-28 21:50 <DIR> d-------- c:\program files\Winamp
2008-12-28 21:21 . 2008-12-28 21:21 <DIR> d-------- c:\windows\System32\xlive
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools Pro
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-28 21:16 . 2008-12-28 21:16 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-28 21:15 . 2008-12-28 21:16 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-28 21:12 . 2008-12-28 21:12 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-28 21:11 . 2008-12-28 21:20 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools Lite
2008-12-28 16:41 . 2008-12-28 18:17 5,930,090,496 --a------ C:\rld-fou3.iso
2008-12-28 16:33 . 2009-01-09 18:02 <DIR> d-------- c:\users\MIRA\AppData\Roaming\skypePM
2008-12-28 16:33 . 2008-12-28 16:33 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-12-28 16:33 . 2008-12-28 16:33 56 --ah----- c:\programdata\ezsidmv.dat
2008-12-28 16:21 . 2009-01-09 18:25 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\All Users\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\programdata\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\program files\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-28 16:17 . 2009-01-16 02:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\MxBoost
2008-12-28 16:15 . 2009-01-15 15:02 <DIR> d-------- c:\users\MIRA\AppData\Roaming\uTorrent
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\program files\uTorrent
2008-12-28 16:14 . 2009-01-15 15:04 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Maxthon2
2008-12-26 03:02 . 2008-10-02 03:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-25 21:14 . 2008-12-25 21:44 <DIR> d-------- c:\program files\The Witcher Enhanced Edition
2008-12-17 02:19 . 2009-01-16 02:17 12 --a------ c:\windows\bthservsdp.dat
2008-12-16 20:25 . 2009-01-16 01:48 13,202 --a------ c:\windows\System32\perfh018.dat
2008-12-16 20:25 . 2009-01-16 01:48 4,604 --a------ c:\windows\System32\perfc018.dat
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Yahoo!
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\users\All Users\Yahoo!
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\programdata\Yahoo!
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\program files\Yahoo!
2008-12-16 19:21 . 2008-12-16 19:33 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-12-16 19:21 . 2008-12-16 19:21 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-12-16 19:20 . 2009-01-16 01:41 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-12-16 19:20 . 2009-01-16 01:41 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-12-16 19:20 . 2008-12-16 19:20 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-16 19:20 . 2009-01-16 02:25 11,477,792 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-16 19:20 . 2009-01-16 02:18 155,792 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-16 19:19 . 2008-12-16 19:19 <DIR> d-------- C:\KAV
2008-12-16 19:15 . 2008-04-21 08:28 384 --a------ c:\windows\myClean.bat
2008-12-16 18:59 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-16 18:55 . 2008-12-16 18:55 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-16 18:53 . 2008-12-16 19:28 <DIR> d-------- c:\users\MIRA\AppData\Roaming\HPQLOG
2008-12-16 18:53 . 2009-01-16 02:19 47,104 --a------ c:\windows\System32\rpcnet.dll
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> dr------- c:\users\MIRA\Searches
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> dr------- c:\users\MIRA\Contacts
2008-12-16 18:52 . 2008-06-26 03:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-16 18:52 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-16 18:52 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-16 18:52 . 2008-06-26 05:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-16 18:52 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-16 18:52 . 2008-08-27 03:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-16 18:52 . 2008-04-29 03:42 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2008-12-16 18:52 . 2008-04-29 05:54 181,760 --a------ c:\windows\System32\fsquirt.exe
2008-12-16 18:52 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-12-16 18:52 . 2008-12-16 18:52 47,104 --a------ c:\windows\System32\rpcnet.exe
2008-12-16 18:52 . 2008-04-29 03:42 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2008-12-16 18:52 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-12-16 18:51 . 2008-06-26 03:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-16 18:51 . 2008-06-26 05:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-16 18:51 . 2008-12-16 18:51 44 --a------ c:\windows\system\hpsysdrv.dat
2008-12-16 18:49 . 2008-09-18 07:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-16 18:49 . 2008-09-18 07:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-16 18:49 . 2008-04-26 10:08 1,314,816 --a------ c:\windows\System32\quartz.dll
2008-12-16 18:49 . 2008-08-12 05:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-16 18:47 . 2008-12-16 18:47 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Hewlett-Packard
2008-12-16 18:46 . 2008-05-10 03:33 113,664 --a------ c:\windows\System32\drivers\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:19 17,408 ----a-w c:\windows\System32\rpcnetp.exe
2009-01-16 00:19 --------- d-----w c:\programdata\hpqLog
2009-01-15 18:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 18:29 --------- d-----w c:\program files\Java
2008-12-30 21:13 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-28 14:07 17,408 ----a-w c:\windows\System32\rpcnetp.dll
2008-12-25 19:44 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-25 19:44 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-16 17:33 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-16 17:12 --------- d-----w c:\programdata\McAfee
2008-12-16 17:12 --------- d-----w c:\program files\McAfee
2008-12-16 17:09 --------- d-----w c:\program files\Windows Mail
2008-12-16 17:08 --------- d-----w c:\programdata\SiteAdvisor
2008-12-16 16:47 --------- d-----w c:\programdata\Hewlett-Packard
2008-12-16 16:41 --------- d-----w c:\program files\Hewlett-Packard
2008-12-16 16:36 --------- d-----w c:\program files\Analog Devices
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:45 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-11-21 21:45 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-11-21 21:45 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-11-21 21:45 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-11-21 21:45 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\divx.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2009-01-14_12.37.07.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-11 15:04:01 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-01-15 12:19:14 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-01-11 15:04:01 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-01-15 12:19:14 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-01-11 15:04:02 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-01-15 12:19:14 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-01-11 15:03:51 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:00 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:54 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:02 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:56 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:03 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:56 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:04 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:57 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:08 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:58 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:10 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:58 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:11 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:03:59 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-15 12:19:15 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-01-11 15:04:03 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-01-15 12:19:15 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-01-11 15:04:03 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-01-15 12:19:15 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-01-11 15:04:03 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-01-15 12:19:16 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-01-11 15:04:03 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-01-15 12:19:16 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-01-11 15:04:01 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-15 12:19:13 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-30 08:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\as2stubie.dll
+ 2008-02-27 13:59:28 290,816 ----a-w c:\windows\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 13:59:28 495,616 ----a-w c:\windows\Downloaded Program Files\daas_s.dll
+ 2008-02-27 14:00:12 262,144 ----a-w c:\windows\Downloaded Program Files\fscax.dll
+ 2008-02-27 13:59:16 588,392 ----a-w c:\windows\Downloaded Program Files\gatelauncher.exe
+ 2009-01-16 00:19:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-16 00:19:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-14 10:34:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-16 00:25:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-16 00:25:10 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-14 10:34:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-16 00:25:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-16 00:25:05 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-14 09:34:16 97,596 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-15 23:48:25 97,596 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-14 09:34:16 569,156 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-15 23:48:25 569,156 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-14 09:28:31 5,796 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2763801915-4081686023-2070645922-1004_UserData.bin
+ 2009-01-15 23:42:39 6,480 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2763801915-4081686023-2070645922-1004_UserData.bin
- 2009-01-14 09:28:31 118,480 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-15 23:42:39 119,164 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 07:54:37 45,688 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-15 23:42:36 47,848 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
2008-04-16 22:43 110592 --a------ c:\program files\Hewlett-Packard\File Sanitizer\IEBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-16 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-14 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-03-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-04-16 10240000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-08-04 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1.0FO\r3hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4E7E229-2DE1-4B45-95D4-5C6E5495BF32}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{05CBF57D-2E50-4B67-B28E-E83FDFEAC1E6}"= UDP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent
"{BF2A5372-425E-46F2-B81B-BEB3AF762A88}"= TCP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent
"{B7F08354-740C-4C95-BC30-21C4AA412B15}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{43C1CF6E-1AA6-4C02-B865-DC49FCEC42AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2E50F630-C77F-441F-BE86-EEF9DA5CE16E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4C6536FB-FC0B-49A3-9F21-94FC3DA93A73}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3C46605C-61B9-42D3-9CAE-FD9348B7FE2B}"= c:\program files\Skype\Phone\Skype.exe

kype
"{8986E67B-1230-49F2-903B-06CF5C7CD3AC}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0867F29D-2E0B-4F6D-B315-8162C29227A7}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{FCE0CE52-889C-4828-ABEA-12F18F52CFAD}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{130A4E17-9946-4C96-814C-7021AD4A1D8E}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D5CC8BC9-8924-4FD0-A619-7F45A2A4E5E7}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2EFE2D48-0731-4CA7-ADF0-6081A38488D5}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{DD585048-C887-470A-9C08-552BAC9D5B2C}c:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{2CD4A918-73ED-47B7-8C89-A16AB6A22C32}c:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:c:\program files\winamp remote\bin\orbtray.exe:Orb
"TCP Query User{A0B8BEC2-F20A-40CC-87C9-515797063F14}c:\\users\\mira\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\frzhbvnd\\mtgoiii_helper[1].exe"= UDP:c:\users\mira\appdata\local\microsoft\windows\temporary internet files\content.ie5\frzhbvnd\mtgoiii_helper[1].exe:mtgoiii_helper[1].exe
"UDP Query User{B199EA02-398F-41BD-9B49-BBE512E72E24}c:\\users\\mira\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\frzhbvnd\\mtgoiii_helper[1].exe"= TCP:c:\users\mira\appdata\local\microsoft\windows\temporary internet files\content.ie5\frzhbvnd\mtgoiii_helper[1].exe:mtgoiii_helper[1].exe
"TCP Query User{C6DBD953-2A8C-4DE2-A50B-9EB5705833BD}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{2A5A67CB-F315-4796-BD3F-CC162D7E7596}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-01-14 28544]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [2008-05-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [2008-05-14 12928]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-04-04 20760]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2008-03-21 39712]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [2008-05-14 12496]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [2008-05-13 475520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-11-29 181760]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-08-04 193840]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]
R4 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-10 1168632]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
R4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-08-04 77824]
R4 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-04-07 24936]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-04 576536]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]

--- Other Services/Drivers In Memory ---

*Deregistered* - mpsdrv
*Deregistered* - Smb
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9458f03e-cbcf-11dd-8cbd-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bb4f389-d513-11dd-af64-002264493ce3}]
\shell\AutoRun\command - G:\EE3AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 02:25:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(724)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(5680)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IfxPsdSv.exe
c:\windows\System32\rpcnet.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\System32\igfxsrvc.exe
c:\combofix\hidec.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\taskmgr.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-16 2:29:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 00:27:54
ComboFix2.txt 2009-01-14 10:38:41

Pre-Run: 88,318,111,744 bytes free
Post-Run: 88,312,025,088 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
416 --- E O F --- 2008-12-28 14:14:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:36 AM, on 1/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\Explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\MIRA\AppData\Roaming\Maxthon2\Maxthon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Users\MIRA\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IFXSPMGT] c:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BA57E6-A62E-49E5-A800-A2A4CCC3852D}: NameServer = 85.255.115.114,85.255.112.176
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12875 bytes

•

Join Date: Feb 2004

Posts: 10,006

Reputation: crunchie is a splendid one to behold

Solved Threads: 757

crunchie

Offline

Spyware Killer

Re: Virtumonde/Seneka infection please advise

#24

Jan 15th, 2009

I need the scan results from the 1st run.

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

•

Join Date: Jan 2009

Posts: 23

Reputation: OneBlueD is an unknown quantity at this point

Solved Threads: 0

OneBlueD

Offline

Newbie Poster

Re: Virtumonde/Seneka infection please advise

#25

Jan 16th, 2009

I don't know where to get the very first log from COmboFix
I do not know where or if it saves the logs . I'm still looking for them and will post as soon as I find them.

•

Join Date: Jan 2009

Posts: 23

Reputation: OneBlueD is an unknown quantity at this point

Solved Threads: 0

OneBlueD

Offline

Newbie Poster

Re: Virtumonde/Seneka infection please advise

#26

Jan 16th, 2009

I had run a ComboFix before you ever told me to so I couldn't folow your advice to only run it once. Sorry about that

•

Join Date: Feb 2004

Posts: 10,006

Reputation: crunchie is a splendid one to behold

Solved Threads: 757

crunchie

Offline

Spyware Killer

Re: Virtumonde/Seneka infection please advise

#27

Jan 16th, 2009

C:\qoobox

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

•

Join Date: Jan 2009

Posts: 23

Reputation: OneBlueD is an unknown quantity at this point

Solved Threads: 0

OneBlueD

Offline

Newbie Poster

Re: Virtumonde/Seneka infection please advise

#28

Jan 16th, 2009

Ok there are 2 logs there one is ComboFix2 and one is ComboFix-Quarantined files andI will post them

ComboFix 09-01-13.04 - MIRA 2009-01-14 12:25:46.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1048.18.1976.888 [GMT 2:00]
Running from: c:\users\MIRA\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-11 20:55 . 2009-01-11 20:55 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Sierra Entertainment
2009-01-11 20:30 . 2009-01-11 20:30 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-11 17:01 . 2009-01-11 17:01 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-11 17:01 . 2009-01-11 17:01 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-11 17:00 . 2009-01-11 17:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 18:00 . 2009-01-06 23:10 <DIR> d-------- c:\program files\Paradox Interactive
2009-01-05 13:12 . 2009-01-05 14:20 <DIR> d-------- c:\users\MIRA\zatikon
2009-01-05 02:22 . 2009-01-05 02:22 <DIR> d-------- c:\program files\Zatikon
2009-01-04 19:12 . 2009-01-04 19:12 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Media Player Classic
2009-01-04 19:12 . 2009-01-04 19:12 <DIR> d-------- c:\program files\Microsoft Games
2009-01-04 18:27 . 2009-01-04 18:27 <DIR> d-------- c:\users\All Users\Real
2009-01-04 18:27 . 2009-01-04 18:27 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-03 01:00 . 2009-01-03 01:00 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Roxio
2008-12-31 02:04 . 2008-12-31 02:04 <DIR> d-------- c:\windows\Ancient Secrets
2008-12-31 01:11 . 2008-12-31 01:11 <DIR> d-------- c:\users\All Users\TEMP
2008-12-31 01:11 . 2008-12-31 01:11 <DIR> d-------- c:\programdata\TEMP
2008-12-31 01:07 . 2008-12-31 01:07 <DIR> d-------- c:\windows\Can You See What I See Dream Machine
2008-12-30 23:22 . 2008-12-30 23:22 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DivX
2008-12-30 23:13 . 2009-01-04 18:26 <DIR> d-------- c:\program files\DivX
2008-12-30 23:05 . 2008-12-30 23:06 <DIR> d-------- c:\users\MIRA\AppData\Roaming\vlc
2008-12-30 23:04 . 2008-12-30 23:04 <DIR> d-------- c:\program files\VideoLAN
2008-12-29 22:14 . 2008-12-29 22:14 <DIR> d-------- c:\program files\QuickTime
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\users\MIRA\AppData\Roaming\BSplayer Pro
2008-12-29 02:16 . 2008-12-29 20:06 <DIR> d-------- c:\users\MIRA\AppData\Roaming\BSplayer
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\program files\Webteh
2008-12-29 02:16 . 2008-12-29 02:16 <DIR> d-------- c:\program files\BS.Player ControlBar
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\users\All Users\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\programdata\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\program files\DFX
2008-12-28 22:37 . 2008-12-28 22:37 <DIR> d-------- c:\program files\Common Files\DFX
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\users\All Users\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:51 <DIR> d-------- c:\users\All Users\OrbNetworks
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\programdata\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:51 <DIR> d-------- c:\programdata\OrbNetworks
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-28 21:49 . 2008-12-28 21:49 <DIR> d-------- c:\program files\Winamp Remote
2008-12-28 21:42 . 2008-11-21 23:47 129,784 --------- c:\windows\System32\pxafs.dll
2008-12-28 21:41 . 2008-12-28 22:15 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Winamp
2008-12-28 21:41 . 2008-12-28 21:50 <DIR> d-------- c:\program files\Winamp
2008-12-28 21:21 . 2008-12-28 21:21 <DIR> d-------- c:\windows\System32\xlive
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools Pro
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-28 21:17 . 2008-12-28 21:17 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-28 21:16 . 2008-12-28 21:16 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-28 21:15 . 2008-12-28 21:16 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-28 21:12 . 2008-12-28 21:12 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-28 21:11 . 2008-12-28 21:20 <DIR> d-------- c:\users\MIRA\AppData\Roaming\DAEMON Tools Lite
2008-12-28 16:41 . 2008-12-28 18:17 5,930,090,496 --a------ C:\rld-fou3.iso
2008-12-28 16:33 . 2009-01-09 18:02 <DIR> d-------- c:\users\MIRA\AppData\Roaming\skypePM
2008-12-28 16:33 . 2008-12-28 16:33 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-12-28 16:33 . 2008-12-28 16:33 56 --ah----- c:\programdata\ezsidmv.dat
2008-12-28 16:21 . 2009-01-09 18:25 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\All Users\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\programdata\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\program files\Skype
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-28 16:17 . 2009-01-14 12:23 <DIR> d-------- c:\users\MIRA\AppData\Roaming\MxBoost
2008-12-28 16:15 . 2009-01-14 12:29 <DIR> d-------- c:\users\MIRA\AppData\Roaming\uTorrent
2008-12-28 16:15 . 2008-12-28 16:15 <DIR> d-------- c:\program files\uTorrent
2008-12-28 16:14 . 2008-12-28 21:19 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Maxthon2
2008-12-26 03:02 . 2008-10-02 03:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-25 21:14 . 2008-12-25 21:44 <DIR> d-------- c:\program files\The Witcher Enhanced Edition
2008-12-17 02:19 . 2009-01-14 12:29 12 --a------ c:\windows\bthservsdp.dat
2008-12-16 20:25 . 2009-01-14 11:34 13,202 --a------ c:\windows\System32\perfh018.dat
2008-12-16 20:25 . 2009-01-14 11:34 4,604 --a------ c:\windows\System32\perfc018.dat
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Yahoo!
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\users\All Users\Yahoo!
2008-12-16 20:17 . 2008-12-16 20:17 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\programdata\Yahoo!
2008-12-16 20:17 . 2009-01-06 17:48 <DIR> d-------- c:\program files\Yahoo!
2008-12-16 19:21 . 2008-12-16 19:33 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-12-16 19:21 . 2008-12-16 19:21 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-12-16 19:20 . 2009-01-14 11:27 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-12-16 19:20 . 2009-01-14 11:27 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-12-16 19:20 . 2008-12-16 19:20 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-16 19:20 . 2009-01-14 12:34 9,393,696 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-12-16 19:20 . 2009-01-14 12:30 127,928 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-12-16 19:19 . 2008-12-16 19:19 <DIR> d-------- C:\KAV
2008-12-16 19:15 . 2008-04-21 08:28 384 --a------ c:\windows\myClean.bat
2008-12-16 18:59 . 2008-10-22 03:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-16 18:55 . 2008-12-16 18:55 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-16 18:53 . 2008-12-16 19:28 <DIR> d-------- c:\users\MIRA\AppData\Roaming\HPQLOG
2008-12-16 18:53 . 2009-01-14 12:33 47,104 --a------ c:\windows\System32\rpcnet.dll
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> dr------- c:\users\MIRA\Searches
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> dr------- c:\users\MIRA\Contacts
2008-12-16 18:52 . 2008-06-26 03:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-16 18:52 . 2008-04-26 10:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-16 18:52 . 2008-04-12 05:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-16 18:52 . 2008-06-26 05:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-16 18:52 . 2008-10-21 07:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-16 18:52 . 2008-08-27 03:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-16 18:52 . 2008-04-29 03:42 220,160 --a------ c:\windows\System32\drivers\bthport.sys
2008-12-16 18:52 . 2008-04-29 05:54 181,760 --a------ c:\windows\System32\fsquirt.exe
2008-12-16 18:52 . 2008-04-05 03:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-12-16 18:52 . 2008-12-16 18:52 47,104 --a------ c:\windows\System32\rpcnet.exe
2008-12-16 18:52 . 2008-04-29 03:42 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS
2008-12-16 18:52 . 2008-04-05 05:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-12-16 18:51 . 2008-06-26 03:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-16 18:51 . 2008-06-26 05:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-16 18:51 . 2008-12-16 18:51 44 --a------ c:\windows\system\hpsysdrv.dat
2008-12-16 18:49 . 2008-09-18 07:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-16 18:49 . 2008-09-18 07:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-16 18:49 . 2008-04-26 10:08 1,314,816 --a------ c:\windows\System32\quartz.dll
2008-12-16 18:49 . 2008-08-12 05:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-16 18:47 . 2008-12-16 18:47 <DIR> d-------- c:\users\MIRA\AppData\Roaming\Hewlett-Packard
2008-12-16 18:46 . 2008-05-10 03:33 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-12-16 18:44 . 2008-12-16 18:44 <DIR> d-------- c:\program files\MSN Messenger
2008-12-16 18:43 . 2008-12-16 18:44 <DIR> d-------- c:\program files\HP Webcam Application
2008-12-16 18:42 . 2008-12-16 18:42 <DIR> d-------- c:\program files\Common Files\SNP2UVC
2008-12-16 18:42 . 2008-04-10 17:27 1,804,160 --a------ c:\windows\System32\drivers\snp2uvc.sys
2008-12-16 18:42 . 2008-03-07 15:35 180,224 --a------ c:\windows\System32\rsnp2uvc.dll
2008-12-16 18:42 . 2007-07-05 08:28 176,128 --a------ c:\windows\System32\csnp2uvc.dll
2008-12-16 18:42 . 2007-05-10 06:16 28,160 --a------ c:\windows\System32\drivers\sncduvc.sys
2008-12-16 18:42 . 2006-05-20 02:39 15,497 --a------ c:\windows\snp2uvc.ini
2008-12-16 18:42 . 2006-05-20 02:53 13,022 --a------ c:\windows\snp2uvc.src
2008-12-16 18:41 . 2008-12-16 18:41 <DIR> d-------- c:\windows\Hewlett-Packard
2008-12-16 18:40 . 2008-12-16 18:40 <DIR> d-------- c:\users\MIRA\Bluetooth Software
2008-12-16 18:39 . 2008-12-16 18:39 <DIR> d-------- c:\windows\System32\es-MX
2008-12-16 18:39 . 2008-12-16 18:39 <DIR> d-------- c:\windows\System32\es-AR
2008-12-16 18:39 . 2008-12-16 18:39 <DIR> d-------- c:\program files\WIDCOMM
2008-12-16 18:39 . 2008-02-01 11:41 233,472 --a------ c:\windows\System32\BtwRSupport.dll
2008-12-16 18:39 . 2008-02-01 11:41 80,936 --a------ c:\windows\System32\drivers\btwavdt.sys
2008-12-16 18:39 . 2008-02-01 11:41 80,424 --a------ c:\windows\System32\drivers\btwaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 10:33 17,408 ----a-w c:\windows\System32\rpcnetp.exe
2009-01-14 10:33 --------- d-----w c:\programdata\hpqLog
2009-01-11 21:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 18:29 --------- d-----w c:\program files\Java
2008-12-30 21:13 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-28 14:07 17,408 ----a-w c:\windows\System32\rpcnetp.dll
2008-12-25 19:44 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-25 19:44 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-16 17:33 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-16 17:12 --------- d-----w c:\programdata\McAfee
2008-12-16 17:12 --------- d-----w c:\program files\McAfee
2008-12-16 17:09 --------- d-----w c:\program files\Windows Mail
2008-12-16 17:08 --------- d-----w c:\programdata\SiteAdvisor
2008-12-16 16:47 --------- d-----w c:\programdata\Hewlett-Packard
2008-12-16 16:41 --------- d-----w c:\program files\Hewlett-Packard
2008-12-16 16:36 --------- d-----w c:\program files\Analog Devices
2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:45 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-11-21 21:45 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-11-21 21:45 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-11-21 21:45 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-11-21 21:45 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\divx.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
2008-04-16 22:43 110592 --a------ c:\program files\Hewlett-Packard\File Sanitizer\IEBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-16 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-14 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-03-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-04-16 10240000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-08-04 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll,c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1.0FO\r3hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4E7E229-2DE1-4B45-95D4-5C6E5495BF32}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{05CBF57D-2E50-4B67-B28E-E83FDFEAC1E6}"= UDP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent
"{BF2A5372-425E-46F2-B81B-BEB3AF762A88}"= TCP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent
"{B7F08354-740C-4C95-BC30-21C4AA412B15}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{43C1CF6E-1AA6-4C02-B865-DC49FCEC42AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2E50F630-C77F-441F-BE86-EEF9DA5CE16E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4C6536FB-FC0B-49A3-9F21-94FC3DA93A73}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3C46605C-61B9-42D3-9CAE-FD9348B7FE2B}"= c:\program files\Skype\Phone\Skype.exe

•

Join Date: Jan 2009

Posts: 23

Reputation: OneBlueD is an unknown quantity at this point

Solved Threads: 0

OneBlueD

Offline

Newbie Poster

Re: Virtumonde/Seneka infection please advise

#29

Jan 16th, 2009

One More thing : Malawarebytef finds Trojan.DNSChanger but reading about this one it doesn't seem to be the one that causes all this trouble. I meam .. this one is supposed to just redirect my browser to unwanted sites..wich doesn't happen and it shouldn't restrict my updates. That's why I thought this was Seneka rather than DNSChanger

•

Join Date: Feb 2004

Posts: 10,006

Reputation: crunchie is a splendid one to behold

Solved Threads: 757

crunchie

Offline

Spyware Killer

Re: Virtumonde/Seneka infection please advise

#30

Jan 16th, 2009

MBAM doesn't normally have problems with dnschanger, unless it's a different strain.
Try another tool for me.

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract
All,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log.

Please post the SDFix log within CODE Tags.