Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Virtumundo Alive and Active

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Virtumundo Alive and Active

Unread postby Silverlocks » January 1st, 2009, 2:58 pm

I have just completed running Combofix and it appears to have removed most of the Virtumunde that had infected my system, I'm still finding a single instance when I run SpyBot.

I had to run Combofix twice. The first run crashed my system, the second run updated and ran completely.

The following is my ComboFix File Log:

ComboFix 08-12-31.01 - David Longhenry 2009-01-01 12:18:52.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1025 [GMT -5:00]
Running from: d:\my documents\System Virus Problems\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
c:\documents and settings\David Longhenry\Application Data\inst.exe
c:\windows\system32\4.5993.exe
c:\windows\system32\amuzipuz.ini
c:\windows\system32\anomonov.ini
c:\windows\system32\asatofol.ini
c:\windows\system32\azayosir.ini
c:\windows\system32\efizopuj.ini
c:\windows\system32\elakamam.ini
c:\windows\system32\emesehen.ini
c:\windows\system32\enegekil.ini
c:\windows\system32\evuguzit.ini
c:\windows\system32\fccARkig.dll
c:\windows\SYSTEM32\gikRAccf.ini
c:\windows\system32\gikRAccf.ini2
c:\windows\system32\gqjoihha.ini
c:\windows\system32\ijipuwiz.ini
c:\windows\system32\imiveked.ini
c:\windows\system32\iyatezat.ini
c:\windows\system32\lefopase.dll
c:\windows\system32\lotokute.dll
c:\windows\system32\lujorosu.dll
c:\windows\system32\luliwedo.dll
c:\windows\system32\mamakale.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mivohilu.dll
c:\windows\system32\noyutumi.dll
c:\windows\system32\ojosajub.ini
c:\windows\system32\owufowij.ini
c:\windows\system32\poyutole.dll
c:\windows\system32\risoyaza.dll
c:\windows\system32\rizipiru.dll
c:\windows\system32\sys_dll.dll
c:\windows\system32\tazetayi.dll
c:\windows\system32\ubanabew.ini
c:\windows\system32\uripizir.ini
c:\windows\system32\usidepob.ini
c:\windows\system32\usorojul.ini
c:\windows\system32\vakumene.dll
c:\windows\system32\vtUooLCS.dll
c:\windows\system32\xxyxWNHx.dll
c:\windows\system32\ziwupiji.dll
c:\windows\Web\default.htt
c:\windows\winhelp.ini
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://free-license.4-sc.com
hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2009-01-01 12:06 . 2009-01-01 12:06 <DIR> d--hs---- C:\FOUND.000
2009-01-01 08:13 . 2009-01-01 08:13 86,107 --ahs---- c:\windows\SYSTEM32\dekevimi.dll
2008-12-31 22:05 . 2007-11-06 09:51 126,464 --a------ c:\windows\SYSTEM32\MadCHook.dll
2008-12-31 20:13 . 2008-12-31 20:13 83,667 --ahs---- c:\windows\SYSTEM32\vonomona.dll
2008-12-31 08:59 . 2008-12-31 08:59 24,872 --a------ c:\windows\SYSTEM32\DRIVERS\ElbyCDIO.sys
2008-12-31 08:12 . 2008-12-31 08:12 83,587 --ahs---- c:\windows\SYSTEM32\lofotasa.dll
2008-12-30 20:12 . 2008-12-30 20:13 83,618 --------- c:\windows\SYSTEM32\likegene.dll
2008-12-30 19:12 . 2008-12-30 19:12 36,864 --ahs---- c:\windows\SYSTEM32\tezojuyu.dll
2008-12-30 18:53 . 2008-12-30 18:53 103,360 --a------ c:\windows\SYSTEM32\DRIVERS\AnyDVD.sys
2008-12-28 14:47 . 2008-12-28 14:47 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\The_Pirate_Bay
2008-12-27 09:19 . 2008-12-27 09:19 <DIR> d-------- c:\program files\TheRingtoneMaker
2008-12-24 16:22 . 2008-12-24 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-12-24 14:14 . 2008-12-24 14:14 <DIR> d-------- c:\program files\Bonjour
2008-12-21 17:37 . 2008-04-17 13:12 107,368 --a------ c:\windows\SYSTEM32\GEARAspi.dll
2008-12-21 17:37 . 2008-04-17 13:12 15,464 --a------ c:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys
2008-12-21 17:36 . 2008-12-21 17:36 <DIR> d-------- c:\program files\iTunes
2008-12-21 17:36 . 2008-12-21 17:36 <DIR> d-------- c:\program files\iPod
2008-12-21 17:36 . 2008-12-21 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-21 17:29 . 2008-12-21 17:29 <DIR> d-------- c:\windows\SYSTEM32\DRVSTORE
2008-12-21 16:04 . 2008-12-21 16:04 <DIR> d-------- c:\program files\Safari
2008-12-21 15:20 . 2008-12-21 15:20 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\Apple
2008-12-21 15:03 . 2008-12-21 15:03 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-21 14:57 . 2008-12-21 14:57 <DIR> d-------- c:\program files\Apple Software Update
2008-12-21 14:57 . 2008-12-21 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-20 22:05 . 2008-12-20 22:05 <DIR> d-------- C:\eMule
2008-12-20 21:30 . 2008-12-20 21:30 <DIR> d-------- c:\program files\eMule
2008-12-20 15:41 . 2008-12-20 15:41 <DIR> d-------- C:\DAKv5_Temp
2008-12-20 07:25 . 2008-12-20 07:25 <DIR> d-------- c:\program files\Droid Informatica
2008-12-20 07:25 . 2008-12-20 07:25 160,304 --a------ c:\windows\undrnstl.exe
2008-12-20 07:24 . 2008-12-20 07:24 <DIR> d-------- c:\program files\DAK
2008-12-20 07:23 . 2008-12-20 07:23 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-18 18:21 . 2008-12-20 09:55 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-18 18:21 . 2008-12-18 18:21 1,409 --a------ c:\windows\QTFont.for
2008-12-18 03:56 . 2008-12-18 03:56 <DIR> d-------- C:\My C Pando Packages
2008-12-16 13:08 . 2008-12-16 13:08 <DIR> d-------- c:\program files\UPSMON
2008-12-16 13:08 . 2008-12-16 13:08 <DIR> d-------- c:\documents and settings\All Users\UPSMON
2008-12-15 20:43 . 2008-12-15 20:43 <DIR> d-------- c:\documents and settings\David Longhenry\dwhelper
2008-12-15 20:43 . 2008-12-15 20:43 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\Cooliris
2008-12-14 18:58 . 2008-12-14 18:58 0 --a------ c:\windows\nsreg.dat
2008-12-14 11:03 . 2008-12-14 11:03 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\Jaman
2008-12-14 10:30 . 2008-12-14 10:30 <DIR> d-------- c:\program files\MpcStar
2008-12-13 14:21 . 2008-12-13 16:11 6 ---h----- C:\BIT78.tmp
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\SYSTEM32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\SYSTEM32\dnssd.dll
2008-12-12 02:38 . 2008-12-13 14:19 6 ---h----- C:\BIT1C.tmp
2008-12-11 16:51 . 2008-12-11 16:51 50 --a------ c:\windows\MegaManager.INI
2008-12-11 16:51 . 2008-12-13 16:09 6 ---h----- C:\BIT41.tmp
2008-12-10 20:14 . 2008-12-10 20:16 94,208 --a------ c:\windows\SYSTEM32\ipdll.dll
2008-12-10 20:14 . 2008-12-10 20:14 49,152 --a------ c:\windows\SYSTEM32\svch?st.exe
2008-12-09 16:06 . 2008-12-09 16:06 <DIR> d-------- c:\program files\Novosoft
2008-12-09 16:06 . 2008-12-09 16:06 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\Novosoft
2008-12-07 20:24 . 2008-12-07 20:24 <DIR> d-------- c:\windows\Sun
2008-12-07 20:23 . 2008-12-07 20:22 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-07 20:23 . 2008-12-07 20:22 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-07 20:22 . 2008-12-07 20:22 <DIR> d-------- c:\program files\Java
2008-12-05 23:26 . 2008-12-05 23:26 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\TaxCut
2008-12-04 18:18 . 2008-12-04 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Christmasville
2008-12-04 17:35 . 2008-12-04 17:35 <DIR> d-------- c:\program files\Easy Avi Divx Xvid to DVD Burner
2008-12-04 17:35 . 2008-12-26 16:30 67 --a------ c:\windows\Easy Avi Divx Xvid to DVD Burner.INI
2008-12-03 21:57 . 2008-12-03 21:57 <DIR> d-------- c:\documents and settings\David Longhenry\Application Data\SanDisk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ------w c:\windows\SYSTEM32\dllcache\mshtml.dll
2008-11-25 23:58 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-22 21:16 --------- d-----w c:\program files\Common Files\Jasc Software Inc
2008-11-22 21:15 --------- d-----w c:\program files\Jasc Software Inc
2008-11-22 21:15 --------- d-----w c:\documents and settings\David Longhenry\Application Data\Jasc Software Inc
2008-11-22 04:08 --------- d-----w c:\documents and settings\David Longhenry\Application Data\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8}
2008-11-21 18:28 --------- d-----w c:\program files\Ultra Video Splitter
2008-11-20 23:26 --------- d-----w c:\documents and settings\David Longhenry\Application Data\NCH Software
2008-11-20 23:26 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-19 20:45 --------- d-----w c:\documents and settings\David Longhenry\Application Data\Azureus
2008-11-19 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-19 20:44 --------- d-----w c:\program files\Vuze
2008-11-19 20:44 --------- d-----w c:\program files\Common Files\i4j_jres
2008-11-19 17:21 93,128 ----a-w c:\windows\SYSTEM32\ElbyCDIO.dll
2008-11-13 02:15 --------- d-----w c:\documents and settings\David Longhenry\Application Data\skypePM
2008-11-13 02:12 --------- d-----w c:\documents and settings\David Longhenry\Application Data\Skype
2008-11-13 02:10 --------- d-----w c:\program files\Skype
2008-11-13 02:10 --------- d-----w c:\program files\Common Files\Skype
2008-11-13 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-13 01:47 --------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-13 01:47 --------- d-----w c:\program files\Windows Live
2008-11-13 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-12 22:06 --------- d-----w c:\documents and settings\David Longhenry\Application Data\ArcSoft
2008-11-12 21:56 --------- d-----w c:\program files\Common Files\SPC610NC
2008-11-11 13:56 84,552 ----a-w c:\documents and settings\David Longhenry\Application Data\GDIPFONTCACHEV1.DAT
2008-11-11 13:25 --------- d-----w c:\program files\DeductionPro 2008
2008-11-11 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut
2008-11-11 13:11 --------- d-----w c:\program files\TaxCut08
2008-11-10 05:48 --------- d-----w c:\documents and settings\David Longhenry\Application Data\Yahoo!
2008-11-10 00:29 163,518 ----a-w c:\windows\Audio Converter Uninstaller.exe
2008-11-10 00:29 --------- d-----w c:\program files\River Past
2008-11-10 00:29 --------- d-----w c:\program files\Common Files\River Past
2008-11-10 00:29 --------- d-----w c:\documents and settings\David Longhenry\Application Data\River Past G5
2008-11-10 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\River Past G5
2008-11-09 20:49 --------- d-----w c:\documents and settings\David Longhenry\Application Data\Megaupload
2008-11-09 14:38 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-09 14:38 47,360 ----a-w c:\documents and settings\David Longhenry\Application Data\pcouffin.sys
2008-11-09 14:38 --------- d-----w c:\program files\DVDFab 5
2008-11-09 02:42 --------- d-----w c:\program files\providerComcast
2008-11-09 02:42 --------- d-----w c:\program files\Common Files\supportsoft
2008-11-07 02:14 --------- d--h--w c:\documents and settings\David Longhenry\Application Data\InAlbumTemp
2008-11-07 02:14 --------- d-----w c:\program files\XviD
2008-11-07 02:14 --------- d-----w c:\program files\InAudio 1
2008-11-07 02:13 --------- d-----w c:\program files\InAlbum 3 Deluxe
2008-10-30 10:52 123 ----a-w c:\documents and settings\David Longhenry\Application Data\fusioncache.dat
2008-10-26 15:42 3,140 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2008-10-15 17:34 337,408 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\dllcache\strmdll.dll
2008-09-16 17:00 81,920 ----a-w c:\documents and settings\David Longhenry\Application Data\ezpinst.exe
2008-09-16 04:46 271 --sh--w c:\program files\desktop.ini
2008-09-16 04:46 23,357 ---h--w c:\program files\folder.htt
2008-09-23 17:06 72,704 --sha-w c:\windows\SYSTEM32\daranesu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="d:\software_downloads\TClock\TCLOCKEX.EXE" [2000-03-09 89088]
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" [2008-11-20 3647304]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-31 2489280]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ActiveSpeed"="c:\program files\Ascentive\ActiveSpeed\AS.exe" [2008-04-17 1957888]
"MWLExe"="c:\program files\Mcafee\MWL\MWLGuiSt.exe" [2007-07-28 206184]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 163840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancesPage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.divxa32"= msaud32_divx.acm
"vidc.dvsd"= pdvcodec.dll
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
path=
backup=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kagopafika
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 11:13 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 21:50 1603152 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 21:01 644696 c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
--a------ 2007-05-21 04:37 124512 c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2008-07-10 14:42 5129504 c:\program files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-05-28 08:27 570664 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-05-21 19:21 184320 c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2008-12-03 21:59 79872 c:\documents and settings\David Longhenry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-29 17:57 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC610NC_Monitor]
--a------ 2006-11-03 11:01 319488 c:\windows\Philips\SPC610NC\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-07 20:22 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-16 09:15 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPSMON]
--a------ 2007-12-05 19:12 433664 c:\program files\UPSMON\UPSMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIARaidUtl]
--a------ 2007-08-01 10:58 4694016 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-03 19:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--a------ 2003-03-31 12:00 3072 c:\windows\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"=
"c:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Common Files\\McAfee\\mna\\McNASvc.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\River Past\\Audio Converter\\AudioConverter.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\searchprotocolhost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57934:TCP"= 57934:TCP:Pando P2P TCP Listening Port
"57934:UDP"= 57934:UDP:Pando P2P UDP Listening Port
"56409:TCP"= 56409:TCP:Pando P2P TCP Listening Port
"56409:UDP"= 56409:UDP:Pando P2P UDP Listening Port
"56724:TCP"= 56724:TCP:Pando P2P TCP Listening Port
"56724:UDP"= 56724:UDP:Pando P2P UDP Listening Port
"57644:TCP"= 57644:TCP:Pando P2P TCP Listening Port
"57644:UDP"= 57644:UDP:Pando P2P UDP Listening Port

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [2007-12-06 660768]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-17 206096]
R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;"c:\program files\Novosoft\Handy Backup\BackupNetworkCoordinator.exe" [2008-10-31 32856]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe /p providercomcast [2008-05-02 148768]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2008-10-19 45056]
R3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\DRIVERS\SPC610NC.SYS [2008-11-12 409728]
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\PCHealth Scheduler for Data Collection.job
- c:\windows\PCHEALTH\SUPPORT\PCHSCHD.EXE []

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-01-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 17:21]

2009-01-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 17:21]

2008-12-30 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-09-10 10:51]

2009-01-01 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-09-10 10:51]

2009-01-01 c:\windows\Tasks\gucaxzjr.job
- c:\windows\system32\rundll32.exe [2008-04-14 05:42]

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{19B45A4D-8E35-4403-BD6F-460C8E301BD6} - (no file)
BHO-{4a5cf597-eaf2-4cbb-853b-0c3e5c8cab0b} - c:\windows\system32\luliwedo.dll
BHO-{5E3E72DD-C2D3-486B-AEE3-A62A6F097BB8} - (no file)
BHO-{650128B2-7E2F-4C2C-AF36-5F29D9BCCE6C} - (no file)
BHO-{AB46CA4C-61A6-4249-9E90-4888B8661606} - c:\windows\system32\fccARkig.dll
HKLM-Run-kagopafika - c:\windows\system32\tegawula.dll
HKLM-Run-091e1e5c - c:\windows\system32\webanabu.dll
Notify-vtUooLCS - (no file)
MSConfigStartUp-091e1e5c - c:\windows\system32\mamakale.dll
MSConfigStartUp-jamtray - C:/Program Files/Jaman Player/jamtray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{A8F0FB51-136C-4B4C-BF80-F090874BDF04} - c:\program files\Ascentive\ActiveSpeed\AS.exe
TCP: {873B6120-6C93-44C2-A087-1AACD3DD286C} = 71.243.0.12 71.250.0.12

O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

c:\windows\Downloaded Program Files\genipublisher.dll - O16 -: Geni Publisher
hxxp://www.geni.com/plugins/genipublisher.CAB
c:\windows\Downloaded Program Files\genipublisher.OSD

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\SYSTEM32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.geni.com/ImageUploader_5_5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\contactx.dll - O16 -: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C}
hxxp://www.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\David Longhenry\Application Data\Mozilla\Firefox\Profiles\b8acvwd4.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\David Longhenry\Application Data\Mozilla\Firefox\Profiles\b8acvwd4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 12:30:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-448539723-839522115-1004
@Allowed: (Read) (Everyone)
@Allowed: (Read) (Users)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-1614895754-448539723-839522115-1004)
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-448539723-839522115-1004
@Allowed: (Read) (Everyone)
@Allowed: (Read) (Users)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-1614895754-448539723-839522115-1004)
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*NULL*"]
@Class="Shell"
@Security="Inherited"

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*NULL*"\OpenWithList]
@Class="Shell"
@Security="Inherited"

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*NULL*%5*NULL*»*NULL*]
@Class="Shell"
@Security="Inherited"

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*NULL*%5*NULL*»*NULL*\OpenWithList]
@Class="Shell"
@Security="Inherited"

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-448539723-839522115-1004
@Allowed: (Full) (S-1-5-21-1614895754-448539723-839522115-1004)
@Allowed: (Full) (S-1-5-21-1614895754-448539723-839522115-1004)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1614895754-448539723-839522115-1004
@Allowed: (Full) (S-1-5-21-1614895754-448539723-839522115-1004)
@Allowed: (Full) (S-1-5-21-1614895754-448539723-839522115-1004)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-1614895754-448539723-839522115-1004
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-1614895754-448539723-839522115-1004
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE
c:\program files\CANON\IJPLM\IJPLMSVC.EXE
c:\program files\COMMON FILES\INTERVIDEO\REGMGR\IVIREGMGR.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
c:\program files\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
c:\program files\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
c:\program files\MCAFEE\MPF\MPFSRV.EXE
c:\program files\MCAFEE\MSK\MSKSRVER.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\IOCTLSVC.EXE
c:\windows\SYSTEM32\PSISERVICE.EXE
c:\program files\providerComcast\bin\tgsrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\UPSMON\UPSMON_Service.Exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2009-01-01 12:33:54 - machine was rebooted [David Longhenry]
ComboFix-quarantined-files.txt 2009-01-01 17:33:48

Pre-Run: 284,814,934,016 bytes free
Post-Run: 284,742,483,968 bytes free

517 --- E O F --- 2008-12-18 18:00:55
You do not have the required permissions to view the files attached to this post.
Silverlocks
Active Member
 
Posts: 1
Joined: January 1st, 2009, 2:01 pm
Top
Advertisement
Register to Remove

Re: Virtumundo Alive and Active

Unread postby NonSuch » January 2nd, 2009, 2:02 am

Please note that ComboFix is a tool that is not intended to be run without supervision. If something should go wrong, you would have no idea of how to go about extracting your system from the mess that would ensue.

Also you provided a ComboFix log, but you did not provide a HijackThis log. In order for us to help you it is necessary that you provide us with a HijackThis log, which should be pasted into a reply, not attached. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also, include a copy of the above ComboFix log results. Both of these logs should be pasted into the same reply, do not paste each into its own reply.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 435 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index