Thread: Vundo Infection Aftermath Help Request
View Single Post
Old 09-21-2006, 01:35 AM   #11 (permalink)
creationite
Registered User
 
Join Date: Sep 2006
Posts: 7
OS: XP Media Center Edition


Thanks for all the help thus far fredmh, needless to say I would of been able to fix this without your help. Here is the combofix log:

Lee Grieve - 06-09-21 8:30:33.28 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\Lee Grieve\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{703F68B0-07FB-2057-0413-05051104002c}


((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))


2006-09-20 18:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-20 18:11 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-20 18:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-20 18:11 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-16 08:24 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-16 08:24 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-08-29 23:34 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-08-23 00:31 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-23 00:31 5,906,432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-23 00:31 457,728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-23 00:31 175,616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-23 00:18 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-23 00:13 11,776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-23 00:11 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-23 00:10 61,440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-23 00:09 262,656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-22 23:36 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-21 08:31 -------- d-------- C:\Program Files\Common Files
2006-09-20 21:52 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-20 17:21 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-19 16:56 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Azureus
2006-09-18 01:00 -------- d-------- C:\Program Files\Internet Explorer
2006-09-18 00:26 -------- d-------- C:\Program Files\Windows Defender
2006-09-17 19:51 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\LimeWire
2006-09-17 13:52 -------- d-------- C:\Program Files\RegScrubXP
2006-09-16 08:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-15 18:45 -------- d---s---- C:\Documents and Settings\Lee Grieve\Application Data\Microsoft
2006-09-08 20:25 -------- d-------- C:\Program Files\ZoneAlarm
2006-09-03 12:29 -------- d-------- C:\Program Files\PeerGuardian2
2006-09-01 22:03 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\IGN_DLM
2006-09-01 13:12 -------- d-------- C:\Program Files\MSN Messenger
2006-08-30 20:03 29853 --a------ C:\Program Files\g2a_helpalert.log
2006-08-30 18:16 -------- d-------- C:\Program Files\Registry Mechanic
2006-08-29 23:40 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\ATI
2006-08-29 23:37 -------- d-------- C:\Program Files\ATI Technologies
2006-08-25 20:23 -------- dr-h----- C:\Documents and Settings\Lee Grieve\Application Data\SecuROM
2006-08-24 21:05 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-08-23 23:38 75776 --a------ C:\WINDOWS\zllsputility.exe
2006-08-23 13:34 -------- d-------- C:\Program Files\Azureus
2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 19:30 -------- d-------- C:\Program Files\ATC for Battlefield 2
2006-08-20 13:27 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\IMVU
2006-08-19 20:44 -------- d---s---- C:\Program Files\Xfire
2006-08-19 10:27 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Opera
2006-08-19 07:54 -------- d-------- C:\Program Files\CureROM
2006-08-19 07:48 29184 --a------ C:\WINDOWS\system32\AH6XL32.dll
2006-08-18 22:59 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-08-18 22:59 165376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-08-11 22:33 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\My Games
2006-08-11 22:24 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-10 20:54 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Media Player Classic
2006-08-10 20:53 -------- d-------- C:\Program Files\QuickTime Alternative
2006-08-10 20:53 -------- d-------- C:\Program Files\Media Player Classic
2006-08-10 20:50 -------- d-------- C:\Program Files\Common Files\Real
2006-08-10 20:50 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Real
2006-08-10 20:20 -------- d-------- C:\Program Files\QuickTime
2006-08-10 19:46 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-08 22:31 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Adobe
2006-08-08 21:58 -------- d---s---- C:\Program Files\Adobe
2006-08-08 21:57 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-02 23:12 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-02 23:08 258048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-02 23:07 1681920 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-08-02 23:02 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-02 23:02 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-02 23:02 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-02 23:02 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-02 23:02 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-02 23:01 401408 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-02 23:00 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-02 22:55 2373088 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-02 22:51 2354720 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-02 22:49 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-08-02 22:45 5136384 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-02 22:41 208896 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-08-02 22:40 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-02 22:40 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-02 22:35 286720 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-01 10:59 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-31 22:59 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Google
2006-07-31 12:42 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-07-30 19:27 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Mozilla
2006-07-30 19:20 -------- d-------- C:\Program Files\Download Manager
2006-07-30 14:50 241890 --a------ C:\WINDOWS\A Tale in the Desert Uninstaller.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 18:49 -------- d-------- C:\Program Files\XviD
2006-07-28 18:16 -------- d-------- C:\Program Files\Gspot Video
2006-07-28 18:10 -------- d-------- C:\Program Files\CyberLink
2006-07-28 18:09 -------- d-------- C:\Program Files\PowerDVD
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:41 -------- d-------- C:\Program Files\Windows Media Player
2006-07-24 21:56 -------- d-------- C:\Program Files\Razer
2006-07-22 10:10 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\Macromedia
2006-07-21 20:51 -------- d-------- C:\Documents and Settings\Lee Grieve\Application Data\CyberLink
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 16:52 121856 --------- C:\WINDOWS\system32\xmllite.dll
2006-07-14 11:47 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-07-12 21:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-07-12 02:54 62 --ahs---- C:\Documents and Settings\Lee Grieve\Application Data\desktop.ini
2006-07-12 02:10 0 -rahs---- C:\MSDOS.SYS
2006-07-12 02:10 0 -rahs---- C:\IO.SYS
2006-07-12 02:10 0 --a------ C:\CONFIG.SYS
2006-07-12 02:10 0 --a------ C:\AUTOEXEC.BAT
2006-06-29 10:20 1669632 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-06-29 10:17 456192 --a------ C:\WINDOWS\system32\encdec.dll
2006-06-29 10:17 291840 --a------ C:\WINDOWS\system32\sbe.dll
2006-06-29 10:16 235008 --------- C:\WINDOWS\system32\psisdecd.dll
2006-06-29 08:05 26112 --------- C:\WINDOWS\system32\idndl.dll
2006-06-29 08:05 23552 --------- C:\WINDOWS\system32\normaliz.dll
2006-06-28 17:59 24576 --------- C:\WINDOWS\system32\nlsdl.dll
2006-06-22 06:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 06:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /run"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper\\DkIcon.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"razer"="C:\\Program Files\\Razer\\Copperhead\\razerhid.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Zone Labs Client"="\"C:\\Program Files\\ZoneAlarm\\zlclient.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 21/09/2006 8:33:09.56
ComboFix.txt
creationite is offline