Thread: vundo infection and various others
View Single Post
Old 07-07-2007, 01:16 AM   #15 (permalink)
nessa333
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


Re: vundo infection and various others
"Ness" - 2007-07-07 17:10:43 - ComboFix 07-07-03.8 - Service Pack 2
Command switches used :: C:\ComboFix-do.txt


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-03 23:45 <DIR> d-------- C:\xnext post
2007-07-03 23:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-03 21:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 18:24 <DIR> d-------- C:\Deckard
2007-07-02 22:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-02 22:21 21,312 --a------ C:\WINDOWS\choice.exe
2007-07-02 22:20 <DIR> d-------- C:\ie-spyad
2007-07-02 20:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-27 21:38 <DIR> d-------- C:\VundoFix Backups
2007-06-25 20:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-25 20:52 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-25 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-06-24 00:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-06-23 23:46 <DIR> d-------- C:\Program Files\Monopoly 3
2007-06-23 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-23 23:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-23 23:36 <DIR> d-------- C:\DOCUME~1\Ness\APPLIC~1\SUPERAntiSpyware.com
2007-06-23 23:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 22:35 <DIR> d-------- C:\DOCUME~1\Ness\APPLIC~1\GetRightToGo
2007-06-22 23:11 <DIR> d-------- C:\Incomplete
2007-06-19 00:19 <DIR> d-------- C:\Program Files\AVG Anti-Spyware 7.5


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 11:56:03 -------- d-----w C:\Program Files\OptusNet DSL Internet
2007-07-02 11:55:51 -------- d-----w C:\Program Files\MSN Messenger
2007-07-02 11:55:43 -------- d-----w C:\Program Files\Mouse Driver
2007-07-02 11:51:54 -------- d-----w C:\Program Files\iTunes
2007-07-02 11:51:17 -------- d-----w C:\Program Files\Digital Line Detect
2007-07-02 11:49:12 -------- d-----w C:\Program Files\Apoint
2007-07-02 10:13:36 -------- d-----w C:\DOCUME~1\Ness\APPLIC~1\SiteAdvisor
2007-06-23 12:30:31 -------- d-----w C:\DOCUME~1\Ness\APPLIC~1\LimeWire
2007-06-22 12:50:43 -------- d-----w C:\Program Files\McAfee
2007-06-04 08:30:27 -------- d-----w C:\Program Files\mIRC
2007-06-04 07:57:40 -------- d-----w C:\Program Files\iPod
2007-06-04 07:45:17 -------- d-----w C:\Program Files\Apple Software Update
2007-05-22 12:40:22 -------- d-----w C:\Program Files\LimeWire
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 10:33:16 -------- d-----w C:\Program Files\SiteAdvisor
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 03:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-31 01:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-05-31 04:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
2006-12-22 15:02 67136 --a------ c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 23:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:03]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 20:58]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 21:01]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 14:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2005-11-30 12:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-03-04 13:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-27 18:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9281c87-1eac-11da-ad97-00c0eec3149e}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-06-12 23:29:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-02-28 19:55:41 C:\WINDOWS\tasks\McDefragTask.job
2007-03-31 15:00:20 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 17:13:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 17:14:16
C:\ComboFix-quarantined-files.txt ... 2007-07-07 17:14
C:\ComboFix2.txt ... 2007-07-03 22:58
C:\ComboFix3.txt ... 2007-07-03 21:55

--- E O F ---
nessa333 is offline