Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Infected with Virtumonde Trojan Infected with Virtumonde Trojan
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 07-11-2008, 03:24 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 5
OS: WinXP , Service pack 2


Infected with Virtumonde Trojan
It started earlier this week, when my firefox all of a sudden at random points gave in and stopped loading a few or most sites at all, such as myspace or deviantart. And I can go to google but I can't do any search results at all.

Then I notice my firefox getting popups. I did scans with spybot and it found Virtumonde Trojans about a good 7-9 of them. I tried everything to remove it, but it just remains firm on the files it has infected and now looks harder to remove.

Here is my Deckerds Scan Log :


Deckard's System Scanner v20071014.68
Run by RKD on 2008-07-11 18:20:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
59: 2008-07-11 22:20:55 UTC - RP272 - Deckard's System Scanner Restore Point
58: 2008-07-11 21:23:07 UTC - RP271 - Removed Auqio Sound Studio 2.0
57: 2008-07-11 21:21:47 UTC - RP270 - Removed Audiosurf.
56: 2008-07-11 21:20:06 UTC - RP269 - Restore Operation
55: 2008-07-11 20:02:14 UTC - RP268 - Spyware Terminator - restore point


-- First Restore Point --
1: 2008-07-08 20:50:17 UTC - RP214 - Removed Google Toolbar for Firefox


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as RKD.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:15 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\RKD\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RKD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: {14d11f60-b8c3-33b9-8a04-5220517661b3} - {3b166715-0225-40a8-9b33-3c8b06f11d41} - C:\WINDOWS\system32\zjbupp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7AF752FB-50C1-4B76-8155-F4C043DEA05F} - C:\WINDOWS\system32\khfGWMeE.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\WINDOWS\system32\byXRjggh.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: (no name) - {EE1AA247-1FAE-46ED-BCB4-4337ABB2D22F} - C:\WINDOWS\system32\ljJYSLFu.dll (file missing)
O2 - BHO: (no name) - {EF27FF93-38A2-4668-84FA-67E6C229AA98} - C:\WINDOWS\system32\hgGxVPFv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [002bddd3] rundll32.exe "C:\WINDOWS\system32\plkhsjtt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {65DFFB8B-4E11-4A82-AEC3-BB15F62B0B45} - http://ad.itemmania.co.kr/tool/ap/itemmaniabar.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183669189015
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/yulgang/MLauncher.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/down...auncherNew.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bw+0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byXRjggh - C:\WINDOWS\SYSTEM32\byXRjggh.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 21845 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080323-122112-157 O4 - HKCU\..\Run: [WayRule] C:\DOCUME~1\RKD\APPLIC~1\EQHECK~1\store lies.exe
backup-20080323-122557-994 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
backup-20080323-231759-304 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080323-231759-513 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080323-231759-524 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080323-231759-607 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20080323-231759-699 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080708-141529-441 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080708-141803-129 O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/yulgang/MLauncher.cab
backup-20080708-141803-223 O16 - DPF: {65DFFB8B-4E11-4A82-AEC3-BB15F62B0B45} - http://ad.itemmania.co.kr/tool/ap/itemmaniabar.cab
backup-20080708-141803-409 O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
backup-20080708-141803-544 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
backup-20080708-141803-764 O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/down...auncherNew.cab
backup-20080708-141803-985 O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
backup-20080711-120353-419 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080711-120733-749 O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
backup-20080711-120803-935 O4 - HKLM\..\Run: [002bddd3] rundll32.exe "C:\WINDOWS\system32\lhglgpbn.dll",b
backup-20080711-120922-516 O4 - HKLM\..\Run: [BM0318ee4f] Rundll32.exe "C:\WINDOWS\system32\ncjwyaxn.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - c:\program files\pingfu iris\controlcenter.sys (file missing)
S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - c:\program files\pingfu iris\interceptor.sys (file missing)
S3 RivaTuner32 - c:\program files\rivatuner v2.08\rivatuner32.sys
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 XDva004 - c:\windows\system32\xdva004.sys (file missing)
S3 XDva136 - c:\windows\system32\xdva136.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ROOT\LEGACY_ALG\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_ALG\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 00:02:45 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-19 19:12:00 432 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 17:16:45 0 d-------- C:\Program Files\Enigma Software Group
2008-07-11 17:16:41 0 d-------- C:\Program Files\Lavasoft
2008-07-11 17:16:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-07-11 17:16:31 0 dr-h----- C:\Documents and Settings\ViruS killer\SendTo
2008-07-11 17:16:31 0 dr-h----- C:\Documents and Settings\ViruS killer\Recent
2008-07-11 17:16:31 0 d--h----- C:\Documents and Settings\ViruS killer\PrintHood
2008-07-11 17:16:31 0 d--h----- C:\Documents and Settings\ViruS killer\NetHood
2008-07-11 17:16:31 0 d-------- C:\Documents and Settings\ViruS killer\Desktop
2008-07-11 17:16:31 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Skinux
2008-07-11 17:16:31 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Identities
2008-07-11 17:16:31 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Adobe
2008-07-11 17:16:30 0 dr------- C:\Documents and Settings\ViruS killer\Start Menu
2008-07-11 17:16:28 0 d-------- C:\FILE TRANSFER
2008-07-11 17:16:28 0 d-------- C:\Documents and Settings\RKD\Application Data\PC Tools
2008-07-11 17:16:26 0 d-------- C:\VundoFix Backups
2008-07-11 17:16:21 0 d-------- C:\Program Files\Zone Labs(3)
2008-07-11 16:26:08 103424 --a------ C:\WINDOWS\system32\zjbupp.dll
2008-07-11 16:26:07 103424 --a------ C:\WINDOWS\system32\vfvaojcy.dll
2008-07-11 16:23:07 78336 --a------ C:\WINDOWS\system32\plkhsjtt.dll
2008-07-11 16:20:06 369 --ahs---- C:\WINDOWS\system32\vFPVxGgh.ini2
2008-07-11 16:09:23 25088 --a------ C:\WINDOWS\system32\byXRjggh.dll
2008-07-11 15:59:22 0 d-------- C:\Documents and Settings\RKD\Application Data\Spyware Terminator
2008-07-11 15:36:19 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Mozilla
2008-07-11 15:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-11 15:03:16 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-11 15:03:16 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Spyware Terminator
2008-07-11 15:03:14 0 d-------- C:\Program Files\Spyware Terminator
2008-07-11 14:58:40 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Macromedia
2008-07-11 14:49:28 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Neopets Toolbar
2008-07-11 14:39:37 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\acccore
2008-07-11 14:39:06 0 d-------- C:\Documents and Settings\ViruS killer\Application Data\Logitech
2008-07-11 14:36:57 0 d--h----- C:\Documents and Settings\ViruS killer\Templates
2008-07-11 14:36:57 3670016 --ah----- C:\Documents and Settings\ViruS killer\NTUSER.DAT
2008-07-11 14:36:57 0 dr------- C:\Documents and Settings\ViruS killer\My Documents
2008-07-11 14:36:57 0 d--h----- C:\Documents and Settings\ViruS killer\Local Settings
2008-07-11 14:36:57 0 dr------- C:\Documents and Settings\ViruS killer\Favorites
2008-07-11 14:36:57 0 d--hs---- C:\Documents and Settings\ViruS killer\Cookies
2008-07-11 14:36:57 0 dr-h----- C:\Documents and Settings\ViruS killer\Application Data
2008-07-11 14:36:57 0 d---s---- C:\Documents and Settings\ViruS killer\Application Data\Microsoft
2008-07-11 13:37:41 0 d-------- C:\Program Files\Spyware Doctor
2008-07-11 13:11:44 0 d--hs---- C:\WINDOWS\CSC
2008-07-11 12:22:53 0 d-------- C:\Program Files\Panda Security
2008-07-11 10:54:06 78336 --a------ C:\WINDOWS\system32\lhglgpbn.dll
2008-07-11 10:51:07 103424 --a------ C:\WINDOWS\system32\krqgtm.dll
2008-07-11 10:51:06 103424 --a------ C:\WINDOWS\system32\waomcwpu.dll
2008-07-11 10:48:06 885 --ahs---- C:\WINDOWS\system32\uFLSYJjl.ini2
2008-07-11 00:14:59 0 d-------- C:\Program Files\iPod
2008-07-11 00:14:57 0 d-------- C:\Program Files\iTunes
2008-07-11 00:13:56 0 d-------- C:\Program Files\QuickTime
2008-07-10 09:56:12 0 d-------- C:\Documents and Settings\RKD\screenshots
2008-07-10 09:56:12 0 d-------- C:\Documents and Settings\RKD\saves
2008-07-10 09:56:12 0 d-------- C:\Documents and Settings\RKD\cdimages
2008-07-10 09:56:12 0 d-------- C:\Documents and Settings\RKD\cards
2008-07-09 17:34:17 25088 --a------ C:\WINDOWS\system32\hgGxXPig.dll
2008-07-09 17:15:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 17:03:16 0 d-------- C:\Documents and Settings\RKD\Application Data\Mozilla
2008-07-08 17:00:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-07-08 16:57:42 103936 --a------ C:\WINDOWS\system32\rlgnsv.dll
2008-07-08 16:57:41 103936 --a------ C:\WINDOWS\system32\vfbrccut.dll
2008-07-08 16:53:07 91136 --a------ C:\WINDOWS\system32\ilsuxsjm.dll
2008-07-08 16:51:02 91136 --a------ C:\WINDOWS\system32\ujulaaao.dll
2008-07-08 14:23:18 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-07 12:47:09 0 d-------- C:\Program Files\BestGameEver
2008-07-06 15:50:36 732449 --ahs---- C:\WINDOWS\system32\EeMWGfhk.ini2
2008-06-29 23:18:45 0 d-------- C:\Program Files\Opera
2008-06-24 08:34:29 0 d-------- C:\acccore
2008-06-20 22:43:04 0 d-------- C:\Program Files\AIM Music Link
2008-06-20 09:40:46 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-19 19:17:57 0 d-------- C:\Documents and Settings\RKD\Application Data\Skinux
2008-06-19 19:12:53 0 d-------- C:\Program Files\Common Files\Kodak
2008-06-19 19:12:31 0 d-------- C:\Program Files\Kodak
2008-06-19 19:10:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak


-- Find3M Report ---------------------------------------------------------------

2008-07-11 17:18:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-11 17:16:44 0 d-------- C:\Program Files\BearShare
2008-07-11 17:16:36 0 d-------- C:\Program Files\Viewpoint
2008-07-11 17:16:26 0 d-------- C:\Documents and Settings\RKD\Application Data\uTorrent
2008-07-11 17:15:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 14:40:09 0 d-------- C:\Program Files\AIMTunes
2008-07-11 09:19:15 0 d-------- C:\Program Files\Rohan
2008-07-11 08:26:45 0 d-------- C:\Program Files\Apple Software Update
2008-07-11 00:14:27 0 d-------- C:\Program Files\Bonjour
2008-07-10 00:15:28 0 d-------- C:\Documents and Settings\RKD\Application Data\Adobe
2008-07-09 17:18:37 0 d-------- C:\Program Files\ProxyFirewall
2008-07-01 17:04:40 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-30 09:08:49 0 d-------- C:\Program Files\PhanTim3
2008-06-30 0959 0 d-------- C:\Program Files\WildGames
2008-06-29 14:39:25 0 d-------- C:\Documents and Settings\RKD\Application Data\U3
2008-06-23 17:24:36 0 d-------- C:\Documents and Settings\RKD\Application Data\Image Zone Express
2008-06-22 13:09:30 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-06-22 13:09:26 0 d-------- C:\Program Files\DVDVideoSoft
2008-06-20 09:45:09 2421 --a------ C:\WINDOWS\mozver.dat
2008-06-19 19:12:53 0 d-------- C:\Program Files\Common Files
2008-06-07 02:30:50 0 d-------- C:\Program Files\ShortKeys2
2008-06-01 14:17:21 0 d-------- C:\Program Files\Yahoo!
2008-05-31 15:56:43 0 d-------- C:\Documents and Settings\RKD\Application Data\Orbit
2008-05-24 02:40:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 02:40:32 0 d-------- C:\Program Files\MUSICMATCH
2008-05-20 05:57:42 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b166715-0225-40a8-9b33-3c8b06f11d41}]
07/11/2008 04:26 PM 103424 --a------ C:\WINDOWS\system32\zjbupp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AF752FB-50C1-4B76-8155-F4C043DEA05F}]
C:\WINDOWS\system32\khfGWMeE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}]
07/11/2008 04:09 PM 25088 --a------ C:\WINDOWS\system32\byXRjggh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE1AA247-1FAE-46ED-BCB4-4337ABB2D22F}]
C:\WINDOWS\system32\ljJYSLFu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF27FF93-38A2-4668-84FA-67E6C229AA98}]
C:\WINDOWS\system32\hgGxVPFv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"002bddd3"="C:\WINDOWS\system32\plkhsjtt.dll" [07/11/2008 04:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [03/05/2007 05:57 PM]
"Fraps"="C:\FRAPS\FRAPS.EXE" [10/20/2006 09:00 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 07:25 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/01/2005 12:42 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [5/10/2008 7:15:28 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [1/1/2005 12:42:23 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/25/2008 9:55:51 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}"= C:\WINDOWS\system32\byXRjggh.dll [07/11/2008 04:09 PM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjggh]
byXRjggh.dll 07/11/2008 04:09 PM 25088 C:\WINDOWS\system32\byXRjggh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGxVPFv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0318ee4f]
Rundll32.exe "C:\WINDOWS\system32\ncjwyaxn.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\great vc platform load]
C:\Documents and Settings\All Users\Application Data\Chic meal great vc\program axis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad32]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23993d42-5b8a-11d9-ad51-806d6172696f}]
AutoRun\command- D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67c1bc6f-71e7-11dc-8f5d-044b80808003}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67c1bc70-71e7-11dc-8f5d-044b80808003}]
AutoRun\command- I:\e.cmd
explore\Command- I:\e.cmd
open\Command- I:\e.cmd




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

8785 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-11 18:22:42 ------------



Also I have attached the extra.txt.

All help would be appreciated right now in the removal of this trojan >.>
Attached Files
File Type: txt extra.txt (23.3 KB, 1 views)
Last edited by Drax12 : 07-11-2008 at 03:33 PM.
Drax12 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-13-2008, 10:16 AM   #2 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 832
OS: Vista

My System

Re: Infected with Virtumonde Trojan
Hi Drax12

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please do not be tempted to use HJT to remove any further entries without guidance - no matter how obvious they may seem. Thanks.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________
Patience is a Virtue
Proud Member of ASAP & UNITE
If we have helped you then please consider donating
Please note that we are all volunteers here, our charge is Zero
All donations that are received go towards maintaining the forums
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-13-2008, 11:31 AM   #3 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 5
OS: WinXP , Service pack 2


Re: Infected with Virtumonde Trojan
Hello there sjb007.

Thanks again for the reply.

Just to give an update before the log, I have done a new windows update , didn't realize it was off, and rebooted my computer, and it did mention of maleware being removed, and win32 Vundo was removed.

So heres an updated HijackThis log and also the file for combofix.

Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:27 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {65DFFB8B-4E11-4A82-AEC3-BB15F62B0B45} - http://ad.itemmania.co.kr/tool/ap/itemmaniabar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183669189015
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bw+0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E7BCEB73-531F-46FF-84BD-E27D82D4AF07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 19993 bytes
Attached Files
File Type: txt ComboFix.txt (18.2 KB, 3 views)
Drax12 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-13-2008, 01:01 PM   #4 (permalink)
Analyst, Security Team
 
sjb007's Avatar
 
Join Date: Dec 2007
Location: Lincoln UK
Posts: 832
OS: Vista

My System

Re: Infected with Virtumonde Trojan
Hi there Drax12

Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {65DFFB8B-4E11-4A82-AEC3-BB15F62B0B45} - http://ad.itemmania.co.kr/tool/ap/itemmaniabar.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab

Make sure all browser and open windows/programs are closed and select "Fix checked"
Once done close HJT

Next....

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\system32\qoMdCUkJ.dll.vir
C:\WINDOWS\system32\lhglgpbn.dll
C:\WINDOWS\system32\ncjwyaxn.dll

Folder:
C:\DOCUME~1\RKD\APPLIC~1\EQHECK~1

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23993d42-5b8a-11d9-ad51-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67c1bc6f-71e7-11dc-8f5d-044b80808003}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67c1bc70-71e7-11dc-8f5d-044b80808003}]
- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log, please post this back in your next reply

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
Scan using the following Anti-Virus database >>
Extended
Scan Options >>
Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.


Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post back with:
A fresh HJT log
The results from Combofix
The results from Kaspersky

Can I ask that all results are copied and pasted into the reply rather than added as an attachment - Thanks

Please also update me on how things are running....
__________________
Patience is a Virtue
Proud Member of ASAP & UNITE
If we have helped you then please consider donating
Please note that we are all volunteers here, our charge is Zero
All donations that are received go towards maintaining the forums
sjb007 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 07-13-2008, 03:43 PM   #5 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 5
OS: WinXP , Service pack 2


Re: Infected with Virtumonde Trojan
Alright. It seems like there are still viruses left. Things are ru