Tech Support Forum banner
Status
Not open for further replies.

Vundo Virus is messing up everything with my internet connection

3K views 0 replies 1 participant last post by  Doc Holliday 
#1 ·
About a week ago, I somehow got a strain of the Vundo Virus. Don't exactly know how it happened but I know that my AV at the time (Trend Micro Anti-Virus 2007) didn't catch it. Now, once I got this thing (and a couple other problems as you'll see) my computer has been doing really screwy things. Most of it has to do with the internet. I browse through Firefox. Now, when I browse, my computer will lose it's wireless connection, randomly connect to another wireless point without me prompting it or giving it permission, won't connect to webpages unless I refresh x amount of times, throttle my bandwidth beyond belief, screw up my forwarded ports, etc. And it's completely random. Certain times of the day it will do this and other times it will be semi-ok. That's the major problem. The other problem is the general slowing down of my computer (OS is Windows XP with SP2).

On to the Vundo itself. I'm guessing this is a new or nastier strain because I tried google'ing Trojan.Vundo.DYA and nothing came up. I haven't even seen the DYA variant or maybe I just don't know because I'm not the most computer savvy. In any case, that's not the only virus on my computer right now. I've got 5 and this is one of them. I contracted another one with I tried downloading ComboFix.

Now, what I've done to try and remedy it.

-Ran HJT for a report but I can't read it.
-Ran ComboFix which turned out to give me another virus
-Ran FxVMonde with no results
-Ran SDfix with no results
-Ran VirtumundoBeGone with no results
-Ran VundoFix which grabbed some of the Vundo but not all of it.

I've ran all of them in and out of safe mode.

I've also ran AVG AV, Trend Micro, and BitDefender. BitDefender is the only one that has recognized the bad files. Here is a list of them:


BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 16:25:02 13/02/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1202941502_1_02.xml

Scan Paths:path0000: C:\
Path0001: D:\
Path0002: L:\


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 980588
Archive plugins : 41
Email plugins : 6
Scan plugins : 12
Archive plugins : 41
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 801101
Infected items : 5
Suspicious items : 0
Resolved items : 0
Individual viruses found : 4
Scanned directories : 13212
Scanned boot sectors : 3
Scanned archives : 16248
Input-output errors : 26
Scan time : 00:03:28:26
Files per second : 64


Scanned processes summaryScanned : 37
Infected : 0


Scanned registry keys summaryScanned : 404
Infected : 0


Scanned cookies summaryScanned : 3
Infected : 0


Remaining issues:Object Name Threat Name Final Status
C:\Program Files\WinMX Music\Shared\winmx_music.exe=](Instyler o)=](Instyler Module 30)=](RAR Sfx o) Adware.Webhancer.N Delete Failed (file was in an archive)

C:\Documents and Settings\Owner\Desktop\Vundo destruction\ComboFix.exe=](RAR Sfx o)=]CFCleanUp.bat Trojan.Bat.Sdel.AC Delete Failed (file was in an archive)

C:\Documents and Settings\Owner\Desktop\Vundo destruction.rar=]Vundo destruction\ComboFix.exe=](RAR Sfx o)=]CFCleanUp.bat Trojan.Bat.Sdel.AC Delete Failed (file was in an archive)

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP518\A0056265.exe=](RAR Sfx o)=]keygen.exe Trojan.Downloader.JJMX Delete Failed (file was in an archive)

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP518\A0056265.exe=](RAR Sfx o)=]crack.exe Trojan.Vundo.DYA Delete Failed (file was in an archive)


Resolved issues:Object Name Threat Name Final Status


Objects that were not scanned:Object Name Reason Final Status
Virus names are in bold

Basically, BitDefender wouldn't or couldn't delete any of those last five viruses because it says that they are in the archive and I couldn't access them. I couldn't find them in the registry and I couldn't find them in the hidden files/folders. Oh, and I think they carried over from restore points when I was on that kick.


Here is my HJT scan:

Logfile of HijackThis v1.99.1
Scan saved at 3:20:10 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Documents and Settings\Owner\Desktop\Anti-Virus and Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {39A2AD75-3C40-4ABB-B818-9ACF5225EBEE} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {A4AC4EB7-6AA3-404E-8C9E-FA606F501F53} - (no file)
O2 - BHO: (no name) - {b2dcf746-1dd1-11b2-865a-b7f705720c44} - C:\WINDOWS\gdqfidcn.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {D1C1F028-7E28-4A2C-BB5B-AA1299E132B9} - (no file)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - (no file)
O2 - BHO: {5a5e9c69-1aca-fc08-0f54-d320956d1e1e} - {e1e1d659-023d-45f0-80cf-aca196c9e5a5} - C:\WINDOWS\system32\lvumvuvn.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{422C2AEB-8F7C-409C-B646-367B7CD502D5}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2F7252-3898-4E21-85F7-05CDC86A9714}: NameServer = 68.87.77.130,68.78.72.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtutqpm - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: BurnWin - {C145CF11-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\system32\apiuser32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
I was able to re-download the Combofix from another site and run it in safe mode. This one worked for me. If this helps, here's the log to it:

ComboFix 08-02-15.1 - Owner 2008-02-14 15:40:35.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.696 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\WINDOWS\system32\Cache
D:\Autorun.inf
L:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdateõj
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\msupdate


((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 07:01 . 2008-02-14 07:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-11 15:53 . 2008-02-13 16:32 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-11 06:16 . 2008-02-11 06:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitDefender
2008-02-11 06:09 . 2008-02-11 06:10 <DIR> d-------- C:\Program Files\BitDefender
2008-02-11 06:09 . 2008-02-13 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-11 06:08 . 2008-02-11 07:41 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-08 17:00 . 2008-02-13 01:24 <DIR> d-------- C:\VundoFix Backups
2008-02-08 16:35 . 2008-02-08 16:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-08 16:34 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-08 16:24 . 2008-02-08 16:24 <DIR> d-------- C:\Program Files\CleanUp!
2008-02-06 15:54 . 2008-02-06 15:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-06 15:54 . 2008-02-06 15:54 3,452 --a------ C:\WINDOWS\unins000.dat
2008-02-06 06:03 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-02-05 06:43 . 2008-02-05 06:43 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-05 06:43 . 2008-02-05 06:43 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-05 06:40 . 2008-02-05 06:40 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-05 06:40 . 2008-02-05 06:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-05 06:40 . 2008-02-06 04:30 107,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 06:40 . 2008-02-05 06:53 2,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-05 06:40 . 2008-02-05 06:46 1,292 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-05 06:40 . 2008-02-05 06:46 1,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-05 05:40 . 2008-02-05 05:40 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-05 04:51 . 2008-02-05 04:51 <DIR> d-------- C:\Program Files\ESET
2008-02-05 04:51 . 2008-02-05 04:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-05 04:38 . 2008-02-06 05:37 1,194,315 --ahs---- C:\WINDOWS\system32\pnbxdddl.ini
2008-02-05 04:32 . 2008-02-08 17:33 284,105 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2008-02-05 04:32 . 2008-02-08 17:36 284,105 --ahs---- C:\WINDOWS\system32\rtstv.ini
2008-02-05 04:26 . 2008-02-05 04:28 58,368 --a------ C:\wpohl.exe
2008-02-05 04:26 . 2008-02-05 04:26 54,764 --a------ C:\WINDOWS\system32\fnhoje
2008-02-05 04:26 . 2008-02-05 04:28 2 --a------ C:\-1198557502
2008-02-05 04:26 . 2008-02-11 07:43 0 --a------ C:\reg.reg
2008-01-21 15:37 . 2008-01-21 15:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-21 15:37 . 2008-01-21 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-21 14:20 . 2008-01-21 14:21 <DIR> d-------- C:\Program Files\Nick Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 02:42 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-13 22:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-02-07 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 21:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-21 21:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 20:20 --------- d-----w C:\Program Files\Yahoo!
2008-01-07 23:41 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 06:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-15 19:19 --------- d-----w C:\Program Files\coolpro2
2007-12-15 19:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Syntrillium
2007-09-22 05:13 5,760 ----a-w C:\Program Files\install.log
2007-09-06 08:45 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-07-16 02:06 444 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39A2AD75-3C40-4ABB-B818-9ACF5225EBEE}]
C:\WINDOWS\system32\vtstr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4AC4EB7-6AA3-404E-8C9E-FA606F501F53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2dcf746-1dd1-11b2-865a-b7f705720c44}]
C:\WINDOWS\gdqfidcn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1C1F028-7E28-4A2C-BB5B-AA1299E132B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e1e1d659-023d-45f0-80cf-aca196c9e5a5}]
C:\WINDOWS\system32\lvumvuvn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BurnWin"= {C145CF11-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\system32\apiuser32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqpm]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B PCI Adapter Utility.lnk]
backup=C:\WINDOWS\pss\Wireless-B PCI Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 09:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-06-23 10:24 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 18:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 04:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 22:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 18:24 14408 C:\Program Files\Common Files\AOL\1147405014\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 15:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McLogLch_exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 06:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-12-09 19:44 139264 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-05 17:35 25370152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 11:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McSysmon"=2 (0x2)
"McRedirector"=2 (0x2)
"McrdSvc"=2 (0x2)
"McProxy"=2 (0x2)
"McNASvc"=2 (0x2)
"McLogManagerService"=2 (0x2)
"Emproxy"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"iPod Service"=3 (0x3)
"ERSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"Steam"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
"HostManager"=C:\Program Files\Common Files\AOL\1147405014\ee\AOLSoftware.exe
"CHotkey"=zHotkey.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SkyTel"=SkyTel.EXE

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-02-13 01:50]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-13 20:42]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-02-13 20:42]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-10 13:00]
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8cfe751-e165-11da-bc74-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 17:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 08:00:00 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 15:48:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-02-15 15:54:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 21:54:06
ComboFix2.txt 2008-02-14 04:32:27
ComboFix3.txt 2008-02-14 03:01:12
ComboFix4.txt 2008-02-13 08:08:35
.
2008-02-14 13:03:51 --- E O F ---
This is all foreign language to me so maybe someone else will have better luck with it.



Someone please tell me that can assist me with removing these viruses
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top