Tr/Vundo.Gen2 slowing down my computer~ no scan works

View previous topic View next topic Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by Belahzur on 9th October 2009, 4:58 pm

Hello.
Can you re-run Combofix now please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by stumped on 9th October 2009, 6:35 pm

ComboFix 09-10-08.04 - Kelner 10/09/2009 13:12.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.224 [GMT -4:00]
Running from: c:\documents and settings\Kelner\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pepibega.dll
c:\windows\system32\yevilido.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.

2009-10-09 14:35 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 14:35 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 01:42 . 2009-10-09 11:55 -------- dc----w- C:\Malwarebytes' Anti-Malware.12
2009-10-09 01:40 . 2009-10-09 01:40 -------- dc----w- C:\Malwarebytes' Anti-Malware
2009-10-08 10:41 . 2009-10-09 01:47 -------- dc----w- C:\Combo-Fix
2009-10-06 14:17 . 2009-10-09 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:00 . 2009-10-05 18:00 -------- d-----w- c:\program files\Trend Micro
2009-10-03 13:22 . 2009-10-03 13:22 -------- d-sh--w- c:\documents and settings\Hayden\IETldCache
2009-09-25 19:12 . 2009-09-25 19:12 -------- d-sh--w- c:\documents and settings\Kelner\PrivacIE
2009-09-25 19:11 . 2009-09-25 19:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-25 19:10 . 2009-09-25 19:10 -------- d-sh--w- c:\documents and settings\Kelner\IETldCache
2009-09-25 19:07 . 2009-10-04 14:53 -------- d-----w- c:\windows\ie8updates
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 19:02 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-25 19:02 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-25 19:02 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-25 18:42 . 2009-10-09 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-23 19:08 . 2009-10-09 17:21 -------- d-----w- c:\documents and settings\Kelner\Application Data\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----r- c:\program files\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 16:46 . 2008-09-09 16:05 10752 ----a-w- c:\windows\DCEBoot.exe
2009-09-09 23:01 . 2007-02-27 22:49 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\MSBuild
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2005-09-06 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-09-06 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-09-06 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-09-06 20:47 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-09-06 23:34 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-09-06 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-08-17 17:22 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-09-06 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 11:38 . 2009-04-08 19:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 11:52 . 2009-07-09 11:52 1011208 --sha-w- c:\windows\system32\dakeriyo.exe
2009-07-05 11:49 . 2009-07-05 11:49 50176 --sha-w- c:\windows\system32\guyuzera.dll.tmp
2009-07-07 11:50 . 2009-07-07 11:50 88576 --sha-w- c:\windows\system32\kehutosu.dll
2009-07-05 11:48 . 2009-07-05 11:48 50176 --sha-w- c:\windows\system32\panasoba.dll
2009-07-06 23:50 . 2009-07-06 23:50 51712 --sha-w- c:\windows\system32\tenoheze.dll
2009-07-08 23:51 . 2009-07-08 23:51 1011755 --sha-w- c:\windows\system32\yemavema.exe
2009-07-06 11:49 . 2009-07-06 11:49 88064 --sha-w- c:\windows\system32\yibabofi.dll
2009-07-05 11:49 . 2009-07-05 11:49 50176 --sha-w- c:\windows\system32\yuworowe.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25626408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-08 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-18 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 805392]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-12-13 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-28 22:02 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2009 3:47 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [4/9/2008 2:54 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [4/9/2008 2:54 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [4/9/2008 2:54 PM 170368]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nkajjcgx
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {F9439391-4C64-4D24-AE0C-7AB90C0EAAB1} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Kelner\Application Data\Mozilla\Firefox\Profiles\cf1y00ci.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{5fe22e27-a8b3-4db2-86fb-bd8c2ce8366c} - morugawe.dll
SharedTaskScheduler-{f5b14c43-a965-4ddb-b904-1ffb43e34732} - c:\windows\system32\keneluga.dll
SSODL-zoniyifaz-{f5b14c43-a965-4ddb-b904-1ffb43e34732} - c:\windows\system32\keneluga.dll
AddRemove-HijackThis - c:\documents and settings\Kelner\Desktop\HijackThis.exe
AddRemove-netMarket - e:\netmarkt\netmarkt\setup.exe
AddRemove-Toddler - E:\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-09 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\progra~1\ALLTEL~1\SMARTB~1\SBHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-10-09 14:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 18:31

Pre-Run: 29,859,987,456 bytes free
Post-Run: 29,909,180,416 bytes free

181 --- E O F --- 2009-09-26 13:00

stumped
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28067
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by Belahzur on 9th October 2009, 8:11 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\dakeriyo.exe
    c:\windows\system32\guyuzera.dll.tmp
    c:\windows\system32\kehutosu.dll
    c:\windows\system32\panasoba.dll
    c:\windows\system32\tenoheze.dll
    c:\windows\system32\yemavema.exe
    c:\windows\system32\yibabofi.dll
    c:\windows\system32\yuworowe.dll.tmp

    NetSvc::
    nkajjcgx

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by stumped on 10th October 2009, 3:00 am

ComboFix 09-10-08.04 - Kelner 10/09/2009 22:36.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.229 [GMT -4:00]
Running from: c:\documents and settings\Kelner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kelner\Desktop\CFScript.txt,.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\dakeriyo.exe"
"c:\windows\system32\guyuzera.dll.tmp"
"c:\windows\system32\kehutosu.dll"
"c:\windows\system32\panasoba.dll"
"c:\windows\system32\tenoheze.dll"
"c:\windows\system32\yemavema.exe"
"c:\windows\system32\yibabofi.dll"
"c:\windows\system32\yuworowe.dll.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kehutosu.dll
c:\windows\system32\tenoheze.dll
c:\windows\system32\yibabofi.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-09 14:35 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 14:35 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 01:42 . 2009-10-09 11:55 -------- dc----w- C:\Malwarebytes' Anti-Malware.12
2009-10-09 01:40 . 2009-10-09 01:40 -------- dc----w- C:\Malwarebytes' Anti-Malware
2009-10-08 10:41 . 2009-10-09 01:47 -------- dc----w- C:\Combo-Fix
2009-10-06 14:17 . 2009-10-09 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:00 . 2009-10-05 18:00 -------- d-----w- c:\program files\Trend Micro
2009-10-03 13:22 . 2009-10-03 13:22 -------- d-sh--w- c:\documents and settings\Hayden\IETldCache
2009-09-25 19:12 . 2009-09-25 19:12 -------- d-sh--w- c:\documents and settings\Kelner\PrivacIE
2009-09-25 19:11 . 2009-09-25 19:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-25 19:10 . 2009-09-25 19:10 -------- d-sh--w- c:\documents and settings\Kelner\IETldCache
2009-09-25 19:07 . 2009-10-04 14:53 -------- d-----w- c:\windows\ie8updates
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 19:02 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-25 19:02 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-25 19:02 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-25 18:42 . 2009-10-09 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-23 19:08 . 2009-10-10 02:45 -------- d-----w- c:\documents and settings\Kelner\Application Data\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----r- c:\program files\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 16:46 . 2008-09-09 16:05 10752 ----a-w- c:\windows\DCEBoot.exe
2009-09-09 23:01 . 2007-02-27 22:49 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\MSBuild
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2005-09-06 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-09-06 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-09-06 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-09-06 20:47 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-09-06 23:34 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-09-06 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-08-17 17:22 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-09-06 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 11:38 . 2009-04-08 19:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-09 19:25 . 2009-10-09 19:25 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25626408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-08 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-18 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 805392]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-12-13 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-28 22:02 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2009 3:47 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [4/9/2008 2:54 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [4/9/2008 2:54 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [4/9/2008 2:54 PM 170368]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {F9439391-4C64-4D24-AE0C-7AB90C0EAAB1} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Kelner\Application Data\Mozilla\Firefox\Profiles\cf1y00ci.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-09 22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-10-10 22:50
ComboFix-quarantined-files.txt 2009-10-10 02:49
ComboFix2.txt 2009-10-09 18:31

Pre-Run: 29,848,027,136 bytes free
Post-Run: 29,838,110,720 bytes free

155 --- E O F --- 2009-09-26 13:00

stumped
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28067
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by stumped on 11th October 2009, 12:31 pm

bump.

stumped
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28067
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by Belahzur on 11th October 2009, 2:55 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Tr/Vundo.Gen2 slowing down my computer~ no scan works

Post by stumped on 12th October 2009, 12:33 am

After doing what you said above, our computer is back to normal. Thank you for your help.

stumped
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-04-07
OS OS : XP
Points Points : 28067
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum