Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix.txt


  • This topic is locked This topic is locked
1 reply to this topic

#1 Markman413

Markman413

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 13 May 2008 - 10:49 AM

Hey guys! I'm in desparate help to remove this virus. I've done my research and this one looks legit out of all of them. I am posting my ComboFix.txt here and looking for answer on how to remove the Virtumonde Virus I've acquired (I'm not sure where!). I've tried removing this virus and even reformatted my PC, but guess what? It never got deleted so I'm putting my hands down to this virus. It's really not that bad its more of a nuissance getting pop-ups of porn sites all the time! Not that I'm complaining but it gets in my nerve when I'm trying to install or access the internet. Sometimes I get hit with a lot of pop-ups, atleast once per day that it freezes my PC up and restarts by itself. So, pls help!! below is my ComboFix.txt after running the ComboFix.exe program. Thanks and I hope to hear from someone soon!



ComboFix 08-05-12.1 - markm 2008-05-13 11:11:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.584 [GMT -4:00]
Running from: C:\Documents and Settings\markm\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXNheCu.dll
C:\WINDOWS\system32\iijSrXyb.ini
C:\WINDOWS\system32\iijSrXyb.ini2
C:\WINDOWS\system32\KQYcffhk.ini
C:\WINDOWS\system32\KQYcffhk.ini2
C:\WINDOWS\system32\pfgtshor.ini
C:\WINDOWS\system32\uhifiacw.ini
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 09:02 . 2008-05-13 09:02 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-05-13 09:02 . 2008-05-13 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-05-13 09:01 . 2008-05-13 09:03 <DIR> d-------- C:\Program Files\Winamp Remote
2008-05-13 09:01 . 2008-05-13 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-13 08:57 . 2008-05-13 09:02 <DIR> d-------- C:\Program Files\Winamp
2008-05-13 08:57 . 2008-05-13 10:31 <DIR> d-------- C:\Documents and Settings\markm\Application Data\Winamp
2008-05-13 08:53 . 2008-05-13 08:53 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 14:54 . 2008-05-12 14:54 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-05-12 14:53 . 2008-05-12 14:53 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2008-05-12 10:39 . 2008-05-12 10:39 90,688 --------- C:\WINDOWS\system32\rohstgfp.dll_old
2008-05-12 10:33 . 2008-05-12 10:33 2,112 --a------ C:\WINDOWS\system32\nwkpjvgb.exe
2008-05-12 10:30 . 2008-05-12 10:30 276,992 --a------ C:\WINDOWS\system32\byXrSjii.dll_old
2008-05-12 10:30 . 2008-05-12 10:30 100,416 --a------ C:\WINDOWS\system32\bpqkbpeg.dll_old
2008-05-09 16:53 . 2008-05-13 09:33 616 --a------ C:\WINDOWS\wininit.ini
2008-05-09 16:29 . 2008-05-09 16:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-09 16:29 . 2008-05-09 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-09 16:07 . 2008-05-09 16:07 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-09 09:40 . 2008-05-09 09:40 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-09 09:40 . 2008-05-13 11:09 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-09 03:50 . 2008-05-09 03:50 2,112 --a------ C:\WINDOWS\system32\whvhstqo.exe
2008-05-09 03:48 . 2008-05-13 08:12 109,850 --a------ C:\WINDOWS\BM9719bdf2.xml
2008-05-08 16:02 . 2008-05-08 16:02 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-08 15:20 . 2008-05-08 15:36 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-08 15:19 . 2006-06-30 16:10 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-05-08 14:54 . 2008-05-08 14:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-08 14:52 . 2008-05-08 14:52 <DIR> d-------- C:\Program Files\Iomega
2008-05-08 14:42 . 2008-05-08 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-08 14:42 . 2008-04-30 18:08 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-08 14:42 . 2008-04-30 18:08 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-08 14:42 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-05-08 14:42 . 2008-04-30 18:08 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-05-08 14:42 . 2008-05-08 14:42 1,024 --a------ C:\.rnd
2008-05-08 14:41 . 2008-05-13 07:27 <DIR> d-------- C:\Program Files\LogMeIn
2008-05-08 14:38 . 2005-08-04 22:19 135,168 --a------ C:\WINDOWS\system32\SNMP_PP.DLL
2008-05-08 14:30 . 2008-05-08 14:30 <DIR> d-------- C:\WINDOWS\SchCache
2008-05-08 14:19 . 2008-05-08 14:19 <DIR> d-------- C:\Program Files\RealVNC
2008-05-08 14:10 . 2008-05-08 14:10 <DIR> d-------- C:\Program Files\COMPAQ
2008-05-08 14:09 . 2008-05-08 14:09 0 --a------ C:\WINDOWS\vpc32.INI
2008-05-08 14:05 . 2008-05-08 14:05 <DIR> d-------- C:\Documents and Settings\markm\Application Data\Symantec
2008-05-08 13:53 . 2008-04-30 10:07 2,146,949 --a------ C:\WINDOWS\bora me&boo_bigfile.JPG
2008-05-08 13:06 . 2003-04-16 08:00 50,520 --a------ C:\WINDOWS\system32\SP35300.SYS
2008-05-08 13:05 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP33681.SYS
2008-05-08 13:05 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP33680.SYS
2008-05-08 13:05 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP33077.SYS
2008-05-08 13:05 . 2003-04-16 08:00 50,520 --a------ C:\WINDOWS\system32\SP32388.SYS
2008-05-08 13:05 . 2003-04-16 08:00 50,520 --a------ C:\WINDOWS\system32\SP32387.SYS
2008-05-08 13:04 . 2003-04-16 08:00 50,520 --a------ C:\WINDOWS\system32\SP32385.SYS
2008-05-08 13:04 . 2001-09-26 15:17 50,520 --a------ C:\WINDOWS\system32\SP32340.SYS
2008-05-08 13:04 . 2003-04-16 09:00 50,520 --a------ C:\WINDOWS\system32\SP30925.SYS
2008-05-08 13:03 . 2008-05-08 13:03 <DIR> d-------- C:\Program Files\HP Secure II software program
2008-05-08 13:02 . 2008-05-08 13:03 <DIR> d-------- C:\Program Files\HPQ
2008-05-08 12:56 . 2008-05-08 12:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-08 12:56 . 2008-05-08 12:56 <DIR> d-------- C:\Program Files\AMD
2008-05-08 12:56 . 2008-05-08 12:56 <DIR> d-------- C:\Documents and Settings\markm\Application Data\InstallShield
2008-05-08 12:56 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-08 12:54 . 2008-05-08 12:54 <DIR> d-------- C:\BIOSTools
2008-05-08 12:54 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-05-08 12:49 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-08 12:49 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-08 12:49 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-08 12:49 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-08 12:49 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-08 12:49 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-08 12:49 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-08 12:49 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-08 12:49 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-08 12:48 . 2008-05-08 12:48 <DIR> d-------- C:\Program Files\ATI Technologies
2008-05-08 12:48 . 2008-05-08 12:52 967 --a------ C:\WINDOWS\ATICIM.INI
2008-05-08 12:45 . 2008-05-08 12:46 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-05-08 12:45 . 2008-05-08 12:45 <DIR> d-------- C:\Program Files\Realtek
2008-05-08 12:45 . 2008-05-08 14:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 12:45 . 2008-05-08 12:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-08 12:34 . 2008-05-08 12:34 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-08 12:34 . 2008-05-08 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-08 12:30 . 2008-05-08 12:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-08 11:56 . 2008-05-08 11:56 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-08 11:49 . 2008-05-08 11:49 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-08 11:49 . 2008-05-08 11:49 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-08 11:49 . 2008-05-08 11:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 11:37 . 2008-04-13 20:11 233,472 --a------ C:\WINDOWS\system32\azroles.dll
2008-05-08 11:37 . 2008-04-13 20:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-05-08 11:37 . 2008-04-13 13:23 8,192 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll
2008-05-08 11:37 . 2008-04-13 20:11 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-05-08 11:37 . 2001-08-23 08:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-05-08 11:23 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-08 11:23 . 2008-05-08 11:23 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-08 11:21 . 2008-05-08 11:21 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-08 11:21 . 2008-05-08 11:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-08 11:21 . 2008-05-08 11:21 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-08 11:20 . 2008-05-08 11:21 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-08 11:20 . 2008-05-08 15:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-08 11:12 . 2008-05-08 11:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-08 11:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-08 11:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 06:03 . 2008-04-13 14:40 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-05-08 06:03 . 2001-08-17 09:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-05-08 06:02 . 2004-08-04 01:31 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2008-05-08 06:01 . 2008-04-13 20:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-30 18:08 . 2008-04-30 18:08 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll
2008-04-30 18:08 . 2008-04-30 18:08 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 15:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-09 20:53 --------- d-----w C:\Program Files\Symantec
2008-05-08 14:22 --------- d-----w C:\Program Files\HP
2008-05-08 14:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 18:39 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-19 18:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78B30B63-1EA0-4B9D-B1F1-804BF7E1CD94}]
C:\WINDOWS\system32\byXrSjii.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF911800-C560-47F6-AD8A-7DC17D970853}]
C:\WINDOWS\system32\khffcYQK.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-19 18:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk.disabled [2008-05-13 11:07:43 2337]
Adobe Acrobat Synchronizer.lnk.disabled [2008-05-08 12:32:38 1800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"942a8e6e"=rundll32.exe "C:\WINDOWS\system32\rohstgfp.dll",b
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"BM9719bdf2"=Rundll32.exe "C:\WINDOWS\system32\bpqkbpeg.dll",s
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
"SetRefresh"=C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
"WD Button Manager"=WDBtnMgr.exe
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 21:16]
S3 DualCoreCenter;DualCoreCenter;C:\BIOSTOOLS\NTGLM7X.sys [2007-01-10 15:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 15:10:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 11:16:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealVNC\VNC4\winvnc4.exe
.
**************************************************************************
.
Completion time: 2008-05-13 11:17:39 - machine was rebooted [markm]
ComboFix-quarantined-files.txt 2008-05-13 15:17:36

Pre-Run: 70,668,746,752 bytes free
Post-Run: 70,623,707,136 bytes free

319 --- E O F --- 2008-05-08 16:50:02

BC AdBot (Login to Remove)

 


m

#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:43 PM

Posted 13 May 2008 - 12:12 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users