Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did I Get It?


  • This topic is locked This topic is locked
1 reply to this topic

#1 langleyonline

langleyonline

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 May 2008 - 08:39 AM

I was infected with Virtumonde and/or Vundo. It SUCKED!!! I would like to know if I got this dang thing or not. Could you check it out and let me know?

Billy

ComboFix 08-05-20.4 - billy 2008-05-21 2:03:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT -4:00]
Running from: C:\Documents and Settings\billy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\billy\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\CPV
C:\Program Files\CPV\CPV8.dll
C:\Program Files\Temporary
C:\WINDOWS\BMb3bd1d00.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aadghjlm.ini
C:\WINDOWS\system32\aadghjlm.ini2
C:\WINDOWS\system32\apgwjxsu.ini
C:\WINDOWS\system32\apyjqius.ini
C:\WINDOWS\system32\arnwiumd.ini
C:\WINDOWS\system32\bjfcmnsx.ini
C:\WINDOWS\system32\bndalbbd.ini
C:\WINDOWS\system32\cehhhkkj.ini
C:\WINDOWS\system32\cehhhkkj.ini2
C:\WINDOWS\system32\cfihjmoq.ini
C:\WINDOWS\system32\cfihjmoq.ini2
C:\WINDOWS\system32\cxbgqttk.ini
C:\WINDOWS\system32\ddedcccf.ini
C:\WINDOWS\system32\ddedcccf.ini2
C:\WINDOWS\system32\dfynqnnn.ini
C:\WINDOWS\system32\dpcdkryw.ini
C:\WINDOWS\system32\dpcdkryw.ini2
C:\WINDOWS\system32\dpcdkryw.tmp
C:\WINDOWS\system32\dwiflbeo.ini
C:\WINDOWS\system32\exyosybt.ini
C:\WINDOWS\system32\fccdcaw.dll
C:\WINDOWS\system32\fdknbymy.ini
C:\WINDOWS\system32\feelyjgd.ini
C:\WINDOWS\system32\fefikkkj.ini
C:\WINDOWS\system32\fefikkkj.ini2
C:\WINDOWS\system32\fhpvahht.ini
C:\WINDOWS\system32\fobgeuaf.ini
C:\WINDOWS\system32\gebywurs.dll
C:\WINDOWS\system32\ghrkupcc.ini
C:\WINDOWS\system32\gksdkhqs.dll
C:\WINDOWS\system32\gtwpcpud.ini
C:\WINDOWS\system32\igxjfsfe.ini
C:\WINDOWS\system32\ihhhjjjl.ini
C:\WINDOWS\system32\ihhhjjjl.ini2
C:\WINDOWS\system32\iktlwtrf.ini
C:\WINDOWS\system32\iqskwxpr.ini
C:\WINDOWS\system32\jcsufpiy.ini
C:\WINDOWS\system32\jikmp.ini
C:\WINDOWS\system32\jikmp.ini2
C:\WINDOWS\system32\jkjlnmoq.ini
C:\WINDOWS\system32\jkjlnmoq.ini2
C:\WINDOWS\system32\jwvqkmxa.ini
C:\WINDOWS\system32\kjkmnnpo.ini
C:\WINDOWS\system32\kjkmnnpo.ini2
C:\WINDOWS\system32\kycdnabd.dll
C:\WINDOWS\system32\liqjvsgd.ini2
C:\WINDOWS\system32\liqjvsgd.tmp
C:\WINDOWS\system32\llnajcab.dll
C:\WINDOWS\system32\mafxesjf.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\naxbqiqt.ini
C:\WINDOWS\system32\ngngermi.ini
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nihnjlov.ini
C:\WINDOWS\system32\npopsvut.ini
C:\WINDOWS\system32\npopsvut.ini2
C:\WINDOWS\system32\nvhifhce.ini
C:\WINDOWS\system32\pabrrdlx.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qhomsulm.ini
C:\WINDOWS\system32\qtwwwvut.ini
C:\WINDOWS\system32\qtwwwvut.ini2
C:\WINDOWS\system32\riaguksk.ini
C:\WINDOWS\system32\rjvothnl.ini
C:\WINDOWS\system32\rrbbnmcu.ini
C:\WINDOWS\system32\skxgtoao.ini
C:\WINDOWS\system32\sqhkdskg.ini
C:\WINDOWS\system32\sruwybeg.ini
C:\WINDOWS\system32\sruwybeg.ini2
C:\WINDOWS\system32\ssrrtutv.ini
C:\WINDOWS\system32\ssrrtutv.ini2
C:\WINDOWS\system32\twvutvut.ini
C:\WINDOWS\system32\twvutvut.ini2
C:\WINDOWS\system32\usflxifb.ini
C:\WINDOWS\system32\uuuvxbeg.ini
C:\WINDOWS\system32\uuuvxbeg.ini2
C:\WINDOWS\system32\vdldghhw.ini
C:\WINDOWS\system32\vwffruhe.ini
C:\WINDOWS\system32\wgkdbmik.ini
C:\WINDOWS\system32\wyrmusxr.ini
C:\WINDOWS\system32\xlyymmhe.ini
C:\WINDOWS\system32\yayvWoNH.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-21 01:46 . 2008-05-21 01:46 2,624 --a------ C:\WINDOWS\system32\hvffqqyb.exe
2008-05-13 12:22 . 2008-05-13 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-05-13 12:22 . 2008-05-13 12:22 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-05-13 12:22 . 2008-05-13 12:22 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-13 12:22 . 2008-05-13 12:22 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-13 12:22 . 2008-05-13 12:22 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-13 12:22 . 2008-05-13 12:22 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-05-13 12:22 . 2008-05-13 12:22 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-13 12:22 . 2008-05-13 12:22 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-05-13 12:22 . 2008-05-13 12:22 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-13 09:02 . 2008-05-21 01:28 <DIR> d-------- C:\VundoFix Backups
2008-05-06 16:30 . 2008-05-06 16:30 <DIR> d-------- C:\Documents and Settings\billy\Application Data\CyberLink
2008-04-29 09:22 . 2008-04-29 09:22 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-04-29 08:57 . 2008-04-29 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-29 00:30 . 2008-04-29 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-28 16:26 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-28 16:26 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-28 15:39 . 2008-04-28 15:39 <DIR> d-------- C:\Program Files\Bonjour
2008-04-28 15:12 . 2008-04-28 15:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 10:18 . 2008-04-25 10:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 10:18 . 2008-04-25 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 10:13 . 2008-04-25 10:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 23:44 . 2003-07-04 05:05 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-04-24 19:25 . 2008-05-17 22:34 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-04-24 16:39 . 2008-05-12 00:22 2,965 --a------ C:\WINDOWS\wininit.ini
2008-04-24 15:31 . 2008-04-24 15:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 15:31 . 2008-04-24 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 12:00 . 2008-04-24 12:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 12:00 . 2008-04-24 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 11:59 . 2008-04-24 11:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 00:06 . 2008-05-20 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 23:11 --------- d-----w C:\Documents and Settings\billy\Application Data\DNA
2008-05-13 12:55 --------- d-----w C:\Documents and Settings\billy\Application Data\BitTorrent
2008-04-29 13:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-25 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 03:55 --------- d-----w C:\Program Files\Winamp Remote
2008-04-24 19:13 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-24 18:07 --------- d-----w C:\Program Files\Dot1XCfg
2008-04-24 04:06 --------- d-----w C:\Program Files\Google
2008-04-20 03:33 --------- d-----w C:\Program Files\Apple Software Update
2008-04-19 06:19 --------- d-----w C:\Program Files\DNA
2008-04-19 06:19 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-04-19 06:19 --------- d-----w C:\Documents and Settings\billy\Application Data\BitTorrent DNA
2008-04-19 04:19 34,099 ----a-w C:\WINDOWS\system32\tuvurqpo.dll
2008-04-19 04:15 34,099 ----a-w C:\WINDOWS\system32\cbxvtsqq.dll
2008-04-14 04:34 --------- d-----w C:\Documents and Settings\billy\Application Data\Media Player Classic
2008-04-14 04:28 --------- d-----w C:\Program Files\iTunes
2008-04-10 15:35 --------- d-----w C:\Program Files\iPod
2008-04-10 15:31 --------- d-----w C:\Program Files\QuickTime
2008-04-05 16:17 --------- d-----w C:\Documents and Settings\billy\Application Data\gtk-2.0
2008-03-27 03:34 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-03-21 02:28 --------- d-----w C:\Documents and Settings\billy\Application Data\Move Networks
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-10 22:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14C7170C-06CC-45E5-A556-D6A80006544F}]
C:\WINDOWS\system32\khfeddcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
2008-04-19 00:15 34099 --a------ C:\WINDOWS\system32\cbxvtsqq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 19:33 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28 85744]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 32768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-24 21:54 118784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 13:42 48752]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:43 57344]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 11:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 11:47 688218]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-24 21:54 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Google Updater.lnk.disabled [2008-04-24 00:06:15 920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\cbxvtsqq.dll [2008-04-19 00:15 34099]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvtsqq]
cbxvtsqq.dll 2008-04-19 00:15 34099 C:\WINDOWS\system32\cbxvtsqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrspqq]
rqrspqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= RDDV1045.DLL
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-11 22:26 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 16:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-25 19:33 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-04 15:00 143360 C:\WINDOWS\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMb3bd1d00"=Rundll32.exe "C:\WINDOWS\system32\wpuwauec.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Kuma Games\\KumaClientNet.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\CrossTec\\CrossTec Remote Control\\client32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 09:22]
R2 NetSupport DNA Client;CrossTec EMS Client;C:\Program Files\CrossTec EMS\EMS\Client\DNAClient.exe [2007-02-20 19:01]
R3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys [2007-10-14 12:08]
S3 RDID1009;EDIROL UM-1;C:\WINDOWS\system32\Drivers\rdwm1009.sys [2005-06-03 14:36]
S3 RDID1045;Roland FANTOM-X;C:\WINDOWS\system32\Drivers\RDWM1045.SYS [2004-01-20 09:57]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2007-10-03 15:20]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 17:53:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-02-06 16:43:31 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 02:20:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbxvtsqq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CrossTec\CROSST~1\client32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-05-21 2:40:33 - machine was rebooted [billy]
ComboFix-quarantined-files.txt 2008-05-21 06:39:19

Pre-Run: 3,834,077,184 bytes free
Post-Run: 4,709,949,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

309 --- E O F --- 2008-04-19 06:13:24

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 21 May 2008 - 10:12 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users