Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Company Computer is on the fritz


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ccochr3

Ccochr3

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 18 February 2009 - 10:04 AM

Hello,

I have a few questions that hopefully someone can help with.

1. I recently moved into a new apartment and have no internet service yet, so I have been connecting to someone's wireless network. It seems that all of the problems listed below have only started to happen now that I am on this wireless connection. is there any reason for that?

2. Ok, now since I have been in the new apartment Virtumond, TinyBar.C, And Smitfraud have all been showing up on spybot -S&D. I got rid of Virtumond with combofix but i cant get rid of the others. How should I go about doing that?

3. Some symptoms my computer has been showing are (1. When I search something on google and then click on one of the links it brings up I will get redirected to some random site that wont let me go back to google. 2. My Mcafee security center will randomly turn off its virus protection and I will have to press the fix button to turn it back on. however When in safe mode mcafee says all of its components are in critical condition but when i press the fix button it says it cant be fixed because of an error. 3. I will randomly get window pop up errors on my screen and an "about blank" screen always seems to pop up

if you guys could give me some advice on this that would be great, thanks

BC AdBot (Login to Remove)

 


#2 Ccochr3

Ccochr3
  • Topic Starter

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 18 February 2009 - 11:04 AM

just ran sypbot again and now i have 3 entries of virtumond 1 entry of smitfraud-c and 4 entries of tinybar.c . It seems to be getting worse can anyone help me

#3 Ccochr3

Ccochr3
  • Topic Starter

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 18 February 2009 - 12:39 PM

Just ran combo fix again here is my log. Also after i finished running combo fix i ran sbybod SD again and this time it found 1 virtumond 1 smitfraud-c and 4 tinybar.c

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\phqghume.sys
c:\windows\system32\UwENUvut.ini
c:\windows\system32\UwENUvut.ini2

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-17 07:10 . 2009-02-17 07:10 47,616 --a------ c:\windows\system32\tuvsQKbY.dll
2009-02-12 23:17 . 2009-02-12 23:17 <DIR> d-------- c:\temp\sTMP3
2009-02-12 23:17 . 2009-02-12 23:17 <DIR> d-------- C:\Temp
2009-02-12 23:16 . 2009-02-18 09:30 4,384 --a------ c:\windows\ikcdhiwm
2009-02-03 14:10 . 2009-02-03 14:10 <DIR> d-------- c:\documents and settings\SGRMUser1\New Folder
2009-02-02 12:23 . 2009-02-02 12:23 <DIR> d-------- c:\windows\SchCache
2009-01-29 16:20 . 2009-01-29 16:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AT&T
2009-01-29 15:44 . 2009-01-29 15:44 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\acccore
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Viewpoint
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\uTorrent
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Sierra Wireless
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\OutlookAutologin
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\LimeWire
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\ICAClient
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Dell
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\DBUpdater
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\CyberLink
2009-01-29 15:42 . 2009-01-29 15:42 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Azureus
2009-01-29 15:42 . 2009-01-29 15:44 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Apple Computer
2009-01-29 15:40 . 2009-01-29 15:40 <DIR> d-------- c:\program files\Microsoft Windows Small Business Server
2009-01-29 15:40 . 2009-01-29 15:40 <DIR> d-------- c:\documents and settings\scoplin\Application Data\AT&T
2009-01-29 15:38 . 2008-04-01 00:28 <DIR> d-------- c:\documents and settings\scoplin\Application Data\Wave Systems Corp
2009-01-29 15:38 . 2008-04-01 00:16 <DIR> d-------- c:\documents and settings\scoplin\Application Data\Logitech
2009-01-29 15:38 . 2008-04-01 00:16 <DIR> d-------- c:\documents and settings\scoplin\Application Data\InstallShield
2009-01-29 15:38 . 2009-01-29 15:38 <DIR> d-------- c:\documents and settings\scoplin
2009-01-29 15:36 . 2009-01-29 15:36 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\AT&T
2009-01-29 15:32 . 2008-04-01 00:28 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Wave Systems Corp
2009-01-29 15:32 . 2008-04-01 00:16 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\Logitech
2009-01-29 15:32 . 2008-04-01 00:16 <DIR> d-------- c:\documents and settings\chriscochran\Application Data\InstallShield
2009-01-29 15:32 . 2009-02-06 10:39 <DIR> d-------- c:\documents and settings\chriscochran
2009-01-28 08:49 . 2009-01-28 08:49 <DIR> d-------- c:\windows\system32\scripting
2009-01-28 08:49 . 2009-01-28 08:49 <DIR> d-------- c:\windows\system32\en
2009-01-28 08:49 . 2009-01-28 08:49 <DIR> d-------- c:\windows\system32\bits
2009-01-28 08:49 . 2009-01-28 08:49 <DIR> d-------- c:\windows\l2schemas
2009-01-28 08:46 . 2009-01-28 08:49 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-27 16:31 . 2009-02-13 11:45 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-27 16:31 . 2009-01-27 16:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-14 20:54 --------- d-----w c:\program files\McAfee
2009-02-13 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-13 19:41 --------- d-----w c:\program files\Lavasoft
2009-02-13 19:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-27 04:15 --------- d-----w c:\documents and settings\SGRMUser1\Application Data\uTorrent
2009-01-17 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-16 14:45 --------- d-----w c:\documents and settings\SGRMUser1\Application Data\Viewpoint
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-09-02 12:52 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( snapshot@2009-02-13_10.17.35.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-02-13 16:00:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-18 13:31:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-13 16:00:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-18 13:31:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-13 16:00:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-18 13:31:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-04 20:14:56 6,272 ----a-w c:\windows\system32\drivers\AWRTPD.sys
+ 2008-04-29 17:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
- 2007-06-04 20:17:02 8,320 ----a-w c:\windows\system32\drivers\AWRTRD.sys
+ 2008-04-29 17:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
- 2007-06-04 20:18:48 9,344 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-04-29 17:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2007-04-13 20:19:52 7,680 ----a-w c:\windows\system32\lsdelete.exe
+ 2008-05-16 17:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2009-02-03 19:32:35 168,838 ----a-w c:\windows\system32\nvModes.dat
+ 2009-02-18 13:40:57 55,602 ----a-w c:\windows\system32\nvModes.dat
- 2009-02-13 15:52:47 65,446 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-18 13:37:20 65,446 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-13 15:52:47 411,142 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-18 13:37:20 411,142 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-02-17 07:10 47616 --a------ c:\windows\system32\tuvsQKbY.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-02 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-01 33280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NVHotkey"="nvHotkey.dll" [2007-05-31 c:\windows\system32\nvhotkey.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-01 50688]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-04-01 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\tuvsQKbY.dll" [2009-02-17 47616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 14:20 73728 c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsQKbY]
2009-02-17 07:10 47616 c:\windows\system32\tuvsQKbY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zbombk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2008-07-16 140184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-24 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-08-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
S0 aylnlfdx;aylnlfdx;c:\windows\system32\drivers\phqghume.sys --> c:\windows\system32\drivers\phqghume.sys [?]
S0 btyiyyhq;btyiyyhq;c:\windows\system32\drivers\qknkbhed.sys --> c:\windows\system32\drivers\qknkbhed.sys [?]
S0 ikcdhiwm;ikcdhiwm;c:\windows\system32\drivers\tbikjzzb.sys []
S0 infozite;infozite;c:\windows\system32\drivers\aqphhssy.sys --> c:\windows\system32\drivers\aqphhssy.sys [?]
S0 jfaiepdc;jfaiepdc;c:\windows\system32\drivers\vymyslhb.sys --> c:\windows\system32\drivers\vymyslhb.sys [?]
S0 nqqylwdg;nqqylwdg;c:\windows\system32\drivers\genbvkui.sys --> c:\windows\system32\drivers\genbvkui.sys [?]
S0 orugsmxk;orugsmxk;c:\windows\system32\drivers\luhxfxkg.sys --> c:\windows\system32\drivers\luhxfxkg.sys [?]
S0 rcdikllc;rcdikllc;c:\windows\system32\drivers\lmgpwnus.sys --> c:\windows\system32\drivers\lmgpwnus.sys [?]
S0 rdyfckhk;rdyfckhk;c:\windows\system32\drivers\jdrzthbd.sys --> c:\windows\system32\drivers\jdrzthbd.sys [?]
S0 xxhovdsz;xxhovdsz;c:\windows\system32\drivers\bntvxilg.sys --> c:\windows\system32\drivers\bntvxilg.sys [?]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-03-06 106496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-01 29744]
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080401
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
FF - ProfilePath - c:\documents and settings\chriscochran\Application Data\Mozilla\Firefox\Profiles\xg1ipxeu.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 09:32:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\tbikjzzb.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\bmnet.dll
c:\windows\system32\tuvsQKbY.dll

- - - - - - - > 'lsass.exe'(1276)
c:\windows\system32\bmnet.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bmwebcfg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\stacsv.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-18 9:37:04 - machine was rebooted [chriscochran]
ComboFix-quarantined-files.txt 2009-02-18 15:37:00
ComboFix2.txt 2009-02-17 18:21:19
ComboFix3.txt 2009-02-17 17:47:42
ComboFix4.txt 2009-01-27 17:29:19
ComboFix5.txt 2009-02-18 15:25:10

Pre-Run: 72,552,222,720 bytes free
Post-Run: 72,621,969,408 bytes free

288 --- E O F --- 2009-01-29 14:48:04

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:35 PM

Posted 18 February 2009 - 05:46 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results. Post these in our Am I Infected forum:
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users