Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New Log-Please help-ran combofix


  • This topic is locked This topic is locked

#1
bones 5

bones 5

    New Member

  • Member
  • Pip
  • 5 posts
ComboFix 08-02.01.1 - Tim Burke 2008-01-31 9:05:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.637 [GMT -8:00]
Running from: C:\Documents and Settings\Tim Burke\Local Settings\Temporary Internet Files\Content.IE5\KPABW9QF\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtuuuss.dll
C:\Documents and Settings\Tim Burke\My Documents\MCROSO~1.NET
C:\Program Files\Common Files\asks~1
C:\Program Files\Temporary
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\bynqhfee.dll
C:\WINDOWS\system32\dluefhdu.dll
C:\WINDOWS\SYSTEM32\eefhqnyb.ini
C:\WINDOWS\system32\ljjkifd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\rtutv.ini
C:\WINDOWS\SYSTEM32\rtutv.ini2
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtuuuss.dll
C:\WINDOWS\system32\xxyvvss.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-29 19:55 . 2008-01-29 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 14:25 . 2008-01-29 14:25 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-29 14:25 . 2008-01-29 14:25 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-29 14:22 . 2008-01-29 14:22 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-29 14:21 . 2008-01-29 14:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-01-29 14:21 . 2008-01-29 14:21 <DIR> d-------- C:\Temp\cXzz9
2008-01-29 14:21 . 2008-01-29 14:21 <DIR> d-------- C:\Temp
2008-01-15 12:26 . 2008-01-15 12:26 <DIR> d-------- C:\Documents and Settings\Tim Burke\Application Data\Apple Computer
2008-01-15 12:25 . 2008-01-28 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 12:25 . 2008-01-15 12:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 12:23 . 2008-01-15 12:23 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-15 12:23 . 2008-01-15 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 12:23 . 2008-01-15 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 03:55 --------- d-----w C:\Program Files\Lavasoft
2008-01-30 03:55 --------- d-----w C:\Documents and Settings\Tim Burke\Application Data\Lavasoft
2008-01-30 03:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 20:24 --------- d-----w C:\Program Files\QuickTime
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2005-07-06 11:32 483,401 ----a-w C:\Documents and Settings\Tim Burke\gotomypc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-7173706D1316}]
C:\WINDOWS\System32\spm1316.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 13:08 1511453]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 14:45 313472]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20 50528]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-08 09:35 4800512]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 10:28 684032]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 05:59 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

C:\Documents and Settings\Tim Burke\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48 462848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]
Start Guardian.lnk - C:\TT\Guardian\GuardianStart.exe [2005-03-16 18:59:29 90112]

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 02:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 02:31]
R2 GuardianCtrl;TT GuardianCtrl;c:\tt\guardian\guardianctrl.exe [2004-10-08 11:14]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 11:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 11:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 11:12]
S3 Guardian;TT Guardian;c:\tt\guardian\guardian.exe [2004-10-08 11:12]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe [2002-08-29 03:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 01:40:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 09:12:35
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinVNC4]
"ImagePath"="\"C:\Program Files\RealVNC\VNC4\WinVNC4.exe\" -log \"*:EventLog:0\" -log Connections:EventLog:100 -service "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\NavNT\defwatch.exe
c:\tt\guardian\guardianctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-02-01 9:13:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 17:13:50
  • 0

Advertisements


#2
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
You have already posted your log here.

This topic is now closed.

Thunderbird1988
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP