Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help remove geBtUnml.dll win32/adware.virtumonde [RESOLVED]

Started by ashenvale , Jun 07 2008 06:28 AM

  • This topic is locked This topic is locked

#1
ashenvale
Posted 07 June 2008 - 06:28 AM

ashenvale

    New Member

  • Member
  • Pip
  • 2 posts
hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:00 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\geBtUnml.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM8fe13c83] Rundll32.exe "C:\WINDOWS\system32\kxthwkle.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212074025703
O20 - Winlogon Notify: geBtUnml - C:\WINDOWS\SYSTEM32\geBtUnml.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 3617 bytes



and here is the latest combofix log:

ComboFix 08-06-06.6 - Administrator 2008-06-07 17:56:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8fe13c83.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 16:16 . 2008-06-07 17:46 <DIR> d-------- C:\backups
2008-06-07 15:53 . 2008-06-07 16:04 <DIR> d-------- C:\WINDOWS\system32\rserver30
2008-06-05 10:10 . 2008-06-05 10:10 <DIR> d-------- C:\SmitfraudFix
2008-06-05 10:09 . 2008-06-05 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 01:38 . 2008-06-04 01:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 01:38 . 2008-06-05 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-01 13:08 . 2008-06-01 13:08 <DIR> d-------- C:\Program Files\ImTOO
2008-06-01 13:05 . 2008-06-01 13:05 57,344 --a------ C:\WINDOWS\system32\geBtUnml.dll
2008-06-01 11:33 . 2008-06-01 12:23 390 --a------ C:\app.cnt
2008-06-01 10:21 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-01 10:21 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-01 10:21 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-01 10:21 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-29 23:46 . 2008-05-29 23:48 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-29 23:42 . 2008-05-29 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-29 23:24 . 2008-05-29 23:24 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-29 23:24 . 2005-02-25 11:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-29 23:16 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-29 23:16 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-29 23:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-29 23:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-29 23:16 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-29 23:11 . 2008-05-29 23:11 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-05-29 00:26 . 2008-06-06 00:06 <DIR> d-------- C:\Program Files\mIRC
2008-05-29 00:26 . 2008-06-06 02:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-05-28 23:47 . 2008-06-05 10:09 <DIR> d-------- C:\Program Files\Google
2008-05-28 23:01 . 2008-05-28 23:01 <DIR> d-------- C:\Program Files\uTorrent
2008-05-28 23:00 . 2008-06-07 14:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-24 14:10 . 2008-05-24 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-05-24 14:07 . 2008-05-24 14:08 <DIR> d-------- C:\Gossip Girl
2008-05-24 12:51 . 2008-06-01 10:50 <DIR> dr------- C:\My Music
2008-05-24 12:49 . 2008-06-07 18:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 12:49 . 2008-05-24 12:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 12:30 . 2008-05-24 12:30 <DIR> d-------- C:\Program Files\iTunes
2008-05-24 12:30 . 2008-05-24 12:30 <DIR> d-------- C:\Program Files\iPod
2008-05-24 12:30 . 2008-05-24 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-24 12:29 . 2008-05-29 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-24 12:29 . 2008-05-24 12:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-24 12:29 . 2008-05-24 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 12:28 . 2008-05-24 12:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-24 12:28 . 2008-05-24 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-23 11:15 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-23 10:27 . 2008-05-23 10:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Eyeblaster
2008-05-23 10:24 . 2008-05-23 10:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-05-22 16:27 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-22 16:27 . 2008-05-22 16:27 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-22 16:26 . 2008-05-22 16:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-22 16:26 . 2008-05-22 16:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-22 16:26 . 2008-05-22 16:26 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-22 16:25 . 2008-05-22 16:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-22 16:24 . 2008-05-22 16:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-22 16:23 . 2008-05-22 16:23 <DIR> dr-h----- C:\MSOCache
2008-05-22 16:21 . 2008-05-24 14:06 <DIR> d-------- C:\Program Files\GameHouse
2008-05-22 16:21 . 2008-05-24 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse
2008-05-22 16:08 . 2008-05-22 16:08 <DIR> d-------- C:\Program Files\IrfanView
2008-05-22 16:08 . 2008-06-01 13:06 <DIR> d-------- C:\Program Files\ESET
2008-05-22 16:08 . 2008-05-22 16:08 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-22 16:08 . 2008-05-22 16:08 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-22 16:08 . 2008-05-22 16:08 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-22 16:07 . 2008-05-22 16:07 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-22 16:07 . 2008-05-24 12:30 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-05-22 16:07 . 2008-05-22 16:07 <DIR> d-------- C:\Program Files\Media Player Classic
2008-05-22 16:07 . 2002-12-20 12:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx
2008-05-22 16:07 . 2004-10-27 13:01 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2008-05-22 16:07 . 2004-01-12 17:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax
2008-05-22 16:06 . 2008-05-22 16:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-22 16:06 . 2008-05-22 16:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-22 16:06 . 2008-05-22 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-22 16:06 . 2007-04-23 02:15 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 16:06 . 2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\divx.dll
2008-05-22 16:06 . 2007-04-28 14:54 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-22 16:06 . 2007-06-07 21:11 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-22 16:06 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-22 16:06 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-22 16:06 . 2006-11-01 14:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-22 16:06 . 2007-04-23 02:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 16:06 . 2007-06-03 14:31 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-22 16:06 . 2005-02-24 18:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-22 16:05 . 2008-05-22 16:05 359,040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-05-22 16:03 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-05-22 16:03 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-22 16:03 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-05-22 16:03 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-05-22 16:03 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-22 16:03 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-22 16:02 . 2008-05-22 16:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 16:02 . 2008-05-22 16:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 16:02 . 2008-05-22 16:02 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-05-22 16:01 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-22 16:01 . 2000-10-25 20:27 3,000 -ra------ C:\WINDOWS\system32\SetupNT.sys
2008-05-22 16:01 . 2008-05-22 16:01 5 --a------ C:\WINDOWS\system32\BSETUP.TMP
2008-05-22 16:00 . 2008-05-22 16:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-22 16:00 . 2008-05-22 16:00 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-22 16:00 . 2008-05-22 16:00 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-22 14:52 . 2008-05-22 14:55 <DIR> d-------- C:\Perfect World
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 08:05 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-05-22 07:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-22 07:07 76,226 ----a-w C:\gamehousesupercollapseiiv1.34keygenparadox.zip
2008-05-22 07:01 741 ----a-w C:\Super_TextTwist_v2.2.4.1.zip
2008-04-29 03:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2008-05-22 16:05 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-22 16:05 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06E12C36-760F-4D92-8509-5E5DBF12C423}]
2008-06-01 13:05 57344 --a------ C:\WINDOWS\system32\geBtUnml.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:32 455168]
"Cmaudio"="cmicnfg.cpl" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-22 16:08 949376]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"BM8fe13c83"="C:\WINDOWS\system32\kxthwkle.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{06E12C36-760F-4D92-8509-5E5DBF12C423}"= C:\WINDOWS\system32\geBtUnml.dll [2008-06-01 13:05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtUnml]
geBtUnml.dll 2008-06-01 13:05 57344 C:\WINDOWS\system32\geBtUnml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=

S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 06:01]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 18:02:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBtUnml.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-06-07 18:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 10:06:53

Pre-Run: 41,405,243,392 bytes free
Post-Run: 41,469,231,104 bytes free

197
  • 0

Advertisements

#2
fenzodahl512
Posted 13 June 2008 - 12:07 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello ashenvale, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#3
ashenvale
Posted 17 June 2008 - 10:00 AM

ashenvale

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
thanks for the reply fenzodahl512 but i already formatted my drive..

i followed the prevention tips here in forums though, so i guess ill be safe from now..

thanks again and more power..
  • 0

#4
fenzodahl512
Posted 17 June 2008 - 10:43 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP