Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win 32/Adware / Virtumonde removal instructions please

Started by diesel4 , Apr 11 2009 03:21 AM

  • Please log in to reply

#1
diesel4
Posted 11 April 2009 - 03:21 AM

diesel4

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

I have been browsing these topics and found that some other people had problem with win32/virtumonde spyware but some of my symptoms were different so I could really use some help in removing this spyware if possible.
I guess I caught it browsing the net. My NOD32 picked it up and it keeps sending me massage

File
C:\WINDOWS\system32\eLUENXbc.ini
Threat
Win32\Adware.Virtumonde.NEO - datafile application

I have ran my NOD32 scan but I could not get it off naturally. I have also used spybot 1.6.2 version and every time it scans my disk it says for example 15 problems found and fixed, but it doesn't clean it as I ran spybot 10 times and it always finds new problems.

Even though I use mozilla time to time my internet explorer goes nuts and just second ago my computer received message system shutting down and it rebooted itself.

Please help how to remove it. Thank you

I anyone is interested in helping I have followed beginning instructions from other similar topics and ran combofix. Here is the file I've got. What to do next, thanks !!!!!

ComboFix 09-04-13.A2 - Diesel4 2009-04-13 11:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.3070.2504 [GMT 2:00]
Running from: c:\documents and settings\Diesel4\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Diesel4\Start Menu\Programs\Startup\userinit.exe
c:\program files\altcmd
c:\windows\IE4 Error Log.txt
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\aopejj.dll
c:\windows\system32\ayyewe.dll
c:\windows\system32\bhvdofdw.dll
c:\windows\system32\bpmyiwoy.dll
c:\windows\system32\cbXNEULe.dll
c:\windows\system32\djxibfmg.dll
c:\windows\system32\dnqkgc.dll
c:\windows\system32\dqcgvodn.dll
c:\windows\system32\eorldj.dll
c:\windows\system32\epgyvh.dll
c:\windows\system32\fbjros.dll
c:\windows\system32\fpjaintc.dll
c:\windows\system32\ghmiey.dll
c:\windows\system32\iegsmwlo.dll
c:\windows\system32\irlwhgur.dll
c:\windows\system32\kdflidgi.dll
c:\windows\system32\ldzfop.dll
c:\windows\system32\lkmpjgbn.dll
c:\windows\system32\luvrnp.dll
c:\windows\system32\ncobeush.dll
c:\windows\system32\nxhfho.dll
c:\windows\system32\nysvktju.dll
c:\windows\system32\oddnhchw.dll
c:\windows\system32\ofjhopgu.dll
c:\windows\system32\ohextvcv.dll
c:\windows\system32\rivipr.dll
c:\windows\system32\rtapwt.dll
c:\windows\system32\skthwu.dll
c:\windows\system32\sxhxmt.dll
c:\windows\system32\tesjsniy.dll
c:\windows\system32\tkrnuc.dll
c:\windows\system32\uinnqmlx.dll
c:\windows\system32\ulmnnyuq.dll
c:\windows\system32\vazkhm.dll
c:\windows\system32\vpmujmsr.dll
c:\windows\system32\vzxrlv.dll
c:\windows\system32\wowfx.dll
c:\windows\system32\wprjjduh.dll
c:\windows\system32\wqovtmxu.dll
c:\windows\system32\ydnimdlh.dll
c:\windows\system32\yooigk.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-13 07:47 . 2009-04-13 07:47 61440 ----a-w c:\windows\system32\nidpvdcx.exe
2009-04-12 18:45 . 2009-04-12 18:45 61440 ----a-w c:\windows\system32\iedgpwsg.exe
2009-04-12 07:59 . 2009-04-12 07:59 61440 ----a-w c:\windows\system32\prslmrhb.exe
2009-04-11 21:17 . 2009-04-11 21:17 61440 ----a-w c:\windows\system32\stuxjlpd.exe
2009-04-11 09:17 . 2009-04-11 09:17 61440 ----a-w c:\windows\system32\wlqkxdnp.exe
2009-04-11 08:18 . 2009-04-11 08:18 61440 ----a-w c:\windows\system32\ngpbwajg.exe
2009-04-11 07:40 . 2009-04-11 07:40 -------- d-----w c:\windows\system32\xlib254.dll
2009-04-11 07:40 . 2009-04-11 07:40 -------- d-----w c:\windows\system32\append.dll
2009-04-10 18:35 . 2009-04-10 18:35 61440 ----a-w c:\windows\system32\xuehswni.exe
2009-04-09 16:54 . 2009-04-09 16:54 61440 ----a-w c:\windows\system32\mabplvtr.exe
2009-04-08 19:43 . 2009-04-08 19:43 61440 ----a-w c:\windows\system32\vutibbir.exe
2009-04-05 20:01 . 2009-04-10 22:11 495 ----a-w c:\windows\wininit.ini
2009-04-05 19:34 . 2009-04-05 20:13 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 00:14 . 2009-03-29 00:14 -------- d--h--w c:\windows\PIF
2009-03-28 08:55 . 2009-03-28 08:55 -------- d-----w c:\documents and settings\Diesel4\Local Settings\Application Data\Installer2944
2009-03-27 14:08 . 2006-08-07 22:38 57344 ----a-w c:\windows\system32\digest32.dll
2009-03-15 18:47 . 2006-07-23 03:54 581632 ----a-w c:\windows\system32\snapapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 09:33 . 2008-10-13 15:35 -------- d-----w c:\documents and settings\Diesel4\Application Data\Skype
2009-04-13 09:18 . 2009-04-13 09:18 61440 ----a-w c:\windows\system32\qdrrxgol.exe
2009-04-13 09:18 . 2008-10-13 15:36 -------- d-----w c:\documents and settings\Diesel4\Application Data\skypePM
2009-04-05 20:13 . 2009-04-05 19:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 14:15 . 2007-12-10 22:20 -------- d-----w c:\documents and settings\Diesel4\Application Data\uTorrent
2009-03-27 17:13 . 2007-12-27 14:13 -------- d-----w c:\program files\Java
2009-03-21 19:55 . 2009-03-08 08:33 -------- d-----w c:\documents and settings\Diesel4\Application Data\DivX
2009-03-09 04:19 . 2008-12-24 07:20 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:53 . 2009-03-08 08:31 -------- d-----w c:\program files\DivX
2009-03-08 08:43 . 2008-10-03 15:47 -------- d-----w c:\documents and settings\Diesel4\Application Data\Move Networks
2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2008-12-13 10:22 . 2007-12-12 17:06 68872 ----a-w c:\documents and settings\Diesel4\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-03 20:44 . 2007-12-21 07:43 22328 ----a-w c:\documents and settings\Diesel4\Application Data\PnkBstrK.sys
2008-11-04 17:49 . 2008-11-04 17:49 179208 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-12-22 02:08 . 2007-12-22 02:08 130 ----a-w c:\documents and settings\Diesel4\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-10 949376]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"ServerTrayApp"="c:\program files\Matrox Mx.tools\WYSIWYG Plug-ins\mveServerTrayApp.exe" [2008-06-10 158248]
"MveXinfo"="c:\program files\Matrox Mx.tools\system\MveXinfo.exe" [2008-06-18 305704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Diesel4\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-02 575488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-12-10 581632]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-12-10 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.M101"= mvcVfw.dll
"vidc.M102"= mvcVfwHD.dll
"vidc.M103"= mvcVfwYUVA.dll
"vidc.M104"= mvcVfwYUVAHD.dll
"vidc.M701"= mvcVfwSwitcher.dll
"vidc.M704"= mvcVfwMpeg2Alpha.dll
"vidc.M705"= mvcVfwMpeg2AlphaHD.dll
"vidc.dvh1"= mvcVfwDV100.dll
"vidc.dv25"= digivcap.dll
"vidc.dv50"= digivcap.dll
"vidc.MJPG"= digivcap.dll
"vidc.MMES"= digivcap.dll
"vidc.M702"= digivcap.dll
"vidc.M301"= mvcVfwRefAVI.dll
"vidc.M703"= mvcVfwMpeg2HDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"d:\\Program files\\Assasins Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program files\\Assasins Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program files\\Assasins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"4719:TCP"= 4719:TCP:4719

R1 MemAlloc;MemAlloc; [x]
R2 mvOptimizerService;mvOptimizerService;c:\program files\matrox mx.tools\system\mvOptimizerService.exe [2008-06-18 129576]
R3 MtxVxd;MtxVxd; [x]
R3 mvkPciOptimizer;mvkPciOptimizer;c:\program files\Matrox Mx.tools\system\drivers\mvkPciOptimizer.sys [2008-12-02 13864]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-10 15424]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
S3 mvkBus;mvkBus;c:\windows\system32\DRIVERS\mvkBus.sys [2008-06-18 1253928]
S3 mvkInput;mvkInput;c:\windows\system32\DRIVERS\mvkInput.sys [2008-06-18 54312]
S3 mvkLQScaler;mvkLQScaler;c:\windows\system32\DRIVERS\mvkLQScaler.sys [2008-06-18 44584]
S3 mvkMemManager;mvkMemManager;c:\windows\system32\DRIVERS\mvkMemManager.sys [2008-06-18 41256]
S3 mvkMisc;mvkMisc;c:\windows\system32\DRIVERS\mvkMisc.sys [2008-06-18 54696]
S3 mvkOnBrdIOdsxle;mvkOnBrdIOdsxle;c:\windows\system32\DRIVERS\mvkOnBrdIOdsxle.sys [2008-06-18 239016]
S3 mvkOutput;mvkOutput;c:\windows\system32\DRIVERS\mvkOutput.sys [2008-06-18 60584]
S3 mvkSystemClock;mvkSystemClock;c:\windows\system32\DRIVERS\mvkSystemClock.sys [2008-06-18 46760]
S3 mvkTransfer;mvkTransfer;c:\windows\system32\DRIVERS\mvkTransfer.sys [2008-06-18 52776]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a96bb579-b3fb-11dc-85bd-001a4d510cf4}]
\shell\Setup\command - setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C6EA21A9-6142-4B2E-9270-0306D9886AFB} - c:\windows\system32\cbXNEULe.dll
BHO-{fabf8c57-f979-418e-8fce-e16e2213a990} - c:\windows\system32\ldzfop.dll
ShellExecuteHooks-{c4f50f79-06e5-4b29-8849-d5f6f628b4c8} - c:\windows\system32\ldzfop.dll
Notify-byXRkJaA - byXRkJaA.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Diesel4\Application Data\Mozilla\Firefox\Profiles\8zmuepsj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Diesel4\Application Data\Mozilla\Firefox\Profiles\8zmuepsj.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 11:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-602609370-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,46,27,5a,7a,6a,ac,f9,cb,1e,72,60,17,51,43,08,e8,8c,d7,b5,b2,77,3f,
4a,d2,cc,94,25,8b,03,d8,34,95,1d,8b,7e,1d,a4,ea,3c,b9,38,0c,81,d8,c2,9b,60,\
"??"=hex:27,1b,a8,77,95,cf,d6,4f,2a,f8,df,eb,73,04,47,4c

[HKEY_USERS\S-1-5-21-725345543-602609370-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:e9,25,19,ff,8a,85,64,9e,86,26,ce,65,47,f9,6c,17,e3,a8,4a,1f,7a,
81,c9,f0,d5,84,7c,c0,fb,6f,84,3f,36,aa,95,55,93,b5,bb,a0,80,d5,42,95,77,a5,\
"rkeysecu"=hex:d5,0e,d4,dd,a7,cd,3a,05,63,3a,50,f1,53,88,49,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\imon.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\imon.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3732)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-04-13 11:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 09:39

Pre-Run: 100.679.254.016 bytes free
Post-Run: 100,868,763,648 bytes free

302 --- E O F --- 2009-03-11 23:02

By the way I switched off my NOD32 but combofix gave me a warning that nod32 version 2.7 was running. So I am not sure if this combofix report is 100% accurate.

Edited by diesel4, 13 April 2009 - 03:46 AM.

  • 0

Advertisements

#2
diesel4
Posted 17 April 2009 - 04:39 AM

diesel4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
anyone???
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP