Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/renos.io trojan downloader plz help


  • Please log in to reply

#1
dezerbois

dezerbois

    New Member

  • Member
  • Pip
  • 2 posts
Lookin for someone to help me remove this, tried alot of different ways and spent hours trying to ge tid of it. Any help would be appreciated this isnt my computer lol/.
  • 0

Advertisements


#2
dezerbois

dezerbois

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Well i downloaded combo fix and heres the report

ComboFix 09-06-11.06 - admin 11/06/2009 22:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.1790.1063 [GMT -4:00]
Running from: c:\users\admin\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\MSIVXfrttynacnmupbbbwenwnijdhqrdipxwt.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MSIVXbefckmkxmiatqgxqklapxfwufgnutnwf.dll
c:\windows\system32\MSIVXbmupxqxveibetcjfohxfodrfestnijci.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-12 03:15 . 2009-06-12 03:15 -------- d-----w- c:\users\admin\AppData\Local\temp
2009-06-12 03:15 . 2009-06-12 03:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-11 20:44 . 2009-06-11 20:44 35 ----a-w- c:\users\admin\AppData\Roaming\SetValue.bat
2009-06-11 19:58 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-11 19:58 . 2009-06-11 19:58 39428 ----a-w- c:\programdata\Lavasoft\Ad-Aware\ThreatWork\Submit\WNASPINT.DLL
2009-06-11 02:12 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-11 02:10 . 2009-06-11 02:10 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 02:10 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-11 02:10 . 2009-06-11 02:12 -------- d-----w- c:\programdata\Lavasoft
2009-06-11 02:10 . 2009-06-11 02:10 -------- d-----w- c:\program files\Lavasoft
2009-06-09 20:25 . 2007-12-26 21:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-06-09 20:25 . 2007-12-26 21:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-06-09 20:25 . 2009-06-10 08:01 -------- d-----w- c:\program files\Cheat Engine
2009-06-07 06:48 . 2009-06-07 06:48 -------- d-----w- c:\program files\OpenPlsInWMP
2009-06-07 06:42 . 2009-06-07 06:42 -------- d-----w- c:\program files\Xiph.Org
2009-06-04 18:55 . 2009-06-04 18:55 -------- d-----w- C:\CFLog
2009-06-04 18:54 . 2005-01-01 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-06-04 18:54 . 2009-06-04 18:54 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-06-04 18:46 . 2009-06-04 18:46 -------- d-----w- c:\program files\Subagames
2009-06-04 18:38 . 2009-06-04 18:45 -------- d-----w- c:\program files\CrossFire
2009-06-04 18:38 . 2009-06-04 19:24 -------- d-----w- c:\users\admin\AppData\Local\PMB Files
2009-06-04 18:38 . 2009-06-04 18:39 -------- d-----w- c:\programdata\PMB Files
2009-06-04 18:38 . 2009-06-04 18:38 -------- d-----w- c:\program files\Pando Networks
2009-06-02 20:04 . 2009-06-03 04:24 -------- d-----w- c:\users\admin\AppData\Roaming\Ventrilo
2009-06-02 20:02 . 2009-06-02 20:02 -------- d-----w- c:\program files\Ventrilo
2009-06-02 19:59 . 2009-06-02 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 22:33 . 2009-05-29 22:33 -------- d-----w- c:\programdata\AeriaGames
2009-05-29 21:38 . 2009-05-29 21:38 -------- d-----w- c:\users\admin\AppData\Local\Hewlett-Packard
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\users\admin\AppData\Local\DNA
2009-05-29 21:12 . 2009-06-12 02:53 -------- d-----w- c:\users\admin\AppData\Roaming\DNA
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\users\admin\Program Files
2009-05-21 07:30 . 2009-05-21 07:41 -------- d-----w- c:\users\admin\.smplayer
2009-05-21 06:59 . 2009-05-21 07:00 -------- d-----w- c:\users\Guest\AppData\Local\PokerStars
2009-05-17 14:18 . 2009-05-17 14:20 -------- d-----w- c:\users\Guest\AppData\Local\QuickPlay
2009-05-17 14:18 . 2009-05-17 14:18 75800 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-17 14:18 . 2009-05-17 14:18 -------- d-----w- c:\users\Guest\AppData\Roaming\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 02:54 . 2008-07-10 15:55 42047 ----a-w- c:\programdata\nvModes.dat
2009-06-12 02:43 . 2008-06-02 15:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 02:40 . 2008-06-02 15:19 -------- d-----w- c:\programdata\Symantec
2009-06-11 20:44 . 2009-06-11 20:44 691 ----a-w- c:\users\admin\AppData\Roaming\GetValue.vbs
2009-06-11 02:23 . 2008-06-02 13:54 672380 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-11 02:23 . 2008-06-02 13:54 127578 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-11 02:13 . 2009-04-25 04:40 7592 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2009-06-07 06:41 . 2008-12-26 00:36 -------- d-----w- c:\users\admin\AppData\Roaming\LimeWire
2009-06-02 19:29 . 2009-05-13 01:15 -------- d-----w- c:\program files\PokerStars
2009-05-29 22:33 . 2008-06-02 15:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 10:01 . 2008-10-02 21:47 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 01:51 . 2009-05-13 01:51 21176 ----a-w- c:\programdata\Citadel Commerce\Payment Assistant\Citadel.Banking.Updater.exe
2009-05-13 01:51 . 2009-05-13 01:51 10416 ----a-w- c:\programdata\Citadel Commerce\Payment Assistant\Citadel.Bank.CA.RoyalBankEFT.dll
2009-05-13 01:51 . 2009-05-13 01:51 48807 ----a-w- c:\programdata\Citadel Commerce\Payment Assistant\uninst.exe
2009-05-13 01:51 . 2009-05-13 01:51 351216 ----a-w- c:\programdata\Citadel Commerce\Payment Assistant\Citadel.Banking.PaymentClient.exe
2009-05-13 01:51 . 2009-05-13 01:51 -------- d-----w- c:\programdata\Citadel Commerce
2009-05-12 18:37 . 2008-07-10 16:03 -------- d-----w- c:\programdata\CyberLink
2009-04-25 17:32 . 2009-04-25 17:32 -------- d-----w- c:\users\admin\AppData\Roaming\GTek
2009-03-17 03:38 . 2009-04-25 04:47 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-25 04:47 24064 ----a-w- c:\windows\system32\amxread.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\users\admin\Program Files\DNA\btdna.exe" [2009-06-10 318272]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85BAADBE-15CF-4226-B057-916B14FEB69C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{620CD8DD-7A68-4FC0-A35B-73114E7DD8BD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{795057CB-C433-4C9D-B1E7-2DD4EFC75272}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{10B560DE-6505-4D7A-93A9-78026BE6A1FA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F62317B8-F4E2-4B49-8073-77AF2FC82D1C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{26E01536-C195-40FE-861D-F48F17852A8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5B209472-6AD5-49BF-B67B-6F26544E49BC}"= TCP:67:DHCP Discovery Service
"{D633F95C-D011-4D3E-A77A-F60462EACA1D}"= UDP:c:\aeriagames\TwelveSky2\Launcher.exe:Launcher
"{12C20EC4-7472-4C37-9D6E-35169D7EC250}"= TCP:c:\aeriagames\TwelveSky2\Launcher.exe:Launcher
"{9A20B77D-E852-474E-98F0-B6181B7938D3}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{21448037-0938-4EDC-8C23-B1589DA27A3F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{50135DFA-9433-43A3-9107-7895BABF5648}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{871E6E94-A3BE-4025-9C1F-702B576CDC3B}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{2877D8F3-EA7F-4FA7-9593-B47B6F75E76F}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{0DB0EC9E-95F9-4AFA-BBEA-770AF53B86EE}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/06/2009 22:12 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 15:06 951632]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [18/04/2008 05:30 204800]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [02/06/2008 13:08 361808]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 08:39 42528]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/06/2008 11:46 193840]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2008-12-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

2009-06-11 c:\windows\Tasks\User_Feed_Synchronization-{37651776-16B2-4930-9229-57609DC3C30E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 23:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-12 23:16
ComboFix-quarantined-files.txt 2009-06-12 03:16

Pre-Run: 86,677,770,240 bytes free
Post-Run: 87,004,254,208 bytes free

213 --- E O F --- 2009-06-08 22:56
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP