Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

ComboFix Log - Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

ComboFix Log - Please Help

Unread postby MattSE » September 30th, 2008, 11:02 pm

Hi all -

Per other suggestions, I ran through Malware, got rid of what I could and then ran ComboFix. Can someone check out my ComboFix log and make sure my computer is healthy?

* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dfmlxbpkbgl.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-09-30 18:21 . 2008-09-30 18:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 18:21 . 2008-09-30 18:21 <DIR> d-------- C:\Documents and Settings\Matt Taylor\Application Data\Malwarebytes
2008-09-30 18:21 . 2008-09-30 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 18:21 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 18:21 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 22:12 . 2008-05-02 09:25 465,920 --------- C:\WINDOWS\system32\imapi2fs.dll
2008-09-16 22:12 . 2008-05-02 09:25 465,920 --------- C:\WINDOWS\system32\dllcache\imapi2fs.dll
2008-09-16 22:12 . 2008-05-02 09:25 317,952 --------- C:\WINDOWS\system32\imapi2.dll
2008-09-16 22:12 . 2008-05-02 09:25 317,952 --------- C:\WINDOWS\system32\dllcache\imapi2.dll
2008-09-16 22:12 . 2008-05-02 06:49 62,976 --------- C:\WINDOWS\system32\dllcache\cdrom.sys
2008-09-12 18:48 . 2008-09-12 18:48 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-09-12 18:46 . 2008-09-12 18:46 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 11:04 --------- d-----w C:\Documents and Settings\Matt Taylor\Application Data\Move Networks
2008-09-21 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek
2008-09-17 02:47 --------- d-----w C:\Program Files\Zune
2008-09-12 22:32 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-09-11 07:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 07:21 --------- d-----w C:\Program Files\Google
2008-09-11 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 14:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-09-07 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-25 01:12 --------- d-----w C:\Program Files\Soulseek
2008-08-21 12:30 --------- d-----w C:\Program Files\Photosynth
2008-08-19 13:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 12:36 --------- d-----w C:\Program Files\SoulseekNS
2008-08-06 16:00 --------- d-----w C:\Program Files\Learning Essentials
2008-03-17 16:28 56,912 ----a-w C:\Documents and Settings\Matt Taylor\g2mdlhlpx.exe
2006-11-01 12:39 54,928 -c--a-w C:\Documents and Settings\Matt Taylor\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"L06AXLRD_1326890"="C:\Program Files\Microsoft Student\Microsoft Student 2006 DVD\EDICT.EXE" [2005-06-03 301776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Google Update"="C:\Documents and Settings\Matt Taylor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-01 4636672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-22 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HostManager"="C:\Program Files\Common Files\AOL\1127507947\ee\AOLSoftware.exe" [2006-09-25 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-07 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"/AutoLaunch"="C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe" [2004-06-29 65635]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-10-11 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-10-11 53248]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-03-04 606208]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-16 45056]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"nwiz"="nwiz.exe" [2004-12-01 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Matt Taylor\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-22 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 110080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1127507947\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\1127507947\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\SoulseekNS\\slsk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1626:TCP"= 1626:TCP:Robotrage
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys [2008-06-27 14336]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys [2007-06-08 8832]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de2b460-5385-11dd-97c2-0012f036d6ba}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6449166C-2951-4105-B1A9-481F56B5DAFA}]
C:\WINDOWS\UMBS\IPPRIN~1.0\PerUser.exe /S
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{9B328671-93CD-48EA-831C-F64CA64D52E1} - C:\WINDOWS\dfmlxbpkbgl.dll
Toolbar-{FB63658B-C7BB-4E34-B2DA-6C25BB2BCDE6} - C:\WINDOWS\peltodgx.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Matt Taylor\Application Data\Mozilla\Firefox\Profiles\x5szcjno.default\
FF -: plugin - C:\Documents and Settings\Matt Taylor\Local Settings\Application Data\Google\Update\1.2.131.19\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npInquisit.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsharedview.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Photosynth\npPhotosynthMozilla.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 22:32:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\AOL\1127507947\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-09-30 22:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 02:46:51

Pre-Run: 13,499,125,760 bytes free
Post-Run: 14,107,688,960 bytes free
MattSE
Active Member
 
Posts: 4
Joined: September 30th, 2008, 10:59 pm
Top
Advertisement
Register to Remove

Re: ComboFix Log - Please Help

Unread postby NonSuch » October 3rd, 2008, 4:58 pm

ComboFix is not a tool that is intended to be used without expert supervision. To do otherwise is to risk seriously compromising your system.

In order for us to help you it is necessary that you provide us with a HijackThis log. A HijackThis log, as well as other logs that may be requested, provide us with a guideline for removing whatever malware is infecting your system. We cannot proceed without such logs for guidance.

If you still require help, please follow the guideline at the link below to start a new topic and post your HijackThis log along with your ComboFix log in that new topic. Do this all in one post as our helpers are looking for topics that have 0 responses.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 436 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index