Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Avast...Win32:Malware-gen

Started by devonrexcatz , Oct 19 2009 05:20 PM

  • This topic is locked This topic is locked
34 replies to this topic

#31 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 01 November 2009 - 04:00 PM

Ok thanks re: CardReaderLookupWindow error.
Also I dont have performance & maintenance tab for updating windows.


ComboFix 09-10-27.04 - Michael & Dragana 02/11/2009 7:39.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.294 [GMT 10:00]
Running from: c:\documents and settings\Michael & Dragana\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 21:22 . 2009-11-01 21:48 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-28 21:04 . 2009-10-01 00:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 07:23 . 2009-07-28 06:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-28 07:23 . 2009-03-30 00:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-28 07:23 . 2009-02-13 02:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-28 07:23 . 2009-02-13 02:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-28 07:23 . 2009-10-28 07:23 -------- d-----w- c:\program files\Avira
2009-10-28 07:23 . 2009-10-28 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-27 23:35 . 2009-10-27 23:35 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-26 08:21 . 2009-10-26 08:21 -------- d-----w- c:\program files\AVG
2009-10-22 04:23 . 2009-09-10 04:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 04:23 . 2009-09-10 04:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 23:17 . 2009-10-18 00:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-09 03:02 . 2009-10-09 03:02 234856 ----a-w- c:\windows\GooglePreviewIE_Toolbar_Uninstaller_3859.exe
2009-10-09 03:02 . 2009-10-09 03:02 -------- d-----w- c:\program files\GooglePreviewIE Toolbar
2009-10-09 01:14 . 2009-10-09 01:14 -------- d-----w- c:\documents and settings\Michael & Dragana\Local Settings\Application Data\Flock
2009-10-09 01:14 . 2009-10-09 01:14 -------- d-----w- c:\documents and settings\Michael & Dragana\Application Data\Flock
2009-10-09 01:13 . 2009-10-12 11:55 -------- d-----w- c:\program files\Flock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 22:59 . 2006-09-04 10:41 28546 ----a-w- c:\documents and settings\Michael & Dragana\Application Data\wklnhst.dat
2009-10-26 21:42 . 2009-06-07 11:33 -------- d-----w- c:\program files\Alwil Software
2009-10-23 09:00 . 2009-02-21 04:07 -------- d-----w- c:\program files\McAfee
2009-10-22 04:48 . 2009-08-01 21:42 9216 --sha-w- c:\program files\Thumbs.db
2009-10-22 04:23 . 2009-07-17 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 22:33 . 2006-02-11 04:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 22:32 . 2008-04-30 04:47 -------- d-----w- c:\documents and settings\Michael & Dragana\Application Data\FUJIFILM
2009-10-21 18:47 . 2009-02-22 02:28 -------- d-----w- c:\program files\RegCure
2009-10-18 01:10 . 2007-02-01 12:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-14 11:35 . 2009-03-20 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 11:34 . 2006-09-04 10:10 -------- d-----w- c:\program files\Microsoft Works
2009-09-27 18:49 . 2009-09-27 18:49 -------- d-----w- c:\documents and settings\Michael & Dragana\Application Data\Office Genuine Advantage
2009-09-26 01:43 . 2007-01-30 09:33 -------- d-----w- c:\program files\mIRC
2009-09-25 21:25 . 2009-01-28 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-09-23 12:55 . 2009-01-25 02:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-15 22:15 . 2009-09-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 01:41 . 2009-02-21 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-14 09:45 . 2009-04-02 23:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 09:09 . 2009-03-31 07:37 -------- d-----w- c:\program files\QuickTime
2009-09-14 09:08 . 2007-02-08 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-14 09:06 . 2009-09-14 09:06 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 07:29 . 2007-01-30 13:04 -------- d-----w- c:\program files\Google
2009-09-11 14:18 . 2009-01-08 01:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-01-20 08:27 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 09:17 . 2009-01-25 02:30 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-29 08:08 . 2006-01-20 08:27 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-01-20 08:28 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 11:26 . 2006-09-04 10:33 100120 ----a-w- c:\documents and settings\Michael & Dragana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 06:28 . 2009-06-18 21:57 100120 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 06:27 . 2009-08-18 06:24 117089 ----a-w- c:\windows\hpoins11.dat
2009-08-17 13:33 . 2009-08-17 13:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 09:24 . 2006-01-19 16:37 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 09:24 . 2006-01-19 16:37 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 09:24 . 2006-01-19 16:37 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 09:24 . 2005-05-25 18:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 09:24 . 2006-01-19 16:37 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 09:24 . 2006-01-20 08:27 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 09:23 . 2006-01-19 16:37 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 09:23 . 2007-02-02 17:48 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 09:23 . 2006-01-19 16:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 09:23 . 2005-05-25 18:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2006-01-20 08:27 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2009-01-08 01:23 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2009-01-08 01:23 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2008-12-14 07:12 . 2008-12-14 07:12 54572 ------w- c:\program files\IE80BlockerHelp.htm
2008-12-14 07:12 . 2008-12-14 07:12 36816 ------w- c:\program files\IE80BlockerHelp-GPFilteringDialog.jpg
2008-10-20 05:13 . 2008-10-20 05:13 1820 ------w- c:\program files\IE80Blocker.cmd
2008-10-20 05:13 . 2008-10-20 05:13 1764 ------w- c:\program files\IE80Blocker.adm
2007-02-21 22:20 . 2007-02-20 03:32 23552 ----a-w- c:\program files\mozilla firefox\plugins\DrvMgt.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_02.12.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 16:19 . 2007-11-06 16:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-11-01 21:48 . 2009-11-01 21:48 16384 c:\windows\temp\Perflib_Perfdata_29c.dat
+ 2009-10-28 07:23 . 2009-05-11 00:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-11 14:02 . 2009-07-11 14:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-10-29 00:22 . 2009-10-29 00:22 195584 c:\windows\Installer\bd4775.msi
+ 2009-10-28 07:22 . 2009-10-28 07:22 228352 c:\windows\Installer\145c3e3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2006-02-15 2658304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"IPO3"="c:\program files\LG Software\IP Operator\IP Operator.exe" [2006-01-23 1028096]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-28 89541]

c:\documents and settings\Michael & Dragana\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-6-5 157000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-09-29 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael & Dragana^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael & Dragana^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
path=c:\documents and settings\Michael & Dragana\Start Menu\Programs\Startup\Webshots.lnk

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/01/2009 12:15 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/10/2009 5:23 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 9:17 PM 1179232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [21/02/2009 2:08 PM 92296]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [7/02/2006 11:46 AM 31744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 LGDMEBTN;LG Direct Media Button Device Driver;c:\windows\system32\drivers\LGDMEBTN.sys [11/02/2006 3:44 PM 15616]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [7/02/2006 11:47 AM 20608]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 12:24 AM 170480]
S3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [24/01/2006 7:57 AM 75648]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/02/2007 1:07 AM 16512]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/02/2006 4:34 PM 36352]
S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys --> c:\windows\system32\drivers\lgodd_filter.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 10:20 PM 12648]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/01/2009 4:52 PM 1122304]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:32]

2009-11-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

2009-11-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]

2009-11-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-01 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-10-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Michael & Dragana\Application Data\Mozilla\Firefox\Profiles\teyhkgqf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npskilljamloader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npssp32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 07:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2400)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\combofix\CF32695.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Webshots\Webshots.scr
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-11-01 7:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 21:56
ComboFix2.txt 2009-10-28 02:17
ComboFix3.txt 2009-10-24 09:18

Pre-Run: 59,152,642,048 bytes free
Post-Run: 59,005,771,776 bytes free

- - End Of File - - 95E060FAB78984A92BBAE14AAE40FE65

    Advertisements

Register to Remove

#32 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 November 2009 - 04:36 PM

Thatr all looks good to me. Do this now, then start a new topic in our Windows Forum and one of the Techs will see what they can do.

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    [list]
  • Posted Image

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#33 devonrexcatz

devonrexcatz

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 01 November 2009 - 08:17 PM

Thanks very much once again. Belinda :)

#34 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 November 2009 - 07:04 PM

You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#35 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 November 2009 - 07:04 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·