Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

combo fix


  • Please log in to reply

#1
bobby080588

bobby080588

    New Member

  • Member
  • Pip
  • 1 posts
hi guys I just recently scanned my computer trying to get rid of malware using Combofix. This log shown below is what appeared after the scan i would like to know how to use this (understand it someway) in order to get rid of my infections.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ededoy.dll
C:\Windows\system32\mckkmsne.dll
C:\Windows\system32\onpjnfag.dll
C:\Windows\system32\pxkckdfx.dll
C:\Windows\System32\VwHikUtv.ini
C:\Windows\System32\VwHikUtv.ini2
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\Users\Diego\AppData\Roaming\Malwarebytes
2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 14:54 . 2008-08-17 15:05 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 14:54 . 2008-08-17 15:05 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-23 23:25 . 2008-08-24 14:52 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-23 23:25 . 2008-08-24 14:52 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-23 23:25 . 2008-08-23 23:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-08-23 16:18 . 2008-08-23 16:18 <DIR> d-------- C:\Users\Diego\AppData\Roaming\SUPERAntiSpyware.com
2008-08-23 16:18 . 2008-08-23 16:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-22 22:52 . 2008-08-22 22:52 1,266,574 --a------ C:\MGtools.exe
2008-08-22 22:15 . 2008-08-22 22:15 <DIR> d-------- C:\Program Files\CCleaner
2008-08-22 21:51 . 2008-08-22 21:50 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-08-22 18:33 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 18:33 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 18:33 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 18:33 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 18:32 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 18:32 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 18:32 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 18:31 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 18:31 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-21 03:27 . 2008-07-15 19:48 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 02:50 . 2008-08-21 02:50 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-08-21 01:56 . 2008-08-21 01:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-21 01:56 . 2008-07-19 10:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-20 18:15 . 2008-06-18 23:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-20 18:15 . 2008-06-18 23:25 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-20 18:15 . 2008-06-18 23:25 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-20 18:15 . 2008-06-18 23:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-20 18:14 . 2008-04-19 04:13 268,800 --a------ C:\Windows\System32\es.dll
2008-08-20 18:12 . 2008-04-10 01:01 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-20 18:12 . 2008-04-09 22:43 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-19 14:48 . 2008-08-19 14:48 <DIR> d-------- C:\Users\Diego\AppData\Roaming\muvee Technologies
2008-08-19 14:48 . 2008-08-19 14:48 <DIR> d-------- C:\Users\All Users\muvee Technologies
2008-08-19 14:48 . 2008-08-19 14:48 <DIR> d-------- C:\ProgramData\muvee Technologies
2008-08-19 14:47 . 2008-08-19 14:47 <DIR> d-------- C:\Users\All Users\TEMP
2008-08-19 14:47 . 2008-08-19 14:47 <DIR> d-------- C:\ProgramData\TEMP
2008-08-17 13:28 . 2008-08-17 13:28 <DIR> d-------- C:\Users\All Users\Sandlot Games
2008-08-17 13:28 . 2008-08-17 13:28 <DIR> d-------- C:\ProgramData\Sandlot Games
2008-08-17 13:28 . 2008-08-17 13:28 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-08-11 00:53 . 2008-08-11 00:54 <DIR> d-------- C:\SAV32CLI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 04:26 --------- d-----w C:\ProgramData\Google Updater
2008-08-23 20:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 01:50 --------- d-----w C:\Program Files\Java
2008-08-21 07:55 --------- d-----w C:\Program Files\Sophos
2008-08-21 07:53 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 07:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 07:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-21 06:55 --------- d-----w C:\Program Files\Vongo
2008-08-21 06:39 --------- d-----w C:\ProgramData\Sophos
2008-08-20 22:17 --------- d-----w C:\Program Files\Google
2008-08-19 20:20 --------- d-----w C:\ProgramData\WildTangent
2008-08-19 19:36 --------- d-----w C:\Program Files\Microsoft Games
2008-08-19 19:12 --------- d-----w C:\Users\Diego\AppData\Roaming\Sierra
2008-08-19 19:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 19:12 --------- d-----w C:\Program Files\Sierra
2008-08-09 04:38 --------- d-----w C:\Program Files\Lavasoft
2008-08-09 04:34 --------- d-----w C:\ProgramData\Lavasoft
2008-07-09 07:19 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 07:07 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-11-24 02:26 24,192 ----a-w C:\Users\Diego\usbsermptxp.sys
2007-11-24 02:26 22,768 ----a-w C:\Users\Diego\usbsermpt.sys
2007-11-24 01:11 92,064 ----a-w C:\Users\Diego\mqdmmdm.sys
2007-11-24 01:11 9,232 ----a-w C:\Users\Diego\mqdmmdfl.sys
2007-11-24 01:11 79,328 ----a-w C:\Users\Diego\mqdmserd.sys
2007-11-24 01:11 66,656 ----a-w C:\Users\Diego\mqdmbus.sys
2007-11-24 01:11 6,208 ----a-w C:\Users\Diego\mqdmcmnt.sys
2007-11-24 01:11 5,936 ----a-w C:\Users\Diego\mqdmwhnt.sys
2007-11-24 01:11 4,048 ----a-w C:\Users\Diego\mqdmcr.sys
2007-08-19 19:26 0 ----a-w C:\Users\Diego\AppData\Roaming\wklnhst.dat
2008-01-16 21:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-16 21:36 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-16 21:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-17 14:53 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 18:23 1773568]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 13:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-05 18:51 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 23:36 827392]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 12:52 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 12:52 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 12:52 133912]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 20:45 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 10:12 71176]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-08-22 21:50 144792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 19:05:38 553021]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-05 18:51:06 126136]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-09 22:07:32 692224]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-05-03 20:03:17 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4F6FCA15-4792-4FC2-A411-5DEE7ABB33DD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBFDDF5A-1363-40AB-A3D9-8C8BCF60F325}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB62F7AE-6857-4964-85BD-216B646A4510}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{849D2A11-C890-47A7-AF59-6C9829371555}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2F8A24E2-6266-4C7D-8B8A-F8C077332FAF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F247C7CA-2F29-460F-916C-1CB41F858373}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{26C399D3-F7FF-4A27-9159-F8F459DECD9D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A68E38F-53F7-44C5-911C-B6C65CD24814}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05C1C6F0-3A90-462F-83D6-81998825F97C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6EF0E309-7027-4248-8BC2-2BCA6E81CBE7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7724ED3B-D536-4BA8-BCCE-5A26D66B718C}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FBF01BED-6C73-429B-9A07-25E4B1047928}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A857FAC5-67AA-49CD-AEA7-4C38CDAB45FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A11A7EA-5887-4858-9587-A437D61830E3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{44D32BDF-B682-4940-B74E-92AE653DB7FD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{71588834-9859-43B4-AFD4-61CBF4A2CF91}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0C183F0A-23D8-47CE-9E76-3EE77A3F58E5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B0E04FEB-4D5F-4309-B25E-5185EE11A4B6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7797997B-3907-4B7A-8D5E-E9EC8523A10E}C:\\neverwinternights\\nwn\\nwmain.exe"= UDP:C:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{F1A76D52-6996-4A52-A9C2-658819D27F0B}C:\\neverwinternights\\nwn\\nwmain.exe"= TCP:C:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"TCP Query User{2662E3B3-8893-468F-BB67-94EC0F831E7A}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= UDP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II
"UDP Query User{D26E2915-D475-455B-A413-434BF05AC9CD}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= TCP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II
"TCP Query User{29EF4573-848E-45DF-8353-028332F9F5C5}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{2E4122A5-F0CA-4481-BEC6-DEE2B3381455}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{1E7057B2-6BA6-446C-A230-24D0FC7D78C0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CC1074C4-21B1-4F5C-9524-4B59EF5E2F74}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{955D7754-FEFA-405B-811E-A44106B333A3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7ECB92F2-0E07-48D1-BDA5-F44F228BDBEA}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CCED8529-841E-4E89-8B4B-5B379002B7B8}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{811E4982-5669-416C-92CF-55E364DB2B5F}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\PPStream\\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS
"C:\\Program Files\\PPStream\\PPSAP.exe"= C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 10:36]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 18:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 18:31]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-02-27 16:31]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 21:03]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-02-27 16:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5750c9c-a1d5-11dc-8fd4-001b24591a8e}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20]

2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{0577D953-3655-4F84-8D8C-C888067A70EF}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 05:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0E28648C-A297-4709-851A-78C4C2CF258B} - C:\Windows\system32\vtUkiHwV.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\rzo89th7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.969.23408\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 18:24:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-25 18:34:06 - machine was rebooted [Diego]
ComboFix-quarantined-files.txt 2008-08-25 22:33:54

Pre-Run: 71,978,643,456 bytes free
Post-Run: 71,665,528,832 bytes free

288 --- E O F --- 2008-08-21 19:14:04
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP