Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Packed Generic 200 Detected


  • Please log in to reply

#1
emwep

emwep

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

Since yesterday I kept getting a pop up from Norton Antivirus saying a Packed Generic 200 Security Risk was detected - which it would then delete. This kept occurring throughout the day. I was also having trouble with my wireless connection - with pop ups telling me that the wireless manager had failed. Am on a Dell Inspiron 1525 which is nearly 6 months old and runs Vista.

Anyway, I searched around and found a suggestion to run combofix on my computer and was advised to post the log for someone with computer know how (obviously not me) to have a squiz to see if all ok? Computer seems to be running ok now, but it's early hours. If anyone could help would be extremely grateful.

Cheers.

Log:

ComboFix 09-03-15.01 - Em 2009-03-18 21:10:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1801 [GMT 0:00]
Running from: c:\users\Em\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-4-8-76-100031189-100014764-100016577-5410.com
c:\windows\system32\drivers\gaopdxeymrwpvxxxrbbrnniwbqbsqicnvqegdf.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxnpniyarovebwtpsirkriikoxmpuxtqet.dll
d:\recycler\S-4-8-76-100031189-100014764-100016577-5410.com
.
---- Previous Run -------
.
C:\autorun.inf
c:\windows\system32\drivers\gaopdxeymrwpvxxxrbbrnniwbqbsqicnvqegdf.sys
c:\windows\system32\gaopdxnpniyarovebwtpsirkriikoxmpuxtqet.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-11 06:25 . 2008-12-16 03:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 06:25 . 2009-02-09 03:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 06:25 . 2008-11-27 04:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 06:25 . 2008-12-16 05:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 06:25 . 2008-12-16 05:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 06:25 . 2008-12-16 05:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-23 17:36 . 2009-03-18 21:00 69 --a------ c:\windows\NeroDigital.ini
2009-02-23 17:34 . 2009-02-23 17:34 <DIR> d-------- c:\program files\Audacity
2009-02-23 15:45 . 2009-03-18 20:01 <DIR> d-------- c:\program files\Cool MP3 Splitter
2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\System32\drivers\symtdi.sys
2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\System32\drivers\symfw.sys
2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\System32\drivers\symndisv.sys
2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\System32\drivers\symids.sys
2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\System32\drivers\symredrv.sys
2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\System32\drivers\symdns.sys
2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\System32\drivers\SymRedir.cat
2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\System32\drivers\SymRedir.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 21:12 --------- d-----w c:\users\Em\AppData\Roaming\Skype
2009-03-18 21:05 --------- d-----w c:\users\Em\AppData\Roaming\skypePM
2009-03-18 20:13 --------- d-----w c:\programdata\Google Updater
2009-03-18 20:04 --------- d-----w c:\program files\Creative Live! Cam
2009-03-18 20:03 --------- d-----w c:\program files\Google
2009-03-18 09:48 --------- d-----w c:\programdata\Symantec
2009-03-17 19:14 --------- d-----w c:\program files\Windows Mail
2009-03-17 19:08 --------- d-----w c:\programdata\Microsoft Help
2009-02-27 08:03 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 07:38 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-19 11:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-05 09:04 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-05 09:04 --------- d-----w c:\program files\Java
2009-01-20 22:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-20 22:18 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 22:18 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 22:18 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 22:18 --------- d-----w c:\program files\Symantec
2009-01-20 09:54 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-20 09:54 --------- d-----w c:\programdata\Lavasoft
2009-01-20 09:54 --------- d-----w c:\program files\Lavasoft
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-07-11 13:32 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-11 13:32 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AliceConnect"="c:\program files\3\3Connect\Wilog.exe" [2008-07-22 3727360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\System32\ico.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-07 11:12 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03C3A67B-1C7B-4F24-8111-386E660A0A13}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{41BAD286-A441-4AB0-A932-E7D8ED538130}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7ED66214-F3C1-4821-8550-ECA50EA43336}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{B5BBE3F2-FB7A-468E-92C4-5BCA97947BC9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{08104E7E-4CA7-4C99-8DE9-55CD416137B2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE7D8FBA-CDD7-45ED-A593-7175681C9347}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{71981EF8-699F-4C11-B1EF-23204694ACB5}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{516C30E8-7732-4AF5-A91F-C7217EB93360}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{D233CEE5-BE27-4CBC-BC9B-CF1E6B9AD86D}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{6582B433-AA4C-46A6-A673-A3E5E7BDD05F}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{4024D3E5-0FC3-4B06-8FF1-4F1430181F01}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{9E236A34-34E0-4520-B4C5-8C21AA288094}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{71105474-0527-4D4B-8000-8D85D591FA71}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1238C97A-4AC9-4E00-8C22-1F0E12309237}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46FB3387-3BF7-428F-822F-33959D009B9B}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{F07C3D6C-190C-4D08-A903-2438687565A9}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{1854969F-AF51-4D13-84C6-FE061DB5D819}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{D9568973-50C5-4E6D-9172-5E6EA9247EB5}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{3F006786-17C2-48B8-BC08-246AE0505155}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{41879630-35B4-4AF8-921B-66AF83FF4577}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{E60EC3C5-269A-4B7D-8547-3A0269DBEAFF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4B443838-BBF9-4233-952F-4C4629EACF0C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090310.005\IDSvix86.sys [2009-03-11 270384]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-07-07 73728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-12-28 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-07-07 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-07-07 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-07-07 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2007-12-28 23888]
S3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [2008-07-07 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [2008-07-07 19008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af4e884-80b4-11dd-9e22-001fe1c6113c}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af4e894-80b4-11dd-9e22-001fe1c6113c}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e56d976-abe9-11dd-b913-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e56d978-abe9-11dd-b913-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a891d5df-8426-11dd-b06f-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a891d5ee-8426-11dd-b06f-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f426c661-7fc1-11dd-8d15-00219bcdeaa3}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f426c67b-7fc1-11dd-8d15-00219bcdeaa3}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f426c680-7fc1-11dd-8d15-00219bcdeaa3}]
\shell\AutoRun\command - F:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Em.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-12-28 04:41]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Em\AppData\Roaming\Mozilla\Firefox\Profiles\1054y4qt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:12:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-18 21:14:05
ComboFix-quarantined-files.txt 2009-03-18 21:14:02

Pre-Run: 60,953,907,200 bytes free
Post-Run: 61,155,508,224 bytes free

221 --- E O F --- 2009-03-17 19:09:32
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP