Since yesterday I kept getting a pop up from Norton Antivirus saying a Packed Generic 200 Security Risk was detected - which it would then delete. This kept occurring throughout the day. I was also having trouble with my wireless connection - with pop ups telling me that the wireless manager had failed. Am on a Dell Inspiron 1525 which is nearly 6 months old and runs Vista.
Anyway, I searched around and found a suggestion to run combofix on my computer and was advised to post the log for someone with computer know how (obviously not me) to have a squiz to see if all ok? Computer seems to be running ok now, but it's early hours. If anyone could help would be extremely grateful.
Cheers.
Log:
ComboFix 09-03-15.01 - Em 2009-03-18 21:10:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1801 [GMT 0:00]
Running from: c:\users\Em\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-4-8-76-100031189-100014764-100016577-5410.com
c:\windows\system32\drivers\gaopdxeymrwpvxxxrbbrnniwbqbsqicnvqegdf.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxnpniyarovebwtpsirkriikoxmpuxtqet.dll
d:\recycler\S-4-8-76-100031189-100014764-100016577-5410.com
.
---- Previous Run -------
.
C:\autorun.inf
c:\windows\system32\drivers\gaopdxeymrwpvxxxrbbrnniwbqbsqicnvqegdf.sys
c:\windows\system32\gaopdxnpniyarovebwtpsirkriikoxmpuxtqet.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-11 06:25 . 2008-12-16 03:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 06:25 . 2009-02-09 03:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 06:25 . 2008-11-27 04:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 06:25 . 2008-12-16 05:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 06:25 . 2008-12-16 05:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 06:25 . 2008-12-16 05:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-23 17:36 . 2009-03-18 21:00 69 --a------ c:\windows\NeroDigital.ini
2009-02-23 17:34 . 2009-02-23 17:34 <DIR> d-------- c:\program files\Audacity
2009-02-23 15:45 . 2009-03-18 20:01 <DIR> d-------- c:\program files\Cool MP3 Splitter
2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\System32\drivers\symtdi.sys
2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\System32\drivers\symfw.sys
2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\System32\drivers\symndisv.sys
2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\System32\drivers\symids.sys
2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\System32\drivers\symredrv.sys
2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\System32\drivers\symdns.sys
2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\System32\drivers\SymRedir.cat
2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\System32\drivers\SymRedir.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 21:12 --------- d-----w c:\users\Em\AppData\Roaming\Skype
2009-03-18 21:05 --------- d-----w c:\users\Em\AppData\Roaming\skypePM
2009-03-18 20:13 --------- d-----w c:\programdata\Google Updater
2009-03-18 20:04 --------- d-----w c:\program files\Creative Live! Cam
2009-03-18 20:03 --------- d-----w c:\program files\Google
2009-03-18 09:48 --------- d-----w c:\programdata\Symantec
2009-03-17 19:14 --------- d-----w c:\program files\Windows Mail
2009-03-17 19:08 --------- d-----w c:\programdata\Microsoft Help
2009-02-27 08:03 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 07:38 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-19 11:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-05 09:04 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-05 09:04 --------- d-----w c:\program files\Java
2009-01-20 22:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-20 22:18 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 22:18 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 22:18 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 22:18 --------- d-----w c:\program files\Symantec
2009-01-20 09:54 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-20 09:54 --------- d-----w c:\programdata\Lavasoft
2009-01-20 09:54 --------- d-----w c:\program files\Lavasoft
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-07-11 13:32 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-11 13:32 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AliceConnect"="c:\program files\3\3Connect\Wilog.exe" [2008-07-22 3727360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\System32\ico.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-07 11:12 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03C3A67B-1C7B-4F24-8111-386E660A0A13}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{41BAD286-A441-4AB0-A932-E7D8ED538130}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7ED66214-F3C1-4821-8550-ECA50EA43336}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{B5BBE3F2-FB7A-468E-92C4-5BCA97947BC9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{08104E7E-4CA7-4C99-8DE9-55CD416137B2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE7D8FBA-CDD7-45ED-A593-7175681C9347}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{71981EF8-699F-4C11-B1EF-23204694ACB5}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{516C30E8-7732-4AF5-A91F-C7217EB93360}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{D233CEE5-BE27-4CBC-BC9B-CF1E6B9AD86D}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{6582B433-AA4C-46A6-A673-A3E5E7BDD05F}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{4024D3E5-0FC3-4B06-8FF1-4F1430181F01}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{9E236A34-34E0-4520-B4C5-8C21AA288094}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{71105474-0527-4D4B-8000-8D85D591FA71}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1238C97A-4AC9-4E00-8C22-1F0E12309237}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{46FB3387-3BF7-428F-822F-33959D009B9B}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{F07C3D6C-190C-4D08-A903-2438687565A9}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{1854969F-AF51-4D13-84C6-FE061DB5D819}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{D9568973-50C5-4E6D-9172-5E6EA9247EB5}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{3F006786-17C2-48B8-BC08-246AE0505155}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{41879630-35B4-4AF8-921B-66AF83FF4577}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{E60EC3C5-269A-4B7D-8547-3A0269DBEAFF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4B443838-BBF9-4233-952F-4C4629EACF0C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090310.005\IDSvix86.sys [2009-03-11 270384]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-07-07 73728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-12-28 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-07-07 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-07-07 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-07-07 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2007-12-28 23888]
S3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [2008-07-07 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [2008-07-07 19008]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af4e884-80b4-11dd-9e22-001fe1c6113c}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af4e894-80b4-11dd-9e22-001fe1c6113c}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e56d976-abe9-11dd-b913-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e56d978-abe9-11dd-b913-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a891d5df-8426-11dd-b06f-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a891d5ee-8426-11dd-b06f-001fe1e0ead6}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f426c661-7fc1-11dd-8d15-00219bcdeaa3}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f426c67b-7fc1-11dd-8d15-00219bcdeaa3}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f426c680-7fc1-11dd-8d15-00219bcdeaa3}]
\shell\AutoRun\command - F:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Em.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-12-28 04:41]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Em\AppData\Roaming\Mozilla\Firefox\Profiles\1054y4qt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:12:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-18 21:14:05
ComboFix-quarantined-files.txt 2009-03-18 21:14:02
Pre-Run: 60,953,907,200 bytes free
Post-Run: 61,155,508,224 bytes free
221 --- E O F --- 2009-03-17 19:09:32