Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus , malware help


  • This topic is locked This topic is locked
2 replies to this topic

#1 arcalis

arcalis

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 27 March 2010 - 09:18 AM

hi

all my google search results have been getting redirected to ad websites i have run combo fix and have a log i would like to post dont know if this is the right place to post it ive been looking all around

thanks

heres the log

ComboFix 10-03-26.02 - mike 27/03/2010 13:38:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1791.954 [GMT 0:00]
Running from: c:\users\mike\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Sunbelt Software Sunbelt CounterSpy 2.5.1042 *disabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\CSC2.5U-EN-840-I.sbr.sgn
c:\users\mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\CSC2.5U-EN-859-I.sbr.sgn
c:\users\mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\CSC2.5U-EN-913-F.sbr.sgn
c:\users\mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\ENCounterSpyConsumer.2.5.1043.0.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-27 12:06 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 12:06 . 2010-03-27 12:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 12:06 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 11:27 . 2010-03-27 11:27 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2010-03-27 11:26 . 2010-03-27 11:26 -------- d-----w- c:\programdata\Malwarebytes
2010-03-26 23:03 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-26 23:03 . 2010-03-26 23:03 -------- d-----w- c:\program files\Panda Security
2010-03-12 02:16 . 2010-03-12 02:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-11 02:45 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 02:45 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 02:45 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 02:44 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-11 02:42 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-11 02:42 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-11 02:42 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-03-11 02:42 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-11 02:42 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-11 02:42 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-11 02:42 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-11 02:42 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-03-11 02:42 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-03-11 02:42 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-03-11 02:39 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-11 02:39 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-11 02:39 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-11 02:39 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-11 02:39 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-11 02:39 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-11 02:39 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-11 02:39 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-11 02:39 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-11 02:39 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-03-11 02:39 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-11 02:39 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-09 05:08 . 2010-03-09 05:09 -------- d-----w- C:\LG3G
2010-02-27 15:48 . 2010-02-27 15:48 -------- d-----w- c:\program files\Pixologic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 13:49 . 2009-01-06 23:51 -------- d-----w- c:\programdata\Kontiki
2010-03-27 12:57 . 2008-12-02 15:47 680 ----a-w- c:\users\mike\AppData\Local\d3d9caps.dat
2010-03-27 01:41 . 2009-02-25 15:03 -------- d-----w- c:\programdata\Google Updater
2010-03-18 00:39 . 2009-07-13 10:54 -------- d-----w- c:\users\mike\AppData\Roaming\vlc
2010-03-12 11:24 . 2010-03-12 11:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-12 02:16 . 2008-05-31 22:48 -------- d-----w- c:\program files\Java
2010-03-12 01:19 . 2008-06-01 06:20 60592 ----a-w- c:\users\mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 01:16 . 2008-06-26 08:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-12 01:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-06 00:31 . 2008-09-10 22:10 -------- d-----w- c:\users\mike\AppData\Roaming\dvdcss
2010-02-27 15:50 . 2006-12-13 00:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 09:50 . 2009-02-25 15:03 -------- d-----w- c:\program files\Google
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\users\mike\AppData\Roaming\Mchid
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\users\mike\AppData\Roaming\Livestation
2010-01-31 15:38 . 2010-01-31 15:38 -------- d-----w- c:\program files\OpenAL
2010-01-31 15:38 . 2010-01-31 15:38 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 15:38 . 2010-01-31 15:38 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-25 08:35 . 2010-03-11 02:43 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-16 12:50 . 2010-01-16 12:49 5562672 ----a-w- c:\users\mike\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.4.9.1.exe
2010-01-02 06:38 . 2010-03-11 02:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-11 02:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-03-11 02:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-03-11 02:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-17 10:40 . 2009-05-17 10:40 8192 --sha-w- c:\windows\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SRS Audio Sandbox"="c:\audio sandbox\SRSSSC.exe" [2009-02-08 3215360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"00PCTFW"="c:\pc tools firewall plus\FirewallGUI.exe" [2009-02-25 2652056]
"SBCSTray"="c:\counterspy\SBCSTray.exe" [2007-11-28 698864]
"AVG8_TRAY"="c:\avg\AVG8\avgtray.exe" [2010-03-19 2046816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CDEReInst"="c:\program files\InstallShield Installation Information\{86E75D64-3982-40F3-B741-C1A16782831B}\setup.exe" [2001-09-05 56320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2009-01-02 12:05 1041960 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
2007-05-02 12:07 504824 ----a-w- c:\bcwipe\BCWipeTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-07 12:04 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\poweriso\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-06 04:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9975a575e79f0;Google Update Service (gupdate1c9975a575e79f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 133104]
R3 CE9500;CE9500.Sys driver;c:\windows\system32\Drivers\ce9500.sys [2007-11-29 114176]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R4 BCSWAP;BCSWAP; [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-15 108552]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S2 avg8emc;AVG8 E-mail Scanner;c:\avg\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG8 WatchDog;c:\avg\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-02-25 73840]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-02-25 95640]
S3 SBAPIFS;SBAPIFS;c:\windows\system32\drivers\sbapifs.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-25 16:25]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 15:04]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 15:04]

2010-03-27 c:\windows\Tasks\RegCure Program Check.job
- c:\regcure\RegCure.exe [2007-08-02 09:20]

2010-03-11 c:\windows\Tasks\RegCure.job
- c:\regcure\RegCure.exe [2007-08-02 09:20]

2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{5D6107B7-51DF-4D54-9FB7-0F9D4428FD07}.job
- c:\windows\system32\msfeedssync.exe [2010-03-11 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://www.coolstreaming.us/consolle/plug-in/tvants.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\gtrhjs02.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\avg\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\divx\DivX Content Uploader\npUpload.dll
FF - plugin: c:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\divx\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\veetle\Player\npvlc.dll
FF - plugin: c:\veetle\plugins\npVeetle.dll
FF - plugin: c:\veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\veoh networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 13:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSDFilter]
"ImagePath"="0"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\pc tools firewall plus\FWService.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\avg\AVG8\avgrsx.exe
c:\avg\AVG8\avgnsx.exe
c:\3ds max\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\avg\AVG8\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-03-27 13:57:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 13:57

Pre-Run: 35,068,997,632 bytes free
Post-Run: 35,700,363,264 bytes free

- - End Of File - - BF6D152471A0CBF304DCBF8DB1C6353B

Merged topics and posts and removed redundancies. ~ OB

Edited by Orange Blossom, 27 March 2010 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:31 AM

Posted 30 March 2010 - 07:06 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:31 AM

Posted 04 April 2010 - 07:30 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users