Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to get rid of wdmaud.drv malware?


  • This topic is locked This topic is locked
2 replies to this topic

#1 refueler1

refueler1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 19 September 2010 - 04:38 PM

Hello, first time poster. I found this site when I downloaded combo fix and smitfraud fix. I am having problems with my browser redirecting to stupid sites. I read on youtube that it is a file titled wdmaud.drv causing my problems. I found the file in my sys32 file but I can deleted it so I ran combo fix and many other programs but nothing will delete it. Below is the log from my last combo fix:

ComboFix 10-09-17.04 - The Gaskins Family 09/19/2010 14:56:03.6.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2552 [GMT -4:00]
Running from: c:\documents and settings\The Gaskins Family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\8g4tqs6w.vbt
.
---- Previous Run -------
.
c:\windows\TEMP\hlxi75fl.vbt

-- Previous Run --

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

-- Previous Run --

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

--------

c:\windows\system32\winlogon.exe . . . is infected!!

-- Previous Run --

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

--------

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

--------

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 18:39 . 2010-09-19 18:55 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-09-19 02:48 . 2010-09-19 02:48 -------- d-----w- c:\program files\STOPzilla!
2010-09-19 02:48 . 2010-09-19 02:48 -------- d-----w- c:\program files\Common Files\iS3
2010-09-19 02:48 . 2010-09-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-17 22:53 . 2010-09-17 22:53 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-09-17 22:53 . 2010-09-17 22:53 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-09-17 22:53 . 2010-09-17 22:53 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-09-17 22:53 . 2010-09-17 22:53 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-09-17 22:53 . 2010-09-17 22:53 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-09-17 22:53 . 2010-09-17 22:53 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-09-17 22:53 . 2010-09-17 22:53 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-09-17 22:53 . 2010-09-17 22:53 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-09-17 22:53 . 2010-09-17 22:53 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-09-17 22:53 . 2010-09-17 22:53 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-09-17 22:53 . 2010-09-17 22:53 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-09-17 22:53 . 2010-09-17 22:53 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-09-11 12:23 . 2010-09-11 12:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Babylon-English
2010-09-08 23:53 . 2010-09-08 23:53 -------- d-----w- c:\windows\system32\Lang
2010-09-06 21:09 . 2010-09-06 21:09 -------- d-----w- c:\documents and settings\The Gaskins Family\Application Data\Codemasters
2010-09-06 21:06 . 2010-09-06 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-09-06 21:06 . 2010-09-06 21:06 -------- d-----w- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2010-09-06 21:06 . 2010-09-06 21:06 -------- d-----w- C:\ProgramData
2010-09-06 21:01 . 2010-09-06 21:01 -------- d-----w- c:\program files\Codemasters
2010-09-06 13:17 . 2010-09-06 13:19 -------- d-----w- c:\program files\Babylon-English
2010-09-06 13:17 . 2010-09-06 13:18 -------- d-----w- c:\documents and settings\The Gaskins Family\Local Settings\Application Data\Babylon-English
2010-09-06 13:17 . 2010-09-06 13:18 -------- d-----w- c:\documents and settings\The Gaskins Family\Local Settings\Application Data\Conduit
2010-09-06 13:17 . 2010-09-06 13:17 -------- d-----w- c:\program files\Conduit
2010-09-06 13:17 . 2010-09-06 13:17 -------- d-----w- c:\program files\Babylon
2010-09-06 13:17 . 2010-09-06 13:17 -------- d-----w- c:\program files\Video Player
2010-09-06 04:10 . 2010-09-06 04:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-06 02:54 . 2010-09-06 02:54 -------- d-----w- c:\program files\Common Files\Java
2010-09-06 02:54 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-04 21:21 . 2010-09-05 14:32 -------- d-----w- c:\documents and settings\The Gaskins Family\Local Settings\Application Data\pqeqlxhna

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 18:47 . 2010-09-19 18:46 680 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-09-19 18:43 . 2009-02-01 22:47 16608 ----a-w- c:\windows\gdrv.sys
2010-09-19 14:34 . 2009-03-11 20:36 -------- d-----w- c:\program files\LimeWire
2010-09-16 23:14 . 2009-03-11 20:49 -------- d-----w- c:\program files\CCleaner
2010-09-13 20:06 . 2009-08-25 09:01 -------- d-----w- c:\documents and settings\The Gaskins Family\Application Data\HpUpdate
2010-09-12 21:02 . 2009-02-03 01:14 1004 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-06 21:06 . 2009-02-01 22:58 -------- d-----w- c:\documents and settings\The Gaskins Family\Application Data\InstallShield
2010-09-06 21:06 . 2009-02-15 18:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-06 21:01 . 2009-02-01 22:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 21:01 . 2009-02-01 22:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-06 15:08 . 2009-04-17 01:50 -------- d-----w- c:\documents and settings\The Gaskins Family\Application Data\dvdcss
2010-09-06 13:45 . 2009-03-01 15:33 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-06 03:09 . 2009-02-01 22:46 35376 ----a-w- c:\documents and settings\The Gaskins Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 02:54 . 2009-03-11 20:37 -------- d-----w- c:\program files\Java
2010-09-04 02:55 . 2009-02-09 01:36 -------- d-----w- c:\documents and settings\The Gaskins Family\Application Data\HPAppData
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-31 00:15 . 2010-07-31 00:14 -------- d-----w- c:\program files\iTunes
2010-07-31 00:15 . 2010-07-31 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-31 00:14 . 2010-07-31 00:14 -------- d-----w- c:\program files\iPod
2010-07-31 00:14 . 2009-12-25 17:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-31 00:13 . 2009-09-13 22:29 -------- d-----w- c:\program files\QuickTime
2010-07-31 00:10 . 2010-03-20 10:53 32792 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-31 00:10 . 2009-12-25 17:59 -------- d-----w- c:\documents and settings\The Gaskins Family\Application Data\Apple Computer
2010-07-30 23:56 . 2010-07-30 23:56 -------- d-----w- c:\program files\Bonjour
2010-07-30 23:51 . 2010-07-30 23:51 -------- d-----w- c:\program files\Safari
2010-07-22 15:49 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 22:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 14:00 . 2010-06-24 14:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-04-14 12:00 1851904 ------w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 95B9C079CB1B4BC7164BEA0D91CDBF0D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . B7CE75AE3F790184822897BE72D77123 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
2010-09-06 13:19 2735200 ----a-w- c:\program files\Babylon-English\tbBab1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\tbBab1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE18769B-C7FA-42D2-860D-17C4662C70AD}"= "c:\program files\Babylon-English\tbBab1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\The Gaskins Family\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-08-10 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-08 16712]
"M-Audio Taskbar Icon"="c:\windows\System32\MAFWTray.exe" [2008-03-03 252424]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2008-03-03 252424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"hpqSRMon"="" [BU]

c:\documents and settings\The Gaskins Family\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\wirelesscm.exe [2009-2-15 29295872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\WildGames\\Polar Pool\\PolarPool.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/15/2009 8:08 PM 57344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S0 tnmpmnf;tnmpmnf;c:\windows\system32\drivers\koecvdt.sys --> c:\windows\system32\drivers\koecvdt.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/1/2009 6:51 PM 68136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 3:10 PM 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\D-Link DWA-556 Xtreme N PCIe Desktop Adapter\jswpsapi.exe [2/15/2009 8:08 PM 356434]
S3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [4/4/2009 12:34 PM 193032]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/2/2009 12:12 AM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:10]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 15:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\The Gaskins Family\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?NSA124410466935213%26version%3d3&certificate-verification-url=https%3a%2f%2ffe.gummo.flashcp.com%2fcoc

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-682003330-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8c,bf,f1,70,5d,a1,38,7b,6a,49,6a,e1,f1,30,0a,3f,d8,ba,06,7b,07,28,13,
c3,58,15,3d,e3,40,58,81,51,33,66,ff,ec,8a,5c,41,3a,9c,46,69,16,96,f1,fa,5b,\
"??"=hex:c0,05,b6,18,c1,c8,64,6c,ed,0f,67,10,33,e1,42,cf

[HKEY_USERS\S-1-5-21-448539723-682003330-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:68,f5,55,0a,f0,b9,b5,5f,a7,1f,41,19,59,3d,df,fa,8e,23,99,a3,d0,
70,2d,2c,c7,59,34,6f,32,2f,8b,b2,80,56,e4,bd,b0,11,2b,6f,15,61,53,90,fc,36,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1412)
c:\windows\WlanGINA\Version\1.0.4.0\WlanGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(640)
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-19 15:09:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 19:09
ComboFix2.txt 2010-09-17 23:02
ComboFix3.txt 2010-09-12 04:22
ComboFix4.txt 2010-09-09 01:26

Pre-Run: 606,633,672,704 bytes free
Post-Run: 606,618,210,304 bytes free

- - End Of File - - 4DC0EDF82A1C549532009D6A14EA9AB4

Edited by boopme, 19 September 2010 - 07:35 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 26 September 2010 - 07:01 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 01 October 2010 - 06:21 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users