|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
04-28-2009, 09:52 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 2
OS: Windows XP Media Center
|
Need to Clean PC ASAP for My Job
Hi Everyone,
First off, I apologize for the redundancy of this post, I have so many similar issues as many on here have had. I am soon to begin working virtually for my employer, but am required to use my own personal laptop for the job. I recently have been experiencing issues with my Google searches being hijacked, as well as other pop-ups and general slowness. I have been running CCleaner and Malwarebytes' on my computer frequently, but everything seems to be coming back no matter what I do. I desperately need to have these issues fixed as soon as possible as I need to have my laptop outfitted with all of my work-required applications. I appreciate any help or advice that anyone has. I ran ComboFix and here is the log: ComboFix 09-04-28.02 - Mark 04/28/2009 20:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.694 [GMT -7:00] Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt c:\documents and settings\LocalService\protect.dll c:\documents and settings\Mark\Local Settings\Temporary Internet Files\Cpvff.stt c:\documents and settings\Mark\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\Mark\protect.dll c:\documents and settings\Mark\Start Menu\Programs\Startup\ChkDisk.dll c:\documents and settings\Mark\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\NetworkService\protect.dll c:\temp\xOe c:\temp\xOe\tOasF.log c:\windows\system32\aaemtall.ini c:\windows\system32\ainmwtdn.ini c:\windows\system32\ak1.exe c:\windows\system32\akepajib.ini c:\windows\system32\aopxhvqy.ini c:\windows\system32\ardobfpf.ini c:\windows\system32\autochk.dll c:\windows\system32\ayhibvak.ini c:\windows\system32\bfvrndan.ini c:\windows\system32\bhsabuij.ini c:\windows\system32\bxtottqj.ini c:\windows\system32\C2 c:\windows\system32\cjexgaoi.ini c:\windows\system32\clijxwws.ini c:\windows\system32\cojpmuoi.ini c:\windows\system32\config\systemprofile\protect.dll c:\windows\system32\cstbevlf.ini c:\windows\system32\cuxqcptq.ini c:\windows\system32\cytnckyu.ini c:\windows\system32\dbpycyxc.ini c:\windows\system32\dgisobtr.ini c:\windows\system32\dityxvvf.ini c:\windows\system32\dlwnrdwu.ini c:\windows\system32\drivers\ovfsthjpuvhqrdfrdtbnnwompxroylpspkjkla.sys c:\windows\system32\dtnlpccl.ini c:\windows\system32\dvyaloin.ini c:\windows\system32\dxmpwknr.ini c:\windows\system32\eoqqvyki.ini c:\windows\system32\eqrxugcf.ini c:\windows\system32\evfewpec.ini c:\windows\system32\evvrvadr.ini c:\windows\system32\fcsmtsba.ini c:\windows\system32\fnqljdne.ini c:\windows\system32\foheuiyb.ini c:\windows\system32\gaccuwoa.ini c:\windows\system32\gcmctscf.ini c:\windows\system32\gkknmdek.ini c:\windows\system32\gqggfwrr.ini c:\windows\system32\hccdmyon.ini c:\windows\system32\hclbjonr.ini c:\windows\system32\heyxrsfx.ini c:\windows\system32\htdkfotw.ini c:\windows\system32\hvwdfxtj.ini c:\windows\system32\ibenojed.ini c:\windows\system32\idscekgy.ini c:\windows\system32\ilfoxpgi.ini c:\windows\system32\jbyyeptv.ini c:\windows\system32\jshmsupj.ini c:\windows\system32\jtaklwxo.ini c:\windows\system32\kebmkkpx.ini c:\windows\system32\kfcmbiwk.ini c:\windows\system32\khwqyqmf.ini c:\windows\system32\kklhddse.ini c:\windows\system32\kkyevcli.ini c:\windows\system32\kowpnwas.ini c:\windows\system32\kyfphdav.ini c:\windows\system32\kywbbotq.ini c:\windows\system32\lcopvxyp.ini c:\windows\system32\ldhvtoud.ini c:\windows\system32\lffgisjs.ini c:\windows\system32\lgudgayq.ini c:\windows\system32\limbxudq.ini c:\windows\system32\lkdtkmdl.ini c:\windows\system32\lrikxadt.ini c:\windows\system32\mdxdopwj.ini c:\windows\system32\mecwmvfn.ini c:\windows\system32\mejfitqm.ini c:\windows\system32\mktflyrb.ini c:\windows\system32\mqfmtxwg.ini c:\windows\system32\mqpxvurd.ini c:\windows\system32\namurelu.dll c:\windows\system32\nbmqnyun.ini c:\windows\system32\ncninktu.ini c:\windows\system32\nipwdmhk.ini c:\windows\system32\njkvgupc.ini c:\windows\system32\nkoclfcd.ini c:\windows\system32\nmvicnhh.ini c:\windows\system32\nomejqvm.ini c:\windows\system32\nongpgah.ini c:\windows\system32\nqosigkq.ini c:\windows\system32\nuknkrde.ini c:\windows\system32\nvuiaicc.ini c:\windows\system32\nwkoikpc.ini c:\windows\system32\onmfvutm.ini c:\windows\system32\oUCIknmp.ini2 c:\windows\system32\ouhqjbvw.ini c:\windows\system32\ovfsthbuwqyvtuytdmenrmspvrlfqjcujypbcc.dat c:\windows\system32\ovfsthnxmmxmnbgdfkdptgxpbcswmwlwfatcus.dat c:\windows\system32\ovfsthqjpuojlrdqnmxkaqurujrxgtrjtqvcav.dll c:\windows\system32\ovfsthvdpftqsmktewavwxdkmsyaoepujehcjs.dll c:\windows\system32\ovfsthwaiyotjwpwjjxssysxxvholmuipriojq.dll c:\windows\system32\pameeovb.ini c:\windows\system32\pmmcipbv.ini c:\windows\system32\pnprqhoy.ini c:\windows\system32\qfddddxm.ini c:\windows\system32\qstwa.ini2 c:\windows\system32\qstwa.tmp c:\windows\system32\qwijmoum.ini c:\windows\system32\rlfukcue.ini c:\windows\system32\RtuEgMoq.ini2 c:\windows\system32\sceopbsd.ini c:\windows\system32\sgyuwuem.ini c:\windows\system32\sjymtdnr.ini c:\windows\system32\sofijrpr.ini c:\windows\system32\sowelysv.ini c:\windows\system32\spodyuja.ini c:\windows\system32\ssxwwjuc.ini c:\windows\system32\stopqwxu.ini c:\windows\system32\tazobogi.dll c:\windows\system32\tgtyjqpi.ini c:\windows\system32\tjrdgktp.ini c:\windows\system32\ttbdksro.ini c:\windows\system32\tujvuure.ini c:\windows\system32\uckikabr.ini c:\windows\system32\udroxptn.ini c:\windows\system32\uniq.tll c:\windows\system32\uybmcalw.ini c:\windows\system32\vafxsmeu.ini c:\windows\system32\vfqhefve.ini c:\windows\system32\vjttshns.ini c:\windows\system32\vmqapipg.ini c:\windows\system32\vmriupkw.ini c:\windows\system32\vqhtjxgl.ini c:\windows\system32\wcxktrcv.ini c:\windows\system32\wenifjew.ini c:\windows\system32\wfspnlqt.ini c:\windows\system32\whfbibbg.ini c:\windows\system32\whxaagbm.ini c:\windows\system32\win32hlp.cnf c:\windows\system32\woyqmpsn.ini c:\windows\system32\wxbflinc.ini c:\windows\system32\xoodocdp.ini c:\windows\system32\yfixpaea.ini c:\windows\system32\yfsywdom.ini c:\windows\system32\ymbols~1 c:\windows\system32\yujnsxir.ini c:\windows\system32\Z1 c:\windows\system32\Z2 c:\windows\Tasks\ttkrvwap.job c:\windows\Temp\103199782.exe c:\windows\Temp\1166782940.exe c:\windows\Temp\130910524.exe c:\windows\Temp\1408588908.exe c:\windows\Temp\1411433788.exe c:\windows\Temp\1540975932.exe c:\windows\Temp\1742429750.exe c:\windows\Temp\1864522806.exe c:\windows\Temp\1994064950.exe c:\windows\Temp\260456682.exe c:\windows\Temp\2636921048.exe c:\windows\Temp\2821499196.exe c:\windows\Temp\3003534394.exe c:\windows\Temp\3022953014.exe c:\windows\Temp\3145358570.exe c:\windows\Temp\3274588214.exe c:\windows\Temp\400612564.exe c:\windows\Temp\460812780.exe c:\windows\Temp\472687736.exe c:\windows\Temp\517473392.exe c:\windows\Temp\531382920.exe c:\windows\Temp\583999542.exe c:\windows\Temp\653341860.exe c:\windows\Temp\685325844.exe c:\windows\Temp\688538062.exe c:\windows\Temp\787687736.exe c:\windows\Temp\827858202.exe c:\windows\Temp\8508982.exe c:\windows\Temp\896212498.exe c:\windows\Temp\913519876.exe c:\windows\Temp\999849802.exe C:\xcrashdump.dat Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\i386\userinit.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthveoclvoawqjealnelrtvdoykinardmgg ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))))) . 2009-04-28 06:52 . 2009-04-29 01:39 27648 ----a-w c:\windows\system32\lmppcsetup.exe 2009-04-28 06:37 . 2009-04-28 06:37 29696 ----a-w c:\windows\system32\loader100.exe 2009-04-27 22:52 . 2009-04-27 22:52 29696 ----a-w c:\windows\system32\loader49.exe 2009-04-27 17:06 . 2009-04-27 22:37 39936 ----a-w c:\windows\system32\winglsetup.exe 2009-04-27 14:44 . 2009-04-27 14:44 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla 2009-04-27 14:37 . 2009-04-27 14:37 24064 ----a-w c:\windows\system32\loader266.exe 2009-04-27 05:25 . 2009-04-28 17:36 -------- d-----w c:\documents and settings\Mark\Application Data\digifast 2009-04-27 05:20 . 2009-04-28 07:51 -------- d-----w c:\documents and settings\Mark\Application Data\Twain 2009-04-25 16:48 . 2009-04-25 16:49 4096 ----a-w c:\windows\system32\ftp_non_crp.exe 2009-04-25 04:57 . 2009-04-25 04:57 -------- d-----w c:\documents and settings\Mark\Application Data\pidle 2009-04-12 01:37 . 2009-04-14 04:39 -------- d-----w C:\fixwareout 2009-04-04 19:55 . 2009-04-04 19:55 -------- d-----w c:\program files\Common Files\INCA Shared 2009-04-04 19:51 . 2009-04-04 19:51 -------- d-----w C:\GamesCampus 2009-04-02 02:30 . 2009-04-02 02:30 -------- d-----w c:\program files\CCleaner 2009-04-01 05:43 . 2009-04-01 16:06 -------- d--h--w C:\$AVG8.VAULT$ 2009-04-01 04:53 . 2009-04-01 04:53 -------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-04-01 04:52 . 2009-04-01 04:52 -------- d-----w c:\program files\AVG 2009-04-01 04:52 . 2009-04-02 02:51 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-01 03:27 . 2009-04-01 03:27 -------- d-----w c:\documents and settings\Mark\Application Data\Malwarebytes 2009-04-01 03:27 . 2009-03-26 23:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-01 03:27 . 2009-03-26 23:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-01 03:27 . 2009-04-01 03:27 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-01 03:27 . 2009-04-14 04:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-31 04:35 . 2009-04-01 14:07 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-03-31 01:40 . 2009-03-31 01:40 -------- d-----w C:\VundoFix Backups 2009-03-31 01:30 . 2009-03-31 01:46 -------- d-----w c:\program files\SpyZooka 2009-03-31 01:29 . 2009-03-31 01:29 -------- d-----w c:\documents and settings\Mark\Application Data\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-25 04:57 . 2009-01-25 04:57 52224 --sha-w c:\windows\system32\sirarida.exe 2009-04-25 04:57 . 2009-04-25 04:57 35328 ----a-w c:\windows\system32\prnet.tmp 2009-04-14 04:43 . 2006-04-19 00:43 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-01 05:48 . 2006-08-14 15:38 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-30 16:48 . 1601-01-01 00:12 79872 --sha-w c:\windows\system32\sabejaki.dll 2009-03-22 04:09 . 2009-03-22 04:09 -------- d-----w c:\program files\EA GAMES 2009-03-22 00:38 . 2009-03-22 00:38 -------- d-----w c:\program files\Daemon Tools 2009-03-19 14:04 . 2006-10-22 19:22 -------- d-----w c:\program files\Apple Software Update 2009-03-14 18:29 . 2007-12-31 22:51 -------- d-----w c:\program files\iTunes 2009-03-14 18:29 . 2006-05-28 20:07 -------- d-----w c:\program files\iPod 2009-03-14 18:29 . 2007-07-07 14:12 -------- d-----w c:\program files\Common Files\Apple 2009-03-14 18:27 . 2007-07-02 01:23 -------- d-----w c:\program files\QuickTime 2009-03-02 19:26 . 2009-02-22 22:11 -------- d-----w c:\program files\WorldOfGoo 2009-02-09 10:19 . 2005-08-16 09:18 1846272 ----a-w c:\windows\system32\win32k.sys 2009-04-27 05:26 . 2009-04-27 05:26 211968 ----a-w c:\program files\mozilla firefox\components\dfff.dll 2009-04-22 07:12 . 2009-04-22 07:12 90624 ----a-w c:\program files\mozilla firefox\components\WWShow.dll 2008-02-25 08:14 . 2008-02-25 08:14 1079948 --sha-w c:\windows\system32\eqrxugcf.tmp 2009-01-25 04:57 . 2009-01-25 04:57 48640 --sha-w c:\windows\system32\feguzevi.dll.tmp 2009-01-21 02:25 . 2009-01-21 02:25 50688 --sha-w c:\windows\system32\janibela.dll.tmp 2009-01-25 04:57 . 2009-01-25 04:57 48640 --sha-w c:\windows\system32\kodupowe.dll.tmp 2009-01-21 02:25 . 2009-01-21 02:25 50688 --sha-w c:\windows\system32\lomehane.dll.tmp 2009-01-25 04:57 . 2009-01-25 04:57 48640 --sha-w c:\windows\system32\tizudijo.dll.tmp 2009-01-21 02:25 . 2009-01-21 02:25 50688 --sha-w c:\windows\system32\wedusoha.dll.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "prnet"="c:\windows\system32\prnet.tmp" [2009-04-25 35328] "pidle"="c:\documents and settings\Mark\Application Data\pidle\pidle.exe" [2009-04-25 56832] "DigiFast"="c:\documents and settings\Mark\Application Data\digifast\digifast.exe" [2009-04-27 225792] "SfKg6wIPuSpdc"="c:\documents and settings\Mark\Application Data\Microsoft\Windows\rthui.exe" [2009-04-27 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "prnet"="c:\windows\system32\prnet.tmp" [2009-04-25 35328] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-17 397312] c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ ChkDisk.dll [2009-4-28 24064] c:\documents and settings\Mark\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-18 24576] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "TermService"=3 (0x3) "SavRoam"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R4 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-08-18 153416] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c81944dc-b114-11dc-bfd9-00130233e713}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . Contents of the 'Scheduled Tasks' folder 2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] . - - - - ORPHANS REMOVED - - - - BHO-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-autochk - c:\windows\system32\autochk.dll HKU-Default-Run-Windows Resurections - c:\windows\TEMP\b6lyicdy8.exe HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3145358570.exe HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll Notify-xxyvstr - xxyvstr.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\ielhle0z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - component: c:\program files\Mozilla Firefox\components\dfff.dll FF - component: c:\program files\Mozilla Firefox\components\WWShow.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-28 20:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\H* 2*] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(344) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\system32\ati2evxx.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\SoftwareDistribution\Download\3385b5e709509d6e2e40ffe6fcdd8ec9\update\update.exe . ************************************************************************** . Completion time: 2009-04-29 20:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-29 03:37 Pre-Run: 35,010,461,696 bytes free Post-Run: 34,823,303,168 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 404 --- E O F --- 2009-03-14 17:07 |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-29-2009, 08:30 AM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 2
OS: Windows XP Media Center
|
Re: Need to Clean PC ASAP for My Job
I just was informed that I'll need to bring in my laptop to work early next week to have the necessary programs installed, please let me know if there are any suggestions.
|
|
|
|
|
| Thread Tools | |
|
|
