Thread: need help with viruses please
View Single Post
Old 07-08-2009, 10:38 PM   #4 (permalink)
montuiiri
New Member
 
Join Date: Jun 2009
Posts: 8
Default
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/08/2008 19:04 42608]
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\drivers\ AVGIDSErHr.sys [26/02/2009 12:46 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [23/06/2009 13:49 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [23/06/2009 13:48 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/06/2009 13:49 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/06/2009 13:49 108552]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsd efs\20090618.001\IDSvix86.sys [19/06/2009 22:30 272432]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [30/08/2008 19:11 61424]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/06/2009 11:43 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/06/2009 11:43 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/06/2009 11:43 1368952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Agent.exe [26/02/2009 12:46 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Watcher.exe [26/02/2009 12:46 563720]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 21:11 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/08/2008 19:13 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [22/07/2008 20:24 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/08/2008 19:04 3602432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 20:37 149352]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [26/04/2008 05:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/08/2008 19:13 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [26/04/2008 05:36 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/08/2008 19:27 233472]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\pla tform_VISTA\AVGIDSDriver.sys [26/02/2009 12:46 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\pla tform_VISTA\AVGIDSFilter.sys [26/02/2009 12:46 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\pla tform_VISTA\AVGIDSShim.sys [26/02/2009 12:46 29136]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mo n.sys [13/01/2008 03:32 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/06/2009 21:32 101936]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sy s [22/07/2008 20:26 47104]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [22/07/2008 20:26 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 06:05 44064]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symn disv.sys [19/02/2009 12:31 41008]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [28/03/2007 15:51 43008]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [13/04/2009 21:00 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/12/2008 16:44 24064]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [17/12/2008 16:29 81704]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; eSobiSubscriber 2.0.4.16)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://www.shockwave.com/content/fashiondash/sis/fashiondashweb.1.0.0.21.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 22:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3174598469-3112961280-3084858069-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,eb,47,f8,ca,33,63,fc,fa,1a,65,a8 ,9e,95,5f,29,16,f2,61,06,cb,
b8,63,78,98,f7,6d,d5,ff,5d,5f,ea,87,40,4b,fe,b0,a4 ,24,79,2c,d2,fd,e0,99,cf,\
"rkeysecu"=hex:1c,6b,f6,5e,c0,ba,a1,db,0b,d1,ac,02 ,fd,06,2c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\MONTUI~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Acer\Acer Bio Protection\PwdBank.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDS Monitor.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Completion time: 2009-06-30 22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 21:41

Pre-Run: 68,291,706,880 bytes free
Post-Run: 67,263,795,200 bytes free

397 --- E O F --- 2009-06-15 20:30
montuiiri is offline   Reply With Quote