Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
MCE Infected?
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > MCE Infected?  
Forum Quick Jump
 
New Topic Post reply to : MCE Infected? Printable version of : MCE Infected?
[ << Previous Thread | Next Thread >> ]

Hurco
New Member


Date Joined Oct 2008
Total Posts : 2
  		   Posted 10-11-2008 11:39 (GMT +1)    Quote: MCE Infected?Alert an admin about: MCE Infected?
Hi,

I have run the various cleaning programs, so just need it checked to see if I am now clear of any infections.

logs:

Malwarebytes' Anti-Malware 1.28
Database version: 1253
Windows 5.1.2600 Service Pack 3

11/10/2008 10:55:15
mbam-log-2008-10-11 (10-55-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 78078
Time elapsed: 10 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F9AB3BFD-6A64-46ED-82D9-635336FB3185}\RP25\A0009392.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9AB3BFD-6A64-46ED-82D9-635336FB3185}\RP25\A0009393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9AB3BFD-6A64-46ED-82D9-635336FB3185}\RP25\A0009394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9AB3BFD-6A64-46ED-82D9-635336FB3185}\RP25\A0009395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13683a16.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM13683a16.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------

ComboFix 08-10-10.09 - Media Centre 2008-10-11 11:01:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1002 [GMT 1:00]
Running from: \\Server\Software\Apps\FIX\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ikbeubof.ini
C:\WINDOWS\system32\JkRYJkkj.ini
C:\WINDOWS\system32\JkRYJkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-11 10:26 . 2008-10-11 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 10:26 . 2008-10-11 10:26 <DIR> d-------- C:\Documents and Settings\Media Centre\Application Data\Malwarebytes
2008-10-11 10:26 . 2008-10-11 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 10:26 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 10:26 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 20:40 . 2008-10-02 20:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-02 20:37 . 2008-10-02 20:37 <DIR> d-------- C:\Program Files\CCleaner
2008-10-02 20:37 . 2008-10-02 20:39 <DIR> d-------- C:\Downloads
2008-10-02 20:37 . 2008-10-02 20:39 <DIR> d-------- C:\Bases
2008-10-02 20:36 . 2008-10-02 20:45 <DIR> d-------- C:\Kaspersky
2008-09-30 19:09 . 2008-09-30 19:09 <DIR> d-------- C:\Documents and Settings\Media Centre\Application Data\Windows Search
2008-09-28 17:48 . 2008-09-28 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 17:38 . 2008-09-28 17:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 17:26 . 2008-09-28 17:26 <DIR> d-------- C:\Program Files\MSBuild
2008-09-28 17:25 . 2008-09-28 17:39 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 17:24 . 2008-09-28 17:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 20:31 . 2008-09-27 22:58 209 --a------ C:\WINDOWS\wininit.ini
2008-09-26 21:19 . 2008-09-26 21:37 <DIR> d-------- C:\Program Files\XMLTV GUI
2008-09-26 18:08 . 2008-09-26 18:08 <DIR> d-------- C:\Documents and Settings\Media Centre\Application Data\Windows Home Server
2008-09-26 18:07 . 2008-09-26 18:07 <DIR> d-------- C:\Program Files\Windows Home Server
2008-09-26 17:53 . 2008-10-11 11:03 <DIR> d-------- C:\Program Files\SpeedFan
2008-09-26 17:53 . 2008-09-26 17:53 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-09-25 22:13 . 2008-09-25 22:13 <DIR> d-------- C:\Program Files\SOUNDGRAPH
2008-09-25 21:05 . 2003-12-30 22:28 45,060 --a------ C:\WINDOWS\system32\drivers\TG_iMON.sys
2008-09-25 21:05 . 2004-12-22 14:51 18,090 --a------ C:\WINDOWS\system32\drivers\iMON_PAD.sys
2008-09-25 21:04 . 2008-10-11 11:03 <DIR> d-------- C:\Documents and Settings\Media Centre\Application Data\SOUNDGRAPH
2008-09-25 21:04 . 2008-09-25 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SOUNDGRAPH
2008-09-25 21:04 . 2008-04-13 19:39 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-25 21:04 . 2008-04-13 19:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-09-25 21:03 . 2008-04-13 19:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-25 21:03 . 2008-04-13 19:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-25 19:47 . 2008-09-27 18:29 <DIR> d-------- C:\Program Files\DVBViewer
2008-09-25 19:47 . 2008-09-25 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CMUV
2008-09-25 19:01 . 2008-09-25 19:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-25 18:19 . 2008-10-02 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-25 18:19 . 2007-03-02 17:55 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-09-25 18:19 . 2007-03-02 17:55 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-09-25 18:18 . 2007-03-02 17:55 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-09-25 18:18 . 2007-03-02 17:55 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-09-25 06:50 . 2008-09-25 06:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-09-25 06:48 . 2008-09-25 06:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 06:46 . 2008-10-02 20:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-25 06:46 . 2008-09-25 06:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 06:44 . 2008-08-20 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-09-25 06:43 . 2008-09-25 06:43 <DIR> d-------- C:\ATI
2008-09-25 06:39 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-25 06:35 . 2008-09-28 14:16 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-25 06:35 . 2008-09-25 06:35 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-09-25 06:35 . 2008-09-25 06:35 <DIR> d-------- C:\Documents and Settings\Media Centre\Application Data\Windows Desktop Search
2008-09-25 06:35 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-25 06:35 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-25 06:35 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-25 06:34 . 2008-09-25 06:34 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-25 06:26 . 2008-09-25 06:26 <DIR> d-------- C:\Program Files\Haali
2008-09-25 06:25 . 2008-09-25 06:25 <DIR> d-------- C:\Program Files\CoreCodec
2008-09-24 20:31 . 2008-09-24 20:31 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-24 20:31 . 2008-09-24 20:31 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-24 20:31 . 2008-09-24 20:31 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-24 20:31 . 2008-09-24 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-24 20:30 . 2008-09-24 20:31 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-24 20:23 . 2008-04-14 01:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-24 20:13 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-24 20:08 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-24 20:07 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-24 20:07 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-24 20:05 . 2008-09-24 20:05 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-24 20:00 . 2008-04-14 01:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-24 20:00 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 09:22 --------- d-----w C:\Program Files\WinTV
2008-10-02 20:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 19:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-25 05:48 --------- d-----w C:\Program Files\ATI Technologies
2008-09-24 18:47 --------- d-----w C:\Program Files\Alwil Software
2008-09-24 18:35 --------- d-----w C:\Program Files\Common Files\IviSDK
2008-09-24 18:28 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-09-24 18:28 --------- d-----w C:\Program Files\Realtek
2008-09-24 18:25 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-24 18:25 --------- d-----w C:\Program Files\AMD
2008-09-24 18:25 --------- d-----w C:\Documents and Settings\Media Centre\Application Data\InstallShield
2008-09-24 18:25 --------- d-----w C:\Documents and Settings\Media Centre\Application Data\ATI
2008-09-24 18:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-24 18:20 --------- d-----w C:\Program Files\DIFX
2008-09-24 18:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-24 18:10 --------- d-----w C:\Program Files\Windows Plus
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"iMON"="C:\Program Files\SOUNDGRAPH\iMON\iMON.exe" [2008-09-25 2605056]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2008-04-22 3287552]
Windows Home Server.lnk - C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-09-26 554528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Apps\\DVBViewer3.5\\DVBServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Home Server\\Discovery.exe"=
"C:\\Program Files\\DVBViewer\\dvbviewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2008-04-18 12928]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2008-07-12 326688]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2008-04-18 182400]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys [2008-04-18 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2008-04-18 320256]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2008-04-18 394880]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2008-04-18 17280]
.
- - - - ORPHANS REMOVED - - - -

BHO-{CEB5F777-5AED-4768-801F-F50D7A5F8949} - (no file)
Notify-tuvTklkH - tuvTklkH.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 11:03:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\0.log 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-11 11:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-11 10:04:34

Pre-Run: 95,539,257,344 bytes free
Post-Run: 95,457,898,496 bytes free

189 --- E O F --- 2008-09-25 02:02:01

---------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:25, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Media Centre\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Windows Home Server.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3908 bytes


Thanks in advance,
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 10-11-2008 6:57 (GMT +1)    Quote: MCE Infected?Alert an admin about: MCE Infected?
Hello smile
 
It looks clean to Me. How are things running ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Hurco
New Member


Date Joined Oct 2008
Total Posts : 2
  		   Posted 10-12-2008 10:18 (GMT +1)    Quote: MCE Infected?Alert an admin about: MCE Infected?
Hi,

Yep it seems to be working OK now. Although avast still seems to find things to highlight as potential threats. Mainly password protected archives.

Is combofix ok to run on my WHS?

I am working through my network and cleaning my machines, so I may post a few more times :-)


Thanks,
Back to Top
 
New Topic Post reply to : MCE Infected? Printable version of : MCE Infected?
 
Forum Information
Currently it is Saturday, January 10, 2009 12:07 AM (GMT +1)
There are a total of 66.009 posts in 16.187 threads.
In the last 3 days there were 18 new threads and 108 reply posts. View Active Threads
Who's Online
This forum has 27804 registered members. Please welcome our newest member, revmrf.
49 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Windows antivirus 2009 (4)09-01-2009 22:25:35 (castleclan)
Google redirect virus help (6)09-01-2009 20:36:39 (phinfan)
Connection to server timeout (0)09-01-2009 20:35:36 (revmrf)
Hijackthis (2)09-01-2009 19:41:14 (fingers101)
Need help with removing viruses ∼tmpa and ∼tmpc!!! (4)09-01-2009 19:26:11 (Strummer89)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard