Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Red X next to C:\ drive

Started by CNBarnes , Mar 11 2008 11:50 AM

  • Please log in to reply

#1
CNBarnes
Posted 11 March 2008 - 11:50 AM

CNBarnes

    Member

  • Member
  • PipPip
  • 16 posts
I have seen other threads that are similar to this, but I'm not sure. This is a computer that is a "friend of a friend" - when I got it, there were no AV or Aspyware programs at all and updates had not been done (not even SP2). I was able to get SP2 (then the RC version of SP3) installed.

I installed Spotbot S&D (1.52) as well as AVG (freebie) and ran both in safe mode, where they both found numerouse virii and spyware (including vundo). Scans using both now come up clean (in safe mode), but problems still persist - red x & some sites simply do not open (took several tries to get *this site* to open...).

The HijackThis log and ComboFix logs are thus:
- - -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41, on 2008-03-11
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Gamburg provider - {5D7B3C66-EE1C-48a7-A596-9C229E920D62} - tinox1.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204847683185
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D815FA-221C-4C03-81F3-B447ECF7DE84}: NameServer = 128.194.254.1,128.194.254.2
O20 - Winlogon Notify: xyjjrarw - xyjjrarw.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)

--
End of file - 3422 bytes


- - - - ComboFix log - - -
ComboFix 08-03-10.1 - Administrator 2008-03-11 11:22:56.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.154 [GMT -6:00]
Running from: C:\Documents and Settings\root\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\JavaCore
C:\Program Files\mbols~1
C:\Program Files\Temporary
C:\temp\tn3
C:\WINDOWS\BM03c817c5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\c4\np89104.exe
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\crosof~1.net\??crosoft.NET\
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\x3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-10 20:09 . 2008-03-10 20:09 51,584,944 --a------ C:\Temp\avg_ipw_stf_en_8_81a1271.exe
2008-03-10 19:50 . 2008-03-11 08:00 <DIR> d-------- C:\Documents and Settings\root\Application Data\AVG7
2008-03-09 21:47 . 2008-03-09 21:47 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-09 21:46 . 2007-12-20 09:43 248,448 --a------ C:\WINDOWS\system32\PROUnstl.exe
2008-03-09 21:15 . 2008-03-09 21:21 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-03-09 21:05 . 2007-10-28 22:18 15,452,536 --a------ C:\Temp\IE7-WindowsXP-x86-enu.exe
2008-03-09 15:00 . 2008-02-12 01:56 2,940,928 -----c--- C:\WINDOWS\system32\dllcache\wmploc.dll
2008-03-09 14:55 . 2008-02-12 03:13 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-03-09 14:52 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005176_.tmp
2008-03-08 22:53 . 2008-03-09 16:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-08 22:39 . 2008-03-08 22:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 22:39 . 2008-03-08 22:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-08 22:39 . 2008-03-08 22:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-08 22:37 . 2008-03-08 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 22:37 . 2008-03-11 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 22:20 . 2008-03-08 22:20 294 ---hs---- C:\WINDOWS\system32\stxninff.ini
2008-03-08 22:17 . 2008-03-08 22:27 35,590,304 --a------ C:\Temp\avg75free_518a1275.exe
2008-03-08 22:14 . 2008-03-09 00:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-08 01:36 . 2008-03-08 01:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-08 01:36 . 2008-03-08 01:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-03-07 16:57 . 2008-03-10 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-07 16:56 . 2008-03-10 19:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-07 16:50 . 2008-03-07 16:50 354 --ahs---- C:\WINDOWS\system32\widwxmyl.ini
2008-03-07 16:34 . 2008-03-07 16:34 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-03-07 16:17 . 2008-03-09 15:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-07 16:14 . 2008-02-12 02:26 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-03-07 16:12 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-07 16:12 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002396_.tmp
2008-03-07 16:09 . 2008-03-09 14:37 <DIR> d-------- C:\WINDOWS\EHome
2008-03-07 14:45 . 2008-03-07 13:06 330,554,920 --a------ C:\Temp\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-03-07 14:40 . 2008-03-07 12:50 278,927,592 --a------ C:\Temp\WindowsXP-KB835935-SP2-ENU.exe
2008-03-07 12:42 . 2008-03-09 00:14 264 --a------ C:\WINDOWS\wininit.ini
2008-03-07 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-07 11:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-07 11:32 . 2008-03-10 18:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-07 11:32 . 2008-03-10 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 11:26 . 2008-03-07 14:40 354 --ahs---- C:\WINDOWS\system32\nkkvdsax.ini
2008-03-07 10:36 . 2008-02-12 14:58 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-03-07 10:36 . 2008-02-12 14:58 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-03-07 10:36 . 2008-02-12 15:00 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-03-07 10:36 . 2008-02-12 14:58 77,824 --a------ C:\WINDOWS\system32\browser.dll
2008-03-07 10:36 . 2008-02-12 14:58 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-03-07 10:36 . 2004-03-29 19:25 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-03-07 10:27 . 2008-02-12 14:59 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-03-07 10:26 . 2008-03-07 10:40 354 --ahs---- C:\WINDOWS\system32\shiqhqil.ini
2008-03-07 10:25 . 2008-03-07 10:37 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-03-07 10:25 . 2004-01-09 23:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-03-06 18:01 . 2008-03-09 15:10 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-06 16:49 . 2008-02-12 02:26 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-03-06 16:49 . 2008-02-12 14:59 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-06 16:49 . 2008-02-12 14:59 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-06 16:49 . 2008-02-12 14:58 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-03-06 16:49 . 2008-02-12 14:58 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-03-06 16:46 . 2007-07-30 21:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-06 16:46 . 2007-07-30 21:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-06 16:46 . 2007-07-30 21:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-06 16:46 . 2007-07-30 21:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-03-06 16:46 . 2008-02-12 14:59 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-03-06 16:46 . 2008-02-12 15:00 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-03-06 16:46 . 2007-07-30 21:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-06 16:31 . 2008-03-07 16:50 <DIR> d-------- C:\Program Files\nvcoi
2008-03-05 21:20 . 2008-03-05 21:20 44,544 --a------ C:\WINDOWS\system32\tinox1.dll
2008-03-05 21:20 . 2008-03-05 21:20 44,544 --a------ C:\WINDOWS\system32\berg2.dll
2008-03-05 21:13 . 2008-03-06 18:10 1,374 --ahs---- C:\WINDOWS\system32\fchdpqsp.ini
2008-03-05 14:39 . 2008-03-05 21:12 474 --ahs---- C:\WINDOWS\system32\qhqvjcsa.ini
2008-03-05 01:46 . 2008-03-07 20:22 <DIR> d--hs---- C:\WINDOWS\R2Vvcmdl
2008-03-05 01:46 . 2008-03-11 11:23 <DIR> d-------- C:\Temp
2008-03-05 01:46 . 2008-03-05 01:46 200,777 --a------ C:\WINDOWS\system32\qcntllwb.exe
2008-03-05 01:46 . 2008-03-07 17:44 0 --a------ C:\WINDOWS\system32\drivers\BCMDMM.sys
2008-02-28 00:21 . 2008-02-28 22:35 <DIR> d-------- C:\Program Files\pokereon_com
2008-02-27 22:55 . 2008-03-03 15:35 <DIR> d-------- C:\Program Files\PokerStars
2008-02-27 22:30 . 2008-03-04 20:50 <DIR> d-------- C:\Program Files\PokerStars.NET
2008-02-27 22:06 . 2008-02-27 22:06 <DIR> d-------- C:\Program Files\Poker Eon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 22:04 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-02-12 20:59 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-02-12 20:58 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-02-12 20:57 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-02-12 20:55 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-02-12 20:55 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-02-12 20:55 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-02-12 20:55 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-02-12 17:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-02-12 16:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-02-12 16:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-02-12 16:20 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-02-12 16:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-12 16:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-02-12 16:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-02-12 16:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-02-12 16:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-02-12 10:05 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-12 10:04 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-12 10:04 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-02-12 09:56 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-02-12 09:54 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-02-12 09:53 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-02-12 09:53 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-02-12 09:53 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-02-12 09:53 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-02-12 09:52 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-02-12 09:52 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-12 09:52 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-02-12 09:52 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-02-12 09:51 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-02-12 09:50 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-02-12 09:50 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-02-12 09:21 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-02-12 09:21 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-02-12 09:21 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-02-12 09:19 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-12 09:19 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-02-12 09:19 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-12 09:19 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-02-12 09:19 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-02-12 09:19 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-02-12 09:19 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-02-12 09:19 19,200 ----a-w C:\WINDOWS\system32\drivers\hidir.sys
2008-02-12 09:19 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2008-02-12 09:19 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-02-12 09:19 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-12 09:17 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-02-12 09:17 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-02-12 09:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-02-12 09:17 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-02-12 09:17 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-02-12 09:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-02-12 09:17 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-02-12 09:17 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-02-12 09:16 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-02-12 09:16 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-02-12 09:16 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-02-12 09:16 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-02-12 09:15 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-02-12 09:15 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-02-12 09:14 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-02-12 09:14 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-02-12 09:12 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-02-12 09:10 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-02-12 09:09 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-02-12 09:08 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-02-12 09:07 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
2008-02-12 09:07 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
2008-02-12 09:07 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-02-12 09:07 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
2008-02-12 09:07 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2008-02-12 09:07 129,792 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2008-02-12 09:06 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys
2008-02-12 09:05 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-02-12 09:05 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-02-12 09:05 42,752 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-02-12 09:05 37,760 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-02-12 09:05 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-02-12 09:05 36,736 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-02-12 09:05 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-02-12 09:05 35,840 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-02-12 09:05 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-12 08:48 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-02-12 08:47 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-02-12 08:47 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-02-12 08:47 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-02-12 08:45 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-02-12 08:26 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-02-12 07:56 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-02-12 07:51 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-02-12 07:50 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-02-12 07:49 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-02-12 07:38 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-02-12 07:32 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-02-12 07:29 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-02-12 07:28 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-02-12 07:10 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-02-12 07:06 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-02-12 07:06 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D7B3C66-EE1C-48a7-A596-9C229E920D62}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 14:59 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-08 22:38 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 22:38 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xyjjrarw]
xyjjrarw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead Photo Express Calendar Checker"=C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 BCMDMM;BCMDMM;C:\WINDOWS\system32\drivers\BCMDMM.sys [2008-03-07 17:44]
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 11:34:03
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\System32\windows"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
.
**************************************************************************
.
Completion time: 2008-03-11 11:36:33 - machine was rebooted [root]
ComboFix-quarantined-files.txt 2008-03-11 17:36:28
.
2008-03-09 19:26:25 --- E O F ---


--- contents of the ComboFix-quantined files shows:
2007-09-23 19:05 279600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir
2008-01-05 15:48 126976 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\s7\gbsu011.exe.vir
2008-02-07 16:07 136111 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\c4\np89104.exe.vir
2008-03-07 10:41 922 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winpfz37.sys.vir
2008-03-08 22:20 111607 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BM03c817c5.xml.vir
2008-03-08 22:20 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-03-11 11:23 7130 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.ini.vir
2008-03-11 11:23 7130 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.ini2.vir
2008-03-11 11:25 296448 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ddccc.dll.vir
2008-03-11 11:25 356 --a------ C:\Qoobox\Quarantine\catchme.log
2008-03-11 11:25 862 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.dat


I await someone's expert help (I am always impressed by what I see on this forum).
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP