Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus in my local c drive consuming space

Started by Mustafa Naim , Aug 18 2011 02:36 AM

  • Please log in to reply

#1
Mustafa Naim
Posted 18 August 2011 - 02:36 AM

Mustafa Naim

    New Member

  • Member
  • Pip
  • 3 posts
hi guys actuallly i m a newbie to this site\..Few months before my hard disk was attacked by a virus without my notice it took atleast 17gb space of my cdrive i made a partion of 20gb in cdrive & 34 gb in Ddrive...so i used combo fix for deleting the virus...after using combo fix my laptop got reboted ..now its stuck in this "do not run any program"..so is there something that i need to do for deleting the virus from my cdrive or is it good...The virus has consumed WINDOWS folder....
  • 0

Advertisements

#2
Mustafa Naim
Posted 18 August 2011 - 02:53 AM

Mustafa Naim

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hello guys... please help me in this...my local c drive is having 0mb space bcoz a virus in my c drive took all the space..it took at least 17 gb ...i doubled checked..First:-I clicked on my local c drive..then i clicked on a folder name 'WINDOWS' & clicked on properties...i saw that the folder took 17.67 gb out of 19 gb...I was shocked..the 'windows' folder was in blue colour & other files were also in blue colour...so i used combo fix & i got a log file to share please check & say wats d prob Attached File  log.txt   14.66KB   109 downloads
  • 0

#3
Mustafa Naim
Posted 18 August 2011 - 02:54 AM

Mustafa Naim

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
This is the log file i got please reply soon

ComboFix 11-08-17.03 - user1 08/18/2011 13:52:36.1.1 - x86
Running from: d:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user1\usbsermpt.sys
c:\documents and settings\user1\usbsermptxp.sys
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\006E2B7D.urr
c:\program files\FunWebProducts\ScreenSaver\Images\045E39DE.urr
c:\program files\FunWebProducts\Shared\018A9D2D.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\$NARWE4234Uninstall$
c:\windows\$NARWE4234Uninstall$\punstl.exe
c:\windows\system32\1ff6869f-0bce-a64d-57da-b3efa0b13ab8.exe
c:\windows\system32\28463
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABEL
-------\Legacy_NPF
-------\Service_Abel
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-07-24 08:56 . 2011-07-24 08:56 -------- d-----w- c:\documents and settings\user1\Application Data\ibibo
2011-07-24 08:56 . 2011-07-24 08:57 -------- d-----w- c:\documents and settings\user1\Application Data\Tencent
2011-07-24 08:55 . 2011-07-24 08:55 -------- d-----w- c:\program files\Common Files\ibibo
2011-07-23 16:48 . 2011-07-23 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 11:26 . 2011-06-02 06:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2006-03-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-03-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-01-28 07:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-22 16:27 . 2011-06-22 16:24 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2011-06-21 18:45 . 2006-03-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2006-03-15 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2006-03-15 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2006-03-15 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-15 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2006-03-15 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-27 06:29 . 2011-05-26 13:22 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-26 15:22 . 2006-03-15 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-05-26 14:35 . 2011-05-26 14:22 2856 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"cdloader"="c:\documents and settings\user1\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-22 1011712]
"GameTracker"="d:\movies & videos\GameTracker\GTLite.exe" [2010-10-13 4018984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 393216]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Freecorder FLV Service"="d:\cain\FLVSrvc.exe" [2010-06-26 167936]
"avgnt"="d:\cain\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Matrix Screen Locker.lnk - c:\program files\BaroufaSoft\Matrix Screen Locker\matrix.exe [2006-1-29 539136]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="D:\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\user1\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\counter strike (c zero)\\hl.exe"=
"d:\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\quake\\Quake3\\quake3.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=
"c:\\Documents and Settings\\user1\\Application Data\\mjusbsp\\magicJack.exe"=
"d:\\ibibo Messenger\\Bin\\ibibomsgr.exe"=
.
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-11 30432]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-11 30432]
R3 cyzport;Cyclades-Z Port Driver;c:\windows\system32\DRIVERS\cyzport.sys [2001-08-17 49792]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 qcusbser;CDMA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2010-02-06 106752]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-28 717296]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\cain\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 GS In-Game Service;GS In-Game Service;d:\movies & videos\GameTracker\GSInGameService.exe [2010-10-13 1677096]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ sysagent
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-413027322-682003330-1002Core.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-03 10:19]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-413027322-682003330-1002UA.job
- c:\documents and settings\user1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-03 10:19]
.
2011-08-15 c:\windows\Tasks\RegCure Program Check.job
- d:\mobile files\dxg\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-07-23 c:\windows\Tasks\RegCure.job
- d:\mobile files\dxg\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://h1.ripway.com/poojasharma/index.html
mStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - d:\software\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\87mnnm37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: z: {0b69f0d7-8854-bed9-a744-f4bf3e297930} - d:\extensions\{0b69f0d7-8854-bed9-a744-f4bf3e297930}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: AutoPager: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - d:\ret\Nokia PC Suite 7\bkmrksync
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{dba30aec-aca0-49aa-6d1e-df72106eac82} - (no file)
BHO-{ee3409ba-c0fe-278a-4cea-d708dc5d4ae1} - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-vmware-tray - d:\vmware\vmware-tray.exe
AddRemove-$NARWE4234Uninstall$ - c:\windows\$NARWE4234Uninstall$\punstl.exe
AddRemove-1ff6869f-0bce-a64d-57da-b3efa0b13ab8 - c:\windows\system32\1ff6869f-0bce-a64d-57da-b3efa0b13ab8.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 14:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\documents and settings\user1\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\netprovcredman.dll
d:\software\OFFICE11\msohev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\MSWMDM.dll
c:\windows\system32\WMDMLOG.dll
c:\windows\system32\MsPMSP.dll
c:\windows\system32\cewmdm.dll
c:\windows\system32\wpdsp.dll
c:\windows\system32\WdfApi.dll
c:\windows\system32\wpdtrace.dll
c:\windows\system32\WMDMPS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
d:\cain\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\uWDF.exe
c:\windows\system32\uWDF.exe
.
**************************************************************************
.
Completion time: 2011-08-18 14:11:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 08:41
.
Pre-Run: 247,328,768 bytes free
Post-Run: 221,237,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /TUTag=HBUEPR /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=HBUEPR-BAK
.
- - End Of File - - 17C719799091C5B25250DDAB948C9A08
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP