Had Malware Removal Virus, Now Cannot Boot into Windows

reaibn · 21-Jun-2008, 08:57 PM #1

Greetings all!

This computer was infected with several pieces of malware, virii, etc. All of my efforts to clean it were getting me nowhere, so I used 'ComboFix' which did clean a ton of stuff off of the system. However, I am unable to get it to boot into Windows now. It will boot into safe mode with networking support, and indeed that is how i am posting this.

Help!

I have included both the hijack this and combofix logs below.

HIJACK THIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windows-privacy-protection.com/?aid=444.471
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: targetedbanner browser optimizer - {b400fab4-a77e-4c25-3456-30da335f035f} - C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{ae368465-ad37-6f38-5759-9ca06c9c2d36}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll" DllStart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: hepqputg - {727638fa-aec4-435b-aca1-db16d011a3cb} - C:\Documents and Settings\All Users\Application Data\hepqputg.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
--
End of file - 4612 bytes

COMBOFIX:

ComboFix 08-06-20.4 - Owner 2008-06-21 19:20:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1143 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\shcnrsj0e17l
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Owner\Application Data\shcnrsj0e17l
C:\Program Files\shcnrsj0e17l
C:\WINDOWS\444.471
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\blphcgrsj0e17l.scr
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\lphcgrsj0e17l.exe
C:\WINDOWS\system32\phcgrsj0e17l.bmp
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
----- BITS: Possible infected sites -----
hxxp://80.93.48.89
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4

((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-21 19:01 . 2008-06-21 19:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-21 18:50 . 2008-06-21 18:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-21 18:49 . 2008-06-21 18:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-21 18:49 . 2008-06-21 18:49 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-21 18:49 . 2008-06-21 18:49 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-21 18:49 . 2008-06-21 18:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-21 18:48 . 2008-06-21 18:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-21 18:48 . 2008-06-21 18:48 <DIR> d-------- C:\Program Files\AVG
2008-06-21 18:48 . 2008-06-21 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-21 18:31 . 2008-06-21 18:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-21 18:27 . 2008-06-21 18:29 <DIR> d-------- C:\stephen
2008-06-21 18:18 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-21 16:38 . 2008-06-21 16:38 0 --a------ C:\WINDOWS\system32\wscmp.dll.tmp
2008-06-21 15:33 . 2008-06-21 15:33 <DIR> d-------- C:\Program Files\iCheck
2008-06-21 15:33 . 2008-06-21 15:36 <DIR> d-------- C:\Program Files\GetModule
2008-06-21 15:33 . 2008-06-21 15:33 131,072 --a------ C:\Documents and Settings\All Users\Application Data\hepqputg.dll
2008-06-21 15:33 . 2008-06-21 15:33 63,909 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll-uninst.exe
2008-06-21 10:03 . 2008-06-21 10:03 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-06-20 15:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-20 15:21 . 2008-06-20 15:21 <DIR> d-------- C:\Program Files\MSBuild
2008-06-20 15:20 . 2008-06-20 15:20 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-20 15:18 . 2008-06-20 15:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-20 15:17 . 2008-06-20 15:18 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-20 15:17 . 2008-06-20 15:17 <DIR> dr-h----- C:\MSOCache
2008-06-20 15:17 . 2008-06-20 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-20 15:10 . 2008-06-20 15:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-20 11:45 . 2008-06-20 11:45 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-06-20 11:45 . 2008-06-20 11:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-06-20 11:44 . 2008-06-20 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-06-20 11:44 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-06-20 11:43 . 2008-06-20 11:43 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-06-20 11:38 . 2008-06-20 11:38 <DIR> d-------- C:\Program Files\TurboTax
2008-06-20 11:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-20 11:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-20 11:29 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-20 11:29 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-20 11:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-20 11:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-20 11:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-20 11:28 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-20 11:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-20 11:28 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-20 10:14 . 2008-06-21 15:59 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-06-20 10:07 . 2008-06-20 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-20 10:07 . 2008-06-21 19:16 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-20 09:28 . 2008-06-20 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-06-20 09:26 . 2008-06-21 18:36 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-06-19 20:06 . 2008-06-19 20:07 <DIR> d-------- C:\Program Files\Supreme Office Suite3.0
2008-06-19 19:47 . 2008-06-19 19:47 77,824 --a------ C:\WINDOWS\uinst001.exe
2008-06-19 19:44 . 2008-06-19 19:44 <DIR> d-------- C:\WINDOWS\system32\Data
2008-06-19 19:44 . 2008-06-19 19:45 <DIR> d-------- C:\Program Files\Creative
2008-06-19 19:38 . 2008-06-19 19:38 <DIR> d-------- C:\Program Files\Pinnacle
2008-06-19 19:38 . 2003-07-09 14:35 180,480 --a------ C:\WINDOWS\system32\drivers\bender.sys
2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Program Files\D-Link
2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Program Files\ANI
2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-19 19:33 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-06-19 19:27 . 2008-06-19 19:33 <DIR> d-------- C:\Drivers
2008-06-19 19:22 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-06-19 19:22 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-06-19 19:22 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-06-19 19:22 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-06-19 19:22 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-19 19:22 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-05-26 11:09 . 2008-05-26 11:09 365,056 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 20:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2004-08-30 06:58 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b400fab4-a77e-4c25-3456-30da335f035f}]
2008-05-26 11:09 365056 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 15:15 1662976]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"{ae368465-ad37-6f38-5759-9ca06c9c2d36}"="C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll" [2008-05-26 11:09 365056]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 18:48 1231128]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Supreme Office Suite 3.0.lnk - C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe [2002-07-04 06:00:00 24576]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
"hepqputg"= {727638fa-aec4-435b-aca1-db16d011a3cb} - C:\Documents and Settings\All Users\Application Data\hepqputg.dll [2008-06-21 15:33 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 18:49]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 18:49]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-21 18:48]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 18:48]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 18:49]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\3A.tmp []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 18:15]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys [2002-12-09 22:47]
S3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 14:35]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
S3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-25 08:52]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 19:32:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\3A.tmp"
.
Completion time: 2008-06-21 19:34:09 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-22 00:34:05
Pre-Run: 65,959,546,880 bytes free
Post-Run: 67,716,849,664 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
245

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Had Malware Removal Virus, Now Cannot Boot into Windows

Find the solution to your computer problem!

Find the solution to your
computer problem!