Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

Had Malware Removal Virus, Now Cannot Boot into Windows

(New)
(!)

reaibn's Avatar
reaibn reaibn is offline
Junior Member with 1 posts.
THREAD STARTER
 
Join Date: Jun 2008
Experience: Advanced
21-Jun-2008, 07:57 PM #1
Unhappy Had Malware Removal Virus, Now Cannot Boot into Windows
Greetings all!

This computer was infected with several pieces of malware, virii, etc. All of my efforts to clean it were getting me nowhere, so I used 'ComboFix' which did clean a ton of stuff off of the system. However, I am unable to get it to boot into Windows now. It will boot into safe mode with networking support, and indeed that is how i am posting this.

Help!

I have included both the hijack this and combofix logs below.

HIJACK THIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windows-privacy-protection.com/?aid=444.471
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: targetedbanner browser optimizer - {b400fab4-a77e-4c25-3456-30da335f035f} - C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{ae368465-ad37-6f38-5759-9ca06c9c2d36}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll" DllStart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: hepqputg - {727638fa-aec4-435b-aca1-db16d011a3cb} - C:\Documents and Settings\All Users\Application Data\hepqputg.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
--
End of file - 4612 bytes

COMBOFIX:

ComboFix 08-06-20.4 - Owner 2008-06-21 19:20:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1143 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\shcnrsj0e17l
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Owner\Application Data\shcnrsj0e17l
C:\Program Files\shcnrsj0e17l
C:\WINDOWS\444.471
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\blphcgrsj0e17l.scr
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\lphcgrsj0e17l.exe
C:\WINDOWS\system32\phcgrsj0e17l.bmp
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
----- BITS: Possible infected sites -----
hxxp://80.93.48.89
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4

((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2008-06-21 19:01 . 2008-06-21 19:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-21 18:50 . 2008-06-21 18:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-21 18:49 . 2008-06-21 18:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-21 18:49 . 2008-06-21 18:49 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-21 18:49 . 2008-06-21 18:49 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-21 18:49 . 2008-06-21 18:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-21 18:48 . 2008-06-21 18:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-21 18:48 . 2008-06-21 18:48 <DIR> d-------- C:\Program Files\AVG
2008-06-21 18:48 . 2008-06-21 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-21 18:31 . 2008-06-21 18:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-21 18:27 . 2008-06-21 18:29 <DIR> d-------- C:\stephen
2008-06-21 18:18 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-21 16:38 . 2008-06-21 16:38 0 --a------ C:\WINDOWS\system32\wscmp.dll.tmp
2008-06-21 15:33 . 2008-06-21 15:33 <DIR> d-------- C:\Program Files\iCheck
2008-06-21 15:33 . 2008-06-21 15:36 <DIR> d-------- C:\Program Files\GetModule
2008-06-21 15:33 . 2008-06-21 15:33 131,072 --a------ C:\Documents and Settings\All Users\Application Data\hepqputg.dll
2008-06-21 15:33 . 2008-06-21 15:33 63,909 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll-uninst.exe
2008-06-21 10:03 . 2008-06-21 10:03 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-06-20 15:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-20 15:21 . 2008-06-20 15:21 <DIR> d-------- C:\Program Files\MSBuild
2008-06-20 15:20 . 2008-06-20 15:20 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-20 15:18 . 2008-06-20 15:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-20 15:17 . 2008-06-20 15:18 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-20 15:17 . 2008-06-20 15:17 <DIR> dr-h----- C:\MSOCache
2008-06-20 15:17 . 2008-06-20 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-20 15:10 . 2008-06-20 15:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-20 11:45 . 2008-06-20 11:45 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-06-20 11:45 . 2008-06-20 11:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-06-20 11:44 . 2008-06-20 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-06-20 11:44 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-06-20 11:43 . 2008-06-20 11:43 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-06-20 11:38 . 2008-06-20 11:38 <DIR> d-------- C:\Program Files\TurboTax
2008-06-20 11:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-20 11:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-20 11:29 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-20 11:29 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-20 11:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-20 11:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-20 11:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-20 11:28 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-20 11:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-20 11:28 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-20 10:14 . 2008-06-21 15:59 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-06-20 10:07 . 2008-06-20 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-20 10:07 . 2008-06-21 19:16 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-20 09:28 . 2008-06-20 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-06-20 09:26 . 2008-06-21 18:36 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-06-19 20:06 . 2008-06-19 20:07 <DIR> d-------- C:\Program Files\Supreme Office Suite3.0
2008-06-19 19:47 . 2008-06-19 19:47 77,824 --a------ C:\WINDOWS\uinst001.exe
2008-06-19 19:44 . 2008-06-19 19:44 <DIR> d-------- C:\WINDOWS\system32\Data
2008-06-19 19:44 . 2008-06-19 19:45 <DIR> d-------- C:\Program Files\Creative
2008-06-19 19:38 . 2008-06-19 19:38 <DIR> d-------- C:\Program Files\Pinnacle
2008-06-19 19:38 . 2003-07-09 14:35 180,480 --a------ C:\WINDOWS\system32\drivers\bender.sys
2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Program Files\D-Link
2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Program Files\ANI
2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-19 19:33 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-06-19 19:27 . 2008-06-19 19:33 <DIR> d-------- C:\Drivers
2008-06-19 19:22 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-06-19 19:22 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-06-19 19:22 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-06-19 19:22 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-06-19 19:22 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-19 19:22 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-05-26 11:09 . 2008-05-26 11:09 365,056 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 20:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2004-08-30 06:58 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b400fab4-a77e-4c25-3456-30da335f035f}]
2008-05-26 11:09 365056 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 15:15 1662976]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"{ae368465-ad37-6f38-5759-9ca06c9c2d36}"="C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll" [2008-05-26 11:09 365056]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 18:48 1231128]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Supreme Office Suite 3.0.lnk - C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe [2002-07-04 06:00:00 24576]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
"hepqputg"= {727638fa-aec4-435b-aca1-db16d011a3cb} - C:\Documents and Settings\All Users\Application Data\hepqputg.dll [2008-06-21 15:33 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 18:49]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 18:49]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-21 18:48]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 18:48]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 18:49]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\3A.tmp []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 18:15]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys [2002-12-09 22:47]
S3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 14:35]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
S3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-25 08:52]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 19:32:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\3A.tmp"
.
Completion time: 2008-06-21 19:34:09 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-22 00:34:05
Pre-Run: 65,959,546,880 bytes free
Post-Run: 67,716,849,664 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
245
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
boot problems, malware, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑