1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Had Malware Removal Virus, Now Cannot Boot into Windows

Discussion in 'Virus & Other Malware Removal' started by reaibn, Jun 21, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. reaibn

    reaibn Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    1
    Greetings all!

    This computer was infected with several pieces of malware, virii, etc. All of my efforts to clean it were getting me nowhere, so I used 'ComboFix' which did clean a ton of stuff off of the system. However, I am unable to get it to boot into Windows now. It will boot into safe mode with networking support, and indeed that is how i am posting this.

    Help!

    I have included both the hijack this and combofix logs below.

    HIJACK THIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35, on 2008-06-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windows-privacy-protection.com/?aid=444.471
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: targetedbanner browser optimizer - {b400fab4-a77e-4c25-3456-30da335f035f} - C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [{ae368465-ad37-6f38-5759-9ca06c9c2d36}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll" DllStart
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O21 - SSODL: hepqputg - {727638fa-aec4-435b-aca1-db16d011a3cb} - C:\Documents and Settings\All Users\Application Data\hepqputg.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
    --
    End of file - 4612 bytes

    COMBOFIX:

    ComboFix 08-06-20.4 - Owner 2008-06-21 19:20:28.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1143 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Administrator\Application Data\shcnrsj0e17l
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
    C:\Documents and Settings\Owner\Application Data\shcnrsj0e17l
    C:\Program Files\shcnrsj0e17l
    C:\WINDOWS\444.471
    C:\WINDOWS\accesss.exe
    C:\WINDOWS\astctl32.ocx
    C:\WINDOWS\avpcc.dll
    C:\WINDOWS\clrssn.exe
    C:\WINDOWS\cpan.dll
    C:\WINDOWS\ctfmon32.exe
    C:\WINDOWS\ctrlpan.dll
    C:\WINDOWS\default.htm
    C:\WINDOWS\directx32.exe
    C:\WINDOWS\dnsrelay.dll
    C:\WINDOWS\editpad.exe
    C:\WINDOWS\explore.exe
    C:\WINDOWS\explorer32.exe
    C:\WINDOWS\funniest.exe
    C:\WINDOWS\funny.exe
    C:\WINDOWS\gfmnaaa.dll
    C:\WINDOWS\helpcvs.exe
    C:\WINDOWS\iedll.exe
    C:\WINDOWS\iexplorer.exe
    C:\WINDOWS\inetinf.exe
    C:\WINDOWS\internet.exe
    C:\WINDOWS\lfn.exe
    C:\WINDOWS\loader.exe
    C:\WINDOWS\mainms.vpi
    C:\WINDOWS\megavid.cdt
    C:\WINDOWS\msconfd.dll
    C:\WINDOWS\msspi.dll
    C:\WINDOWS\mssys.exe
    C:\WINDOWS\msupdate.exe
    C:\WINDOWS\mswsc10.dll
    C:\WINDOWS\mswsc20.dll
    C:\WINDOWS\mtwirl32.dll
    C:\WINDOWS\muotr.so
    C:\WINDOWS\notepad32.exe
    C:\WINDOWS\olehelp.exe
    C:\WINDOWS\qttasks.exe
    C:\WINDOWS\quicken.exe
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\rundll32.vbe
    C:\WINDOWS\searchword.dll
    C:\WINDOWS\sistem.exe
    C:\WINDOWS\svchost32.exe
    C:\WINDOWS\svcinit.exe
    C:\WINDOWS\systeem.exe
    C:\WINDOWS\system32\000070.exe
    C:\WINDOWS\system32\000080.exe
    C:\WINDOWS\system32\blphcgrsj0e17l.scr
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\hljwugsf.bin
    C:\WINDOWS\system32\lphcgrsj0e17l.exe
    C:\WINDOWS\system32\phcgrsj0e17l.bmp
    C:\WINDOWS\systemcritical.exe
    C:\WINDOWS\time.exe
    C:\WINDOWS\users32.exe
    C:\WINDOWS\waol.exe
    C:\WINDOWS\win32e.exe
    C:\WINDOWS\win64.exe
    C:\WINDOWS\winajbm.dll
    C:\WINDOWS\window.exe
    C:\WINDOWS\winmgnt.exe
    C:\WINDOWS\x.exe
    C:\WINDOWS\xplugin.dll
    C:\WINDOWS\xxxvideo.hta
    C:\WINDOWS\y.exe
    ----- BITS: Possible infected sites -----
    hxxp://80.93.48.89
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_MSSECURITY1.209.4
    -------\Service_MsSecurity1.209.4

    ((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
    .
    2008-06-21 19:01 . 2008-06-21 19:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-06-21 18:50 . 2008-06-21 18:52 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-06-21 18:49 . 2008-06-21 18:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-06-21 18:49 . 2008-06-21 18:49 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-06-21 18:49 . 2008-06-21 18:49 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-06-21 18:49 . 2008-06-21 18:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-06-21 18:48 . 2008-06-21 18:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-06-21 18:48 . 2008-06-21 18:48 <DIR> d-------- C:\Program Files\AVG
    2008-06-21 18:48 . 2008-06-21 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-21 18:31 . 2008-06-21 18:49 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-06-21 18:27 . 2008-06-21 18:29 <DIR> d-------- C:\stephen
    2008-06-21 18:18 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-06-21 16:38 . 2008-06-21 16:38 0 --a------ C:\WINDOWS\system32\wscmp.dll.tmp
    2008-06-21 15:33 . 2008-06-21 15:33 <DIR> d-------- C:\Program Files\iCheck
    2008-06-21 15:33 . 2008-06-21 15:36 <DIR> d-------- C:\Program Files\GetModule
    2008-06-21 15:33 . 2008-06-21 15:33 131,072 --a------ C:\Documents and Settings\All Users\Application Data\hepqputg.dll
    2008-06-21 15:33 . 2008-06-21 15:33 63,909 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll-uninst.exe
    2008-06-21 10:03 . 2008-06-21 10:03 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
    2008-06-20 15:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
    2008-06-20 15:21 . 2008-06-20 15:21 <DIR> d-------- C:\Program Files\MSBuild
    2008-06-20 15:20 . 2008-06-20 15:20 <DIR> d-------- C:\Program Files\Microsoft.NET
    2008-06-20 15:18 . 2008-06-20 15:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-06-20 15:17 . 2008-06-20 15:18 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-06-20 15:17 . 2008-06-20 15:17 <DIR> dr-h----- C:\MSOCache
    2008-06-20 15:17 . 2008-06-20 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-20 15:10 . 2008-06-20 15:21 <DIR> d-------- C:\Program Files\Microsoft Works
    2008-06-20 11:45 . 2008-06-20 11:45 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
    2008-06-20 11:45 . 2008-06-20 11:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
    2008-06-20 11:44 . 2008-06-20 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
    2008-06-20 11:44 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
    2008-06-20 11:43 . 2008-06-20 11:43 <DIR> d-------- C:\Program Files\Common Files\Intuit
    2008-06-20 11:38 . 2008-06-20 11:38 <DIR> d-------- C:\Program Files\TurboTax
    2008-06-20 11:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-06-20 11:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-06-20 11:29 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-06-20 11:29 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-06-20 11:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-06-20 11:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-06-20 11:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-06-20 11:28 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-06-20 11:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-06-20 11:28 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-06-20 10:14 . 2008-06-21 15:59 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
    2008-06-20 10:07 . 2008-06-20 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
    2008-06-20 10:07 . 2008-06-21 19:16 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
    2008-06-20 09:28 . 2008-06-20 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
    2008-06-20 09:26 . 2008-06-21 18:36 <DIR> d-------- C:\Program Files\Common Files\Panda Software
    2008-06-19 20:06 . 2008-06-19 20:07 <DIR> d-------- C:\Program Files\Supreme Office Suite3.0
    2008-06-19 19:47 . 2008-06-19 19:47 77,824 --a------ C:\WINDOWS\uinst001.exe
    2008-06-19 19:44 . 2008-06-19 19:44 <DIR> d-------- C:\WINDOWS\system32\Data
    2008-06-19 19:44 . 2008-06-19 19:45 <DIR> d-------- C:\Program Files\Creative
    2008-06-19 19:38 . 2008-06-19 19:38 <DIR> d-------- C:\Program Files\Pinnacle
    2008-06-19 19:38 . 2003-07-09 14:35 180,480 --a------ C:\WINDOWS\system32\drivers\bender.sys
    2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Program Files\D-Link
    2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Program Files\ANI
    2008-06-19 19:33 . 2008-06-19 19:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
    2008-06-19 19:33 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
    2008-06-19 19:27 . 2008-06-19 19:33 <DIR> d-------- C:\Drivers
    2008-06-19 19:22 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
    2008-06-19 19:22 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
    2008-06-19 19:22 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
    2008-06-19 19:22 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
    2008-06-19 19:22 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2008-06-19 19:22 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
    2008-05-26 11:09 . 2008-05-26 11:09 365,056 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-20 20:15 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-20 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-20 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield
    2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .
    ------- Sigcheck -------
    2004-08-30 06:58 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b400fab4-a77e-4c25-3456-30da335f035f}]
    2008-05-26 11:09 365056 --a------ C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 15:15 1662976]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "{ae368465-ad37-6f38-5759-9ca06c9c2d36}"="C:\WINDOWS\system32\{c6719789-6cef-255f-69bb-fab56af9585d}.dll" [2008-05-26 11:09 365056]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 18:48 1231128]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    Supreme Office Suite 3.0.lnk - C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe [2002-07-04 06:00:00 24576]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "hepqputg"= {727638fa-aec4-435b-aca1-db16d011a3cb} - C:\Documents and Settings\All Users\Application Data\hepqputg.dll [2008-06-21 15:33 131072]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 18:49]
    S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 18:49]
    S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
    S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-21 18:48]
    S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 18:48]
    S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 18:49]
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\3A.tmp []
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-24 18:15]
    S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys [2002-12-09 22:47]
    S3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 14:35]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 12:05]
    S3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-25 08:52]
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-21 19:32:41
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
    "ImagePath"="\??\C:\WINDOWS\TEMP\3A.tmp"
    .
    Completion time: 2008-06-21 19:34:09 - machine was rebooted [Administrator]
    ComboFix-quarantined-files.txt 2008-06-22 00:34:05
    Pre-Run: 65,959,546,880 bytes free
    Post-Run: 67,716,849,664 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    245
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/723435