lingering problem from infection after clean up

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

zappa1

Thread Starter
Joined
Dec 10, 2011
Messages
2
Hi Thanks for your help
below are all the scans and computer info requested,

Briefly though in case it means something to you -
DHCP and TCP/IP NetBIOS helper are no longer loading on their own at start up after an infection, system "repair" from original disc and then several scans.

When I go into services and manually start them everything works as it should.

Home computer dell e520 running win xp media edition sp2 connected to a router and modem -using a network printer connected to the router.
Avita anti vir and antimalware malwarbytes for security

11/17/11 I had a bunch of infection symptoms -anit vir warned me and removed a bunch, after that- was unable to run any exe commands so no scanning, network could not aquire an ip address- no internet, no access to reg edit & I could no longer print or scan -- so it clearly didn't get it in time.

Sys restore points not accessable
So
I performed a system 'repair' from the original dell software -
Note -- I was asked during the repair for the Win SP2 discs - I don't have them - my upgrade to XP SP 2 was online -- I was able to continue - planned to reinstall XP SP 2 at a later date -I have not yet done so - could this be part of it?
This got me up and running enough to go thru a bunch more scans --had to start DHCP and TCP/IP NetBIOS helper manually but was able to do so and search the web for answers.

Have performed many scans
Replaced some windows\system32 files and drivers on advice of some forums
Made a few registry file adjsutments

Now everything seems ok except that
DHCP and TCP/IP NetBIOS helper are no longer loading on their own at start up

my guess is missing or corrupted reistry or system files
Thanks again

Bob


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.80GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 2045 Mb
Graphics Card: NVIDIA GeForce 7300 LE, 512 Mb
Hard Drives: C: Total - 238464 MB, Free - 199672 MB;
Motherboard: Dell Inc., 0WG864
Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled

.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:11 AM, on 12/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Bob Zoppa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.csgrp.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.csgrp.com%2fowa%2f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7122 bytes


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by Bob Zoppa at 1:25:51 on 2011-12-10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1218 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.csgrp.com/owa/auth/logon.aspx?replaceCurrent=1&url=https://mail.csgrp.com/owa/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1323208587515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DE0BE8F6-8A47-4821-BEBB-BBF78E2CC944} : DhcpNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob zoppa\application data\mozilla\firefox\profiles\kn6t9xu8.default\
FF - prefs.js: browser.startup.homepage - hxxp://headlines.verizon.com/headlines/portals/headlines.portal
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\bob zoppa\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-29 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-29 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-29 66616]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
2011-12-09 23:59:57 81920 ------w- c:\windows\system32\BrWebIns.dll
2011-12-09 23:59:57 65536 ------w- c:\windows\system32\Brwebup.exe
2011-12-09 23:59:57 513536 ------w- c:\program files\common files\installshield\webupdate\Iftw.exe
2011-12-09 23:59:57 331776 ------w- c:\program files\common files\installshield\webupdate\WebUpdate.exe
2011-12-09 23:59:57 24576 ------w- c:\program files\common files\installshield\webupdate\RasThunk.dll
2011-12-09 23:59:57 176128 ------w- c:\windows\system32\Pdrvinst.dll
2011-12-09 23:59:57 132096 ------w- c:\program files\common files\installshield\webupdate\ISiteLite.dll
2011-12-09 23:59:54 126976 ------w- c:\windows\system32\BrfxD04a.dll
2011-12-09 23:58:42 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-12-09 23:58:42 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-12-09 23:58:42 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-12-09 23:58:42 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-12-09 23:58:42 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-12-09 23:58:41 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-12-09 23:58:41 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-12-09 23:57:40 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-12-09 23:16:56 98816 ----a-w- c:\windows\sed.exe
2011-12-09 23:16:56 518144 ----a-w- c:\windows\SWREG.exe
2011-12-09 23:16:56 256000 ----a-w- c:\windows\PEV.exe
2011-12-09 23:16:56 208896 ----a-w- c:\windows\MBR.exe
2011-12-07 12:27:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2011-12-07 12:27:17 485920 ----a-w- c:\windows\system32\nvudisp.exe
2011-12-06 21:07:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2011-12-06 21:06:59 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
2011-12-06 20:44:04 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-12-06 20:44:04 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-06 20:44:04 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-12-06 20:44:04 13312 ----a-w- c:\windows\system32\irclass.dll
2011-12-06 20:44:00 22339 ----a-r- c:\windows\SETE9.tmp
2011-12-06 20:44:00 10559 ----a-r- c:\windows\SETEA.tmp
2011-12-06 20:43:52 13753 ----a-r- c:\windows\SETA6.tmp
2011-12-06 20:43:50 1086058 ----a-r- c:\windows\SET9A.tmp
2011-12-06 20:43:50 106147 ----a-r- c:\windows\SET97.tmp
2011-12-06 18:02:23 22339 ----a-r- c:\windows\SET150.tmp
2011-12-06 18:02:23 10559 ----a-r- c:\windows\SET151.tmp
2011-12-06 18:02:14 13753 ----a-r- c:\windows\SET10C.tmp
2011-12-06 18:02:11 1086058 ----a-r- c:\windows\SET100.tmp
2011-12-06 18:02:11 106147 ----a-r- c:\windows\SETFD.tmp
2011-11-30 02:01:31 -------- d-----w- c:\windows\_ISTMP1.DIR
.
==================== Find3M ====================
.
2011-09-19 13:19:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 1:26:07.15 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-10 08:31:18
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST325082 rev.3.AE
Running: 7z7mq389.exe; Driver: C:\DOCUME~1\BOBZOP~1\LOCALS~1\Temp\kgtyqkow.sys


---- System - GMER 1.0.15 ----

SSDT AF9C41C4 ZwClose
SSDT AF9C417E ZwCreateKey
SSDT AF9C41CE ZwCreateSection
SSDT AF9C4174 ZwCreateThread
SSDT AF9C4183 ZwDeleteKey
SSDT AF9C418D ZwDeleteValueKey
SSDT AF9C41BF ZwDuplicateObject
SSDT AF9C4192 ZwLoadKey
SSDT AF9C4160 ZwOpenProcess
SSDT AF9C4165 ZwOpenThread
SSDT AF9C419C ZwReplaceKey
SSDT AF9C4197 ZwRestoreKey
SSDT AF9C41D3 ZwSetContextThread
SSDT AF9C4188 ZwSetValueKey
SSDT AF9C416F ZwTerminateProcess

INT 0x01 \??\C:\DOCUME~1\BOBZOP~1\LOCALS~1\Temp\mbr.sys A6EC0C42

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6639380, 0x3DF545, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\NCREMOTEPCI.SYS entry point in "init" section [0xB7CEA380]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xAD221280]
? C:\DOCUME~1\BOBZOP~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2188] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0121FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
 

Attachments

zappa1

Thread Starter
Joined
Dec 10, 2011
Messages
2
Forgot to include this scan
not one that you asked for --but shows the services not running.

Bob

Farbar Service Scanner
Ran by Bob Zoppa (administrator) on 10-12-2011 at 09:20:36
Microsoft Windows XP Professional Service Pack 2 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


File Check:
===========
C:\WINDOWS\system32\svchost.exe
[2004-08-10 06:00] - [2004-08-10 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-10 06:00] - [2004-08-10 06:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-10 06:00] - [2004-08-10 06:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-10 06:00] - [2004-08-10 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-10 06:00] - [2004-08-10 06:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-10 06:00] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-10 06:00] - [2004-08-10 06:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D


Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

**** End of log ****
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top