1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

lingering problem from infection after clean up

Discussion in 'Virus & Other Malware Removal' started by zappa1, Dec 10, 2011.

Thread Status:
Not open for further replies.
  1. zappa1

    zappa1 Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    2
    Hi Thanks for your help
    below are all the scans and computer info requested,

    Briefly though in case it means something to you -
    DHCP and TCP/IP NetBIOS helper are no longer loading on their own at start up after an infection, system "repair" from original disc and then several scans.

    When I go into services and manually start them everything works as it should.

    Home computer dell e520 running win xp media edition sp2 connected to a router and modem -using a network printer connected to the router.
    Avita anti vir and antimalware malwarbytes for security

    11/17/11 I had a bunch of infection symptoms -anit vir warned me and removed a bunch, after that- was unable to run any exe commands so no scanning, network could not aquire an ip address- no internet, no access to reg edit & I could no longer print or scan -- so it clearly didn't get it in time.

    Sys restore points not accessable
    So
    I performed a system 'repair' from the original dell software -
    Note -- I was asked during the repair for the Win SP2 discs - I don't have them - my upgrade to XP SP 2 was online -- I was able to continue - planned to reinstall XP SP 2 at a later date -I have not yet done so - could this be part of it?
    This got me up and running enough to go thru a bunch more scans --had to start DHCP and TCP/IP NetBIOS helper manually but was able to do so and search the web for answers.

    Have performed many scans
    Replaced some windows\system32 files and drivers on advice of some forums
    Made a few registry file adjsutments

    Now everything seems ok except that
    DHCP and TCP/IP NetBIOS helper are no longer loading on their own at start up

    my guess is missing or corrupted reistry or system files
    Thanks again

    Bob


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz, x86 Family 15 Model 4 Stepping 7
    Processor Count: 2
    RAM: 2045 Mb
    Graphics Card: NVIDIA GeForce 7300 LE, 512 Mb
    Hard Drives: C: Total - 238464 MB, Free - 199672 MB;
    Motherboard: Dell Inc., 0WG864
    Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled

    .
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:51:11 AM, on 12/10/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Bob Zoppa\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.csgrp.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.csgrp.com%2fowa%2f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7122 bytes


    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
    Run by Bob Zoppa at 1:25:51 on 2011-12-10
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1218 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://mail.csgrp.com/owa/auth/logon.aspx?replaceCurrent=1&url=https://mail.csgrp.com/owa/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [SetDefaultMIDI] MIDIDef.exe
    mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1323208587515
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{DE0BE8F6-8A47-4821-BEBB-BBF78E2CC944} : DhcpNameServer = 192.168.0.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bob zoppa\application data\mozilla\firefox\profiles\kn6t9xu8.default\
    FF - prefs.js: browser.startup.homepage - hxxp://headlines.verizon.com/headlines/portals/headlines.portal
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\bob zoppa\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-29 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-29 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-29 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-29 66616]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    .
    =============== Created Last 30 ================
    .
    2011-12-09 23:59:57 81920 ------w- c:\windows\system32\BrWebIns.dll
    2011-12-09 23:59:57 65536 ------w- c:\windows\system32\Brwebup.exe
    2011-12-09 23:59:57 513536 ------w- c:\program files\common files\installshield\webupdate\Iftw.exe
    2011-12-09 23:59:57 331776 ------w- c:\program files\common files\installshield\webupdate\WebUpdate.exe
    2011-12-09 23:59:57 24576 ------w- c:\program files\common files\installshield\webupdate\RasThunk.dll
    2011-12-09 23:59:57 176128 ------w- c:\windows\system32\Pdrvinst.dll
    2011-12-09 23:59:57 132096 ------w- c:\program files\common files\installshield\webupdate\ISiteLite.dll
    2011-12-09 23:59:54 126976 ------w- c:\windows\system32\BrfxD04a.dll
    2011-12-09 23:58:42 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2011-12-09 23:58:42 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2011-12-09 23:58:42 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2011-12-09 23:58:42 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2011-12-09 23:58:42 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2011-12-09 23:58:41 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2011-12-09 23:58:41 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2011-12-09 23:57:40 -------- d-----w- c:\program files\common files\ScanSoft Shared
    2011-12-09 23:16:56 98816 ----a-w- c:\windows\sed.exe
    2011-12-09 23:16:56 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-09 23:16:56 256000 ----a-w- c:\windows\PEV.exe
    2011-12-09 23:16:56 208896 ----a-w- c:\windows\MBR.exe
    2011-12-07 12:27:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
    2011-12-07 12:27:17 485920 ----a-w- c:\windows\system32\nvudisp.exe
    2011-12-06 21:07:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
    2011-12-06 21:06:59 92160 -c--a-w- c:\windows\system32\dllcache\evntwin.exe
    2011-12-06 20:44:04 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-12-06 20:44:04 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-12-06 20:44:04 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-12-06 20:44:04 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-12-06 20:44:00 22339 ----a-r- c:\windows\SETE9.tmp
    2011-12-06 20:44:00 10559 ----a-r- c:\windows\SETEA.tmp
    2011-12-06 20:43:52 13753 ----a-r- c:\windows\SETA6.tmp
    2011-12-06 20:43:50 1086058 ----a-r- c:\windows\SET9A.tmp
    2011-12-06 20:43:50 106147 ----a-r- c:\windows\SET97.tmp
    2011-12-06 18:02:23 22339 ----a-r- c:\windows\SET150.tmp
    2011-12-06 18:02:23 10559 ----a-r- c:\windows\SET151.tmp
    2011-12-06 18:02:14 13753 ----a-r- c:\windows\SET10C.tmp
    2011-12-06 18:02:11 1086058 ----a-r- c:\windows\SET100.tmp
    2011-12-06 18:02:11 106147 ----a-r- c:\windows\SETFD.tmp
    2011-11-30 02:01:31 -------- d-----w- c:\windows\_ISTMP1.DIR
    .
    ==================== Find3M ====================
    .
    2011-09-19 13:19:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 1:26:07.15 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-10 08:31:18
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST325082 rev.3.AE
    Running: 7z7mq389.exe; Driver: C:\DOCUME~1\BOBZOP~1\LOCALS~1\Temp\kgtyqkow.sys


    ---- System - GMER 1.0.15 ----

    SSDT AF9C41C4 ZwClose
    SSDT AF9C417E ZwCreateKey
    SSDT AF9C41CE ZwCreateSection
    SSDT AF9C4174 ZwCreateThread
    SSDT AF9C4183 ZwDeleteKey
    SSDT AF9C418D ZwDeleteValueKey
    SSDT AF9C41BF ZwDuplicateObject
    SSDT AF9C4192 ZwLoadKey
    SSDT AF9C4160 ZwOpenProcess
    SSDT AF9C4165 ZwOpenThread
    SSDT AF9C419C ZwReplaceKey
    SSDT AF9C4197 ZwRestoreKey
    SSDT AF9C41D3 ZwSetContextThread
    SSDT AF9C4188 ZwSetValueKey
    SSDT AF9C416F ZwTerminateProcess

    INT 0x01 \??\C:\DOCUME~1\BOBZOP~1\LOCALS~1\Temp\mbr.sys A6EC0C42

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6639380, 0x3DF545, 0xE8000020]
    init C:\WINDOWS\system32\DRIVERS\NCREMOTEPCI.SYS entry point in "init" section [0xB7CEA380]
    init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xAD221280]
    ? C:\DOCUME~1\BOBZOP~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1436] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2188] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0121FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. zappa1

    zappa1 Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    2
    Forgot to include this scan
    not one that you asked for --but shows the services not running.

    Bob

    Farbar Service Scanner
    Ran by Bob Zoppa (administrator) on 10-12-2011 at 09:20:36
    Microsoft Windows XP Professional Service Pack 2 (X86)
    ********************************************************

    Service Check:
    ==============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    NetBt Service is not running. Checking service configuration:
    The start type of NetBt service is OK.
    The ImagePath of NetBt service is OK.


    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

    C:\WINDOWS\system32\services.exe
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2004-08-10 06:00] - [2004-08-10 06:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D


    Connection Status:
    ==================
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

    **** End of log ****
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030590

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice