Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Cannot Find C:\windows\winlogon.exe


  • This topic is locked This topic is locked
1 reply to this topic

#1 3drea

3drea

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 06 June 2008 - 12:55 PM

Hi there,

I suddenly have this dialog box open after I log in to my computer-

windows cannot find c:\windows\winlogon.exe

I researched and found it was a virus/malware. The real winlogon.exe is found under the system32 directory. So I found this neat little tool to scan for virus/malware on this site (bleepingcomputers... nice name by the way. Sometimes I bleep at them myself) called ComboFix . I ran through the tut on how to do it and now I'm up to the bit where I post the report for someone to check out.

So, please can someone look. It will be very greatly appreciated.

Cheers
Darren :thumbsup:
*See below*

ComboFix 08-06-05.3 - DRea 2008-06-06 18:31:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1256 [GMT 1:00]
Running from: C:\Documents and Settings\DRea\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\DRea\Application Data\inst.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\mlcrs0ft.dll
C:\WINDOWS\system32\winsusrm.dll
C:\WINDOWS\system32\winsusrx.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 18:20 . 2008-06-04 19:12 215,552 --a------ C:\WINDOWS\system32\termsrv.dll
2008-06-05 08:37 . 2008-06-04 19:12 215,552 --a--c--- C:\WINDOWS\system32\dllcache\termsrv.dll
2008-06-04 18:26 . 2008-06-04 18:26 <DIR> d-------- C:\Program Files\7-Zip
2008-06-04 18:18 . 2008-06-04 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-06-03 12:05 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-06-03 12:05 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-06-03 12:05 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-06-03 12:05 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-06-03 12:05 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-06-03 12:03 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-03 12:02 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-03 12:01 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-06-03 12:00 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-06-03 11:59 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-06-03 11:58 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-03 11:57 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-03 11:56 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-06-03 11:55 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-03 11:54 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-06-03 11:53 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-06-03 11:52 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-06-03 11:51 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-06-03 11:50 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-03 11:49 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-06-03 11:48 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-06-03 11:47 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-06-03 11:46 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-03 11:45 . 2001-08-17 12:14 444,416 --a--c--- C:\WINDOWS\system32\dllcache\fpcibase.sys
2008-06-03 11:45 . 2001-08-17 12:15 442,240 --a--c--- C:\WINDOWS\system32\dllcache\fpnpbase.sys
2008-06-03 11:45 . 2001-08-17 12:14 441,728 --a--c--- C:\WINDOWS\system32\dllcache\fpcmbase.sys
2008-06-03 11:40 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-03 11:39 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-06-03 11:38 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-06-03 11:37 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-03 11:36 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-03 08:36 . 2008-06-03 08:39 <DIR> d-------- C:\I386
2008-06-02 22:20 . 2008-06-04 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 22:20 . 2008-06-02 22:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-02 11:32 . 2008-06-02 11:32 <DIR> d-------- C:\Program Files\TightVNC
2008-06-01 16:45 . 2008-06-02 19:27 <DIR> d-------- C:\Program Files\Macromedia
2008-06-01 16:45 . 2008-06-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-05-31 17:06 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-31 17:06 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-31 17:06 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-31 17:06 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-31 14:27 . 2008-05-31 17:14 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-05-31 14:19 . 2008-05-31 16:57 276 --a------ C:\WINDOWS\dellstat.ini
2008-05-31 14:16 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-31 14:16 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-27 10:32 . 2008-06-06 08:29 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-22 18:16 . 2008-05-22 21:55 <DIR> d-------- C:\cygwin
2008-05-22 00:10 . 2008-05-22 08:38 <DIR> d-------- C:\Program Files\copSSH
2008-05-22 00:10 . 2008-05-22 00:10 <DIR> d-------- C:\Documents and Settings\SvcCOPSSH.3DSTATION
2008-05-21 00:22 . 2008-05-21 00:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-20 19:25 . 2008-06-06 08:29 <DIR> d-------- C:\Program Files\DynDNS Updater
2008-05-20 19:25 . 2008-05-20 19:25 <DIR> d-------- C:\Documents and Settings\DRea\Application Data\Kana Solution
2008-05-20 19:02 . 2008-05-20 19:02 <DIR> d-------- C:\Documents and Settings\SvcCOPSSH
2008-05-20 18:43 . 2008-05-20 18:43 <DIR> d-------- C:\Program Files\DVDx
2008-05-20 00:03 . 2008-05-20 00:07 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-05-20 00:03 . 2008-05-20 00:03 <DIR> d-------- C:\Program Files\Chaos Group
2008-05-18 14:56 . 2008-05-18 14:56 25 --a------ C:\WINDOWS\cdplayer.ini
2008-05-18 14:54 . 2008-05-18 14:54 <DIR> d-------- C:\Program Files\Real
2008-05-18 14:54 . 2008-05-18 14:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-18 14:54 . 2008-05-18 14:54 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-16 20:05 . 2008-05-20 21:15 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-16 19:31 . 2003-08-11 10:13 344,064 -ra------ C:\WINDOWS\system32\msvcr70.dll
2008-05-16 19:31 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-05-16 18:24 . 2008-05-16 18:25 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-05-15 23:58 . 2008-05-16 18:32 <DIR> d-------- C:\Documents and Settings\DRea\Application Data\DivX
2008-05-15 23:51 . 2008-05-15 23:54 <DIR> d-------- C:\Program Files\DivX
2008-05-15 23:45 . 2008-05-15 23:45 <DIR> d-------- C:\Program Files\Essentials Codec Pack
2008-05-15 23:41 . 2008-05-15 23:41 <DIR> d-------- C:\Program Files\Xvid
2008-05-15 23:08 . 2008-05-15 23:08 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-05-15 22:59 . 2008-05-15 22:59 <DIR> d-------- C:\Documents and Settings\DRea\Application Data\Vso
2008-05-15 22:59 . 2008-05-15 22:59 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-15 22:59 . 2008-05-15 22:59 47,360 --a------ C:\Documents and Settings\DRea\Application Data\pcouffin.sys
2008-05-15 22:53 . 2004-01-27 20:50 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2008-05-15 22:53 . 2004-01-27 20:51 290,816 --a------ C:\WINDOWS\system32\3ivxDSDecoder.ax
2008-05-15 22:17 . 2008-05-15 22:17 <DIR> d-------- C:\Program Files\Super DVD Copy
2008-05-15 22:10 . 2008-05-15 22:10 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI
2008-05-15 21:29 . 2008-05-15 21:57 <DIR> d-------- C:\Program Files\AoA DVD Ripper
2008-05-15 21:29 . 2008-05-15 21:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 21:29 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-05-15 21:29 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-05-15 21:29 . 2008-05-15 21:54 188 --a------ C:\WINDOWS\AoADVDRipper.INI
2008-05-15 19:21 . 2008-05-15 19:21 <DIR> d-------- C:\Documents and Settings\DRea\Application Data\dvdcss
2008-05-15 19:19 . 2008-05-15 19:19 <DIR> d-------- C:\Program Files\ImTOO
2008-05-15 19:19 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-05-15 19:19 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-05-12 00:03 . 2008-05-12 00:03 268 ---h----- C:\sqmdata07.sqm
2008-05-12 00:03 . 2008-05-12 00:03 244 ---h----- C:\sqmnoopt07.sqm
2008-05-11 00:03 . 2008-05-11 00:03 268 ---h----- C:\sqmdata06.sqm
2008-05-11 00:03 . 2008-05-11 00:03 244 ---h----- C:\sqmnoopt06.sqm
2008-05-10 04:16 . 2008-05-10 04:16 268 ---h----- C:\sqmdata05.sqm
2008-05-10 04:16 . 2008-05-10 04:16 244 ---h----- C:\sqmnoopt05.sqm
2008-05-09 08:40 . 2008-05-09 08:40 268 ---h----- C:\sqmdata04.sqm
2008-05-09 08:40 . 2008-05-09 08:40 244 ---h----- C:\sqmnoopt04.sqm
2008-05-09 00:32 . 2008-05-09 00:32 268 ---h----- C:\sqmdata03.sqm
2008-05-09 00:32 . 2008-05-09 00:32 244 ---h----- C:\sqmnoopt03.sqm
2008-05-08 08:40 . 2008-05-08 08:40 268 ---h----- C:\sqmdata02.sqm
2008-05-08 08:40 . 2008-05-08 08:40 244 ---h----- C:\sqmnoopt02.sqm
2008-05-08 01:13 . 2008-05-08 01:13 268 ---h----- C:\sqmdata01.sqm
2008-05-08 01:13 . 2008-05-08 01:13 244 ---h----- C:\sqmnoopt01.sqm
2008-05-07 08:43 . 2008-05-07 08:43 268 ---h----- C:\sqmdata00.sqm
2008-05-07 08:43 . 2008-05-07 08:43 244 ---h----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-25 22:32 --------- d-----w C:\Program Files\Pixologic
2008-05-18 13:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-18 13:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-16 18:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\element5
2008-04-27 15:04 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-27 15:04 --------- d-----w C:\Program Files\Common Files\element5 Shared
2008-04-18 23:06 --------- d-----w C:\Program Files\Red Storm Entertainment
2008-04-12 21:16 --------- d-----w C:\Program Files\FLV Player
2008-04-08 09:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 09:21 --------- d-----w C:\Program Files\Windows Live
2008-04-08 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 17:35 --------- d-----w C:\Program Files\Microsoft Games
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 22:51 98,304 ------w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 21:10 315,392 ------w C:\WINDOWS\HideWin.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 19:42 16858624 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 22:31 262401]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2007-05-07 19:28 589824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\DRea\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-01-27 18:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--------- 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"222:TCP"= 222:TCP:SSH

R2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2006-09-17 10:32]
R2 sshd;CYGWIN sshd;C:\cygwin\bin\cygrunsrv.exe [2008-03-18 11:28]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\WINDOWS\system32\Drivers\DB3G.sys [2005-04-24 15:43]

*Newly Created Service* - ALERTER
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 22:53:13 C:\WINDOWS\Tasks\dailybackup.job"
- C:\backup\dailybackup.bat
- C:\backup
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 18:34:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-06-06 18:34:48
ComboFix-quarantined-files.txt 2008-06-06 17:34:36

Pre-Run: 138,174,226,432 bytes free
Post-Run: 139,209,441,280 bytes free

250 --- E O F --- 2008-05-27 23:37:32

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:08 AM

Posted 06 June 2008 - 04:42 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem HERE. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users