Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Won't Start Even In Safe Mode, Registry Problems


  • This topic is locked This topic is locked
1 reply to this topic

#1 speedily

speedily

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 05 August 2008 - 07:53 PM

--------------------------------------------------------------------------------

I originally posted this problem here:

http://forums.techguy.org/malware-re...us-2008-a.html

After I ran combofix on my win Xp pro SP2, a log of it did pop up, but I think it actually deleted some files. The log popped up in notepad, but my taskbar and icons were all gone. Then, spybot SD gave a warning that registry entries have been changed or removed, and stupid me accepted them. I restarted my computer and windows won't load, not even in safe mode. Combofix did do a restore point before it ran but I'm not sure where it saved the backup files. I tried the steps up to page 2 here:

http://webcast.broadcastnewsroom.com....jsp?id=8658-1

But it still didn't load up after I exited the recovery console. Please help cause I need to get stuff off the computer for a school project!!! Thanks a ton.

Also, I was able to get the combofix log file off of my C: drive using DOS commands and I copied it to my flash drive. Here is the log file:

ComboFix 08-08-04.01 - Matt 2008-08-05 2:39:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1497 [GMT -4:00]
Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matt\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Matt\Application Data\macromedia\Flash Player\#SharedObjects\BJXMTA22\interclick.com
C:\Documents and Settings\Matt\Application Data\macromedia\Flash Player\#SharedObjects\BJXMTA22\interclick.com\ud.sol
C:\Documents and Settings\Matt\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Matt\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Matt\Application Data\rhcgdlj0elan
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-05 00:38 . 2008-08-05 00:38 <DIR> d-------- C:\Program Files\CleanMyPC
2008-08-04 21:44 . 2008-08-04 21:44 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\SiteAdvisor
2008-08-03 17:50 . 2008-08-03 17:50 <DIR> d-------- C:\Documents and Settings\Kat\Application Data\SiteAdvisor
2008-08-02 02:11 . 2008-08-02 02:11 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-02 02:11 . 2008-08-02 02:11 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-02 02:11 . 2008-08-02 02:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-02 02:11 . 2008-08-02 02:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-02 02:09 . 2008-08-02 02:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 23:25 . 2008-08-01 23:25 <DIR> d-------- C:\Documents and Settings\Cathy\Application Data\SiteAdvisor
2008-08-01 18:34 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-01 18:16 . 2008-08-01 18:16 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\SiteAdvisor
2008-08-01 05:23 . 2008-08-01 05:23 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-01 03:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-01 03:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-01 03:41 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-01 03:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-01 03:41 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-01 03:41 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-01 03:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-01 03:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-01 03:41 . 2008-08-01 04:11 3,324 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-01 02:18 . 2008-08-01 02:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-08-01 02:18 . 2008-08-01 02:18 26,000 --a------ C:\WINDOWS\system32\E3TL.DLL
2008-07-31 22:23 . 2008-07-31 22:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 03:44 . 2008-07-31 03:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-31 03:44 . 2008-07-31 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 02:43 . 2008-07-31 02:43 <DIR> d-------- C:\Program Files\okaurhg
2008-07-31 02:43 . 2008-07-31 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\whytqxih
2008-07-30 22:01 . 2008-08-01 04:22 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-30 22:01 . 2008-07-31 02:43 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\SiteAdvisor
2008-07-30 22:01 . 2008-07-31 02:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-30 22:01 . 2008-07-30 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-30 22:01 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-30 22:01 . 2008-08-05 00:32 10,825 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-30 21:59 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-30 21:59 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-30 21:59 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-30 21:59 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-30 21:59 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-30 21:59 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-30 21:58 . 2008-07-30 21:58 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-30 21:58 . 2008-07-31 03:27 <DIR> d-------- C:\Program Files\McAfee
2008-07-30 21:58 . 2008-07-30 21:59 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-30 21:50 . 2008-07-30 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-30 20:32 . 2008-07-30 20:32 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-07-28 01:55 . 2008-07-29 00:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-28 01:55 . 2008-07-28 01:55 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 04:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 03:51 --------- d-----w C:\Documents and Settings\Matt\Application Data\Azureus
2008-08-02 07:23 --------- d-----w C:\Program Files\Music
2008-08-02 07:23 --------- d-----w C:\Program Files\Incomplete
2008-08-02 06:21 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd4701.sys
2008-07-31 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-29 02:30 --------- d-----w C:\Documents and Settings\Matt\Application Data\SolidWorks
2008-07-23 23:58 --------- d-----w C:\Program Files\Trillian
2008-07-21 08:36 --------- d-----w C:\Program Files\Agent
2008-07-20 08:40 --------- d-----w C:\Program Files\Electronic Arts
2008-07-18 06:31 --------- d-----w C:\Program Files\Steam
2008-07-17 07:56 --------- d-----w C:\Documents and Settings\Matt\Application Data\U3
2008-07-08 05:21 --------- d-----w C:\Program Files\Java
2008-07-03 10:31 --------- d-----w C:\Program Files\LimeWire
2008-06-27 01:33 --------- d-----w C:\Program Files\WM Converter
2008-06-25 11:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-25 11:05 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-25 10:06 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-25 08:08 --------- d-----w C:\Documents and Settings\Matt\Application Data\SystemRequirementsLab
2008-06-24 23:21 --------- d-----w C:\Documents and Settings\Pam\Application Data\Creative
2008-06-23 22:04 20,487 ----a-w C:\WINDOWS\system32\z-lib.dll
2008-06-23 21:56 --------- d-----w C:\Program Files\Driver Cleaner Pro
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 09:06 --------- d-----w C:\Documents and Settings\Matt\Application Data\sldIM
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 02:04 --------- d-----w C:\Documents and Settings\Matt\Application Data\Easy Thumbnails
2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-30 04:23 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-30 04:23 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-16 15:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-12-22 03:55 22,328 ----a-w C:\Documents and Settings\Matt\Application Data\PnkBstrK.sys
2006-11-07 02:31 65 -c--a-w C:\Program Files\Common Files\appop.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-08-05 00:45 913664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 17:57 36640]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Cathy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DbAct"= {52FC1E00-E23A-DC4B-3579-053857820B3F} - C:\Program Files\okaurhg\DbAct.dll [2008-07-31 02:43 114688]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a--c--- 2007-07-23 11:06 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 10:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-08-16 12:33 1826816 C:\Program Files\Electronic Arts\EA Downloader\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-12-20 20:54 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-07-30 20:24 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService]
--------- 2005-05-12 21:23 110739 C:\Program Files\Logitech\MediaLife\MediaLifeService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickPassword]
--a--c--- 2002-08-29 08:07 131072 C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
--a------ 2005-11-04 19:07 49152 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
--a------ 2008-08-05 00:45 913664 C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-02 03:11 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-01-21 03:47 270336 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys [2003-09-16 16:20]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys [2003-02-06 15:27]
S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys [2002-08-02 15:41]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 21:28]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 PciCon;PciCon;D:\PciCon.sys []
S4 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe [2002-09-12 05:16]
S4 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe [2004-08-11 16:09]
S4 AnonAswSvc;Anonymizer Anti-Spyware Service;C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe [2007-10-22 05:12]
S4 AnonMgmtSvc;Anonymizer Management Service;C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2007-10-22 05:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 C:\WINDOWS\Tasks\Anonymizer scan for spyware.job
- C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe [2008-05-19 03:55]

2008-07-31 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-apiwindsc - C:\WINDOWS\system32\opmnsrqb.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jhw48vmm.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\GameTap\bin\Release\npgametaptool.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 02:42:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-05 2:43:47
ComboFix-quarantined-files.txt 2008-08-05 06:43:36

Pre-Run: 112,599,060,480 bytes free
Post-Run: 112,954,224,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

331 --- E O F --- 2008-08-03 07:25:40


Thanks for all the help!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:07 PM

Posted 05 August 2008 - 08:17 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users