Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection - combofix doesn't run, RootRepeal crashes PC,


  • This topic is locked This topic is locked
3 replies to this topic

#1 valvestat

valvestat

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 09 October 2009 - 08:01 AM

Hi there,

I've been directed here from the 'am Infected...' forum. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/260851/boot-fails-bsods-restarts-when-loading-windows-etc/ ~ OB I followed the preperation guide but couldn't run RootRepeal (resets PC on scan - also reports 'invalid PE image found on running the program.)

Background & probs with Combofix
It was suggested by the guys at the Micro Star forums that I run ComboFix to solve / diagnose any problems with a PC I am trying to fix. After following the guide on the bleepingcomputer webiste, and disabling security software etc.. the program just sits there and doesn't get past the 'This typically doesn't take more than 10 minutes - However...' message.

It does not alter the clock or suggest it is going to do so and it does not get to any of the test stages.

History of problems with computer (lasting one month)

[RARE] BSOD reporting PFN_LIST_CORRUPT (0x8F) - tested drivers and memory (idividually and then both 512 sticks with memtest up to 40 passes) - all tested as working

[RARE] BSOD reporting STOP: 0x0000008E - srescan.sys (something to do with zonealarm, though this has only recently been occuring since I installed zone alarm in place of other firewall products (threatfire and pctools)

[FREQUENT] Some cold starts result in restarts at random points in the start-up process (initial checks... login screen... loading windows...) - some restarts result in a dead computer with a flashing HD light though this is quite rare

Sometimes the USB port behave strangely - i.e insearting a pendrive results in an Adobe photo managing app starting but I can see the device from my computer.

Tested without cards (except GFX card) / drives etc.. and still have unstable PC. Sometimes, it boots without failure many times in succession - but turning it off for a while, and then turning it back on will provoke the problems. The Pc is clean of dust.

The PC is a work colleagues' and they have used tools to remove virii (pc tools, avg, spybot) - I have scanned it myself with Spybot & AVG

If anyone can give me some advice it'd be most appreciated.

---------------------------------------------------------------------------------------------------


DDS (Ver_09-09-29.01) - NTFSx86
Run by Judy at 13:22:08.21 on 09/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.494 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
F:\Judy\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [eyeBeam SIP Client]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; YPC 3.2.0; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.bbc.co.uk/cbbc/games/#/lb/games/play/buildaband"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Search - ?p=ZSzed001MKGB_ZCxdm597YYAU
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180194493695
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183215545843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-8-11 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-25 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-25 353672]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-25 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-21 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-10-09 13:12 --ds---- C:\ComboFix
2009-10-09 13:11 389,120 a------- c:\windows\system32\CF24165.exe
2009-09-28 15:55 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-28 15:55 --d----- c:\program files\SUPERAntiSpyware
2009-09-28 15:55 --d----- c:\docume~1\judy\applic~1\SUPERAntiSpyware.com
2009-09-28 15:03 389,120 a------- c:\windows\system32\CF26919.exe
2009-09-28 14:27 --d----- c:\docume~1\judy\applic~1\Malwarebytes
2009-09-28 14:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 14:27 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-28 14:27 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 14:27 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-28 14:21 389,120 a------- c:\windows\system32\CF26186.exe
2009-09-28 14:18 389,120 a------- c:\windows\system32\CF4856.exe
2009-09-28 14:13 389,120 a------- c:\windows\system32\CF15709.exe
2009-09-28 13:15 389,120 a------- c:\windows\system32\CF10814.exe
2009-09-28 13:07 389,120 a------- c:\windows\system32\CF26309.exe
2009-09-28 12:50 a-dshr-- C:\cmdcons
2009-09-28 12:50 389,120 a------- c:\windows\system32\CF23423.exe
2009-09-28 12:38 389,120 a------- c:\windows\system32\CF21770.exe
2009-09-28 12:33 389,120 a------- c:\windows\system32\CF18445.exe
2009-09-27 13:01 --dsh--- C:\found.000
2009-09-26 14:38 --d----- c:\program files\Belarc
2009-09-26 14:34 --d-h--- c:\windows\msdownld.tmp
2009-09-26 14:34 --d----- c:\windows\Logs
2009-09-13 15:22 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-13 15:22 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-13 15:22 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-09-13 15:22 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-09-13 15:22 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-09-13 15:22 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-09-13 15:22 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-09-13 15:22 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-09-13 15:22 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-09-13 15:22 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-09-13 15:20 19,016 ac------ c:\windows\system32\dllcache\w926nd.sys
2009-09-13 15:19 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-09-13 15:18 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
2009-09-13 15:17 32,640 ac------ c:\windows\system32\dllcache\symc8xx.sys
2009-09-13 15:16 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-09-13 15:15 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2009-09-13 15:14 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-09-13 15:13 166,720 ac------ c:\windows\system32\dllcache\s3m.sys
2009-09-13 15:12 49,024 ac------ c:\windows\system32\dllcache\ql1280.sys
2009-09-13 15:11 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-09-13 15:10 48,000 ac------ c:\windows\system32\dllcache\ovcam2.sys
2009-09-13 15:09 15,872 ac------ c:\windows\system32\dllcache\ne2000.sys
2009-09-13 15:08 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-09-13 15:07 797,500 ac------ c:\windows\system32\dllcache\ltsmt.sys
2009-09-13 15:06 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-09-13 15:05 100,936 ac------ c:\windows\system32\dllcache\ibmtok.sys
2009-09-13 15:04 13,312 ac------ c:\windows\system32\dllcache\hpsjmcro.dll
2009-09-13 15:03 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2009-09-13 15:02 51,200 ac------ c:\windows\system32\dllcache\eqnlogr.exe
2009-09-13 15:01 29,768 ac------ c:\windows\system32\dllcache\divasu.dll
2009-09-13 15:00 249,856 ac------ c:\windows\system32\dllcache\ctmasetp.dll
2009-09-13 14:59 41,472 ac------ c:\windows\system32\dllcache\brmfusb.dll
2009-09-13 14:58 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-09-13 14:57 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll

==================== Find3M ====================

2009-09-08 08:23 116,839 a------- c:\windows\hpqins00.dat
2009-09-07 17:30 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 17:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-25 18:58 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 18:10 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2008-05-30 14:15 284,248 ac------ c:\program files\npmusicn.dll
2009-01-19 15:19 56 ---shr-- c:\windows\system32\4F53E0A2E9.sys
2009-03-31 17:39 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-02 18:19 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100220081003\index.dat

============= FINISH: 13:22:24.23 ===============

RootRepeal (fails... see start of message)

Attached Files


Edited by Orange Blossom, 09 October 2009 - 11:24 PM.


BC AdBot (Login to Remove)

 


#2 valvestat

valvestat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 19 October 2009 - 08:13 AM

Can you close this topic please,

I've wiped the HD and re-installed windows but still getting the same problem :(

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:12 AM

Posted 23 October 2009 - 07:28 PM

Why do you want the topic closed if you are still having the same problems?
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:12 AM

Posted 24 October 2009 - 05:23 PM

Okay, user requests closure.

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users