Jump to content

billysworld

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by billysworld

  1. I really don't want to eradicate the c partition and reinstall Windows XP. After running the ComboFix scan the logs are attached below. Afterwards I ran AntiMalaware and it didn't find any additional errors. NAV is still unable to launch but I think I need to reinstall. Is my laptop safe now? ComboFix 09-08-19.0C 08/20/2009 11:50.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1201 [GMT -4:00] Running from: F:\Combo-Fix.exe AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\Fonts\ZWAdobeF.TTF c:\windows\msa.exe c:\windows\run.log c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\drivers\kbiwkmofjwswes.sys c:\windows\system32\drivers\UACjnifftkocm.sys c:\windows\system32\kbiwkmiqjixoru.dat c:\windows\system32\kbiwkmlpprmphg.dat c:\windows\system32\kbiwkmrqxtapuy.dll c:\windows\system32\kbiwkmwfthoscr.dll c:\windows\system32\net.net c:\windows\system32\uacinit.dll c:\windows\system32\UACqlhyiuixmk.dll c:\windows\system32\UACtkbpfqrnss.dat c:\windows\system32\wisdstr.exe c:\windows\system32\drivers\beep.sys . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmqmhwvbfo -------\Legacy_kbiwkmqmhwvbfo -------\Service_UACd.sys -------\Legacy_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-20 15:11 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-20 15:11 . 2009-08-20 15:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-20 15:11 . 2009-08-20 15:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-08-20 15:11 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 05:30 . 2009-08-20 05:30 -------- d-----r- c:\program files\Norton Support 2009-08-20 05:15 . 2009-08-20 05:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2009-08-20 05:15 . 2009-08-20 05:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Juniper Networks 2009-08-20 05:03 . 2009-08-20 05:03 -------- d-----w- c:\windows\Installer 2009-08-20 04:48 . 2009-08-20 04:37 140288 ----a-w- c:\windows\msb.exe 2009-08-20 04:35 . 2009-08-20 04:35 30208 ----a-w- c:\windows\system32\uacrem.dll 2009-08-20 04:35 . 2009-08-20 04:35 19968 ----a-w- c:\windows\system32\uacserf.dll 2009-08-20 04:35 . 2009-08-20 06:00 74240 ----a-w- c:\windows\system32\uacbbr.dll 2009-07-30 06:26 . 2009-07-30 06:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Juniper Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 04:54 . 2007-09-24 06:29 -------- d-----w- c:\program files\Windows Media Connect 2 2009-08-04 07:09 . 2007-09-21 06:38 -------- d-----w- c:\documents and settings\Lok\Application Data\Juniper Networks . ------- Sigcheck ------- [-] 2009-08-20 04:49 28160 2881223B96B5D8D86D632F03377623F4 c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-09-18 176128] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-30 286720] "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [3/21/2009 11:26 PM 310320] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [3/21/2009 11:26 PM 482352] R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [9/19/2007 1:57 AM 92550] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [3/21/2009 11:26 PM 258608] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/11/2009 11:02 PM 276344] S3 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/21/2009 11:26 PM 115560] . - - - - ORPHANS REMOVED - - - - HKCU-Run-AV Care - c:\program files\AV Care\AVCare.exe HKLM-Run-NWEReboot - (no file) Notify-NavLogon - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.acml.com/dana-cached/sc/JuniperSetupClient.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 11:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1308) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-08-20 11:55 ComboFix-quarantined-files.txt 2009-08-20 15:55 Pre-Run: 35,185,278,976 bytes free Post-Run: 36,009,353,216 bytes free 128 --- E O F --- 2008-10-26 05:33
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.