Jump to content

Need assistance please


Recommended Posts

I really don't want to eradicate the c partition and reinstall Windows XP. After running the ComboFix scan the logs are attached below. Afterwards I ran AntiMalaware and it didn't find any additional errors. NAV is still unable to launch but I think I need to reinstall.

Is my laptop safe now?

ComboFix 09-08-19.0C 08/20/2009 11:50.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1201 [GMT -4:00]

Running from: F:\Combo-Fix.exe

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\Fonts\ZWAdobeF.TTF

c:\windows\msa.exe

c:\windows\run.log

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\drivers\kbiwkmofjwswes.sys

c:\windows\system32\drivers\UACjnifftkocm.sys

c:\windows\system32\kbiwkmiqjixoru.dat

c:\windows\system32\kbiwkmlpprmphg.dat

c:\windows\system32\kbiwkmrqxtapuy.dll

c:\windows\system32\kbiwkmwfthoscr.dll

c:\windows\system32\net.net

c:\windows\system32\uacinit.dll

c:\windows\system32\UACqlhyiuixmk.dll

c:\windows\system32\UACtkbpfqrnss.dat

c:\windows\system32\wisdstr.exe

c:\windows\system32\drivers\beep.sys . . . is infected!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_kbiwkmqmhwvbfo

-------\Legacy_kbiwkmqmhwvbfo

-------\Service_UACd.sys

-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))

.

2009-08-20 15:11 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-20 15:11 . 2009-08-20 15:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-20 15:11 . 2009-08-20 15:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes

2009-08-20 15:11 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-20 05:30 . 2009-08-20 05:30 -------- d-----r- c:\program files\Norton Support

2009-08-20 05:15 . 2009-08-20 05:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

2009-08-20 05:15 . 2009-08-20 05:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Juniper Networks

2009-08-20 05:03 . 2009-08-20 05:03 -------- d-----w- c:\windows\Installer

2009-08-20 04:48 . 2009-08-20 04:37 140288 ----a-w- c:\windows\msb.exe

2009-08-20 04:35 . 2009-08-20 04:35 30208 ----a-w- c:\windows\system32\uacrem.dll

2009-08-20 04:35 . 2009-08-20 04:35 19968 ----a-w- c:\windows\system32\uacserf.dll

2009-08-20 04:35 . 2009-08-20 06:00 74240 ----a-w- c:\windows\system32\uacbbr.dll

2009-07-30 06:26 . 2009-07-30 06:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Juniper Networks

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 04:54 . 2007-09-24 06:29 -------- d-----w- c:\program files\Windows Media Connect 2

2009-08-04 07:09 . 2007-09-21 06:38 -------- d-----w- c:\documents and settings\Lok\Application Data\Juniper Networks

.

------- Sigcheck -------

[-] 2009-08-20 04:49 28160 2881223B96B5D8D86D632F03377623F4 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-09-18 176128]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-30 286720]

"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [3/21/2009 11:26 PM 310320]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [3/21/2009 11:26 PM 482352]

R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [9/19/2007 1:57 AM 92550]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [3/21/2009 11:26 PM 258608]

S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/11/2009 11:02 PM 276344]

S3 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/21/2009 11:26 PM 115560]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-AV Care - c:\program files\AV Care\AVCare.exe

HKLM-Run-NWEReboot - (no file)

Notify-NavLogon - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.acml.com/dana-cached/sc/JuniperSetupClient.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 11:54

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1308)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-08-20 11:55

ComboFix-quarantined-files.txt 2009-08-20 15:55

Pre-Run: 35,185,278,976 bytes free

Post-Run: 36,009,353,216 bytes free

128 --- E O F --- 2008-10-26 05:33

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.