Jump to content

XP Home edition Version swap


ppshep

Recommended Posts

Ok I do not know if I have an infection. I was running XP HE sp3 and shortly after a power failure an earlier version (sp1) started loading. All my restore points up to the new load have gone away. I have surge protection and have never seen this before. All the original users are in tact with their files with the exception of mine ( owner). I am unable start or reload Avira from the web or from my existing program files. MBAM works fine and I have done a avs scan via Eset. I am posting the logs as instructed. I am looking forward to some help. thank you

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5008

Windows 5.1.2600 Service Pack 1 (Safe Mode)

Internet Explorer 6.0.2800.1106

10/31/2010 12:30:01 PM

mbam-log-2010-10-31 (12-30-01).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 342622

Time elapsed: 53 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESNET 10-31

C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP11\A0005890.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP11\A0005891.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 11:35 on 31/10/2010 (Administrator)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

DDS (Ver_10-10-31.01) - NTFSx86 NETWORK

Run by Administrator at 18:48:09.34 on Sun 10/31/2010

Internet Explorer: 6.0.2800.1106

Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.247.149 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrator.YOUR-XHTR8HVC4P\Desktop\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://us9.hpwis.com/

mDefault_Search_URL = hxxp://srch-us9.hpwis.com/

mSearch Page = hxxp://srch-us9.hpwis.com/

mStart Page = hxxp://us9.hpwis.com/

mSearch Bar = hxxp://srch-us9.hpwis.com/

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll

BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll

TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [NAV CfgWiz] c:\progra~1\norton~1\Cfgwiz.exe /R

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\documents and settings\administrator.your-xhtr8hvc4p\start menu\programs\startup\AutoTBar.exe

StartupFolder: c:\docume~1\admini~1.you\startm~1\programs\startup\mod_sm.lnk - c:\hp\bin\cloaker.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll

LSP: SpSubLSP.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

Notify: igfxcui - igfxsrvc.dll

Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll

============= SERVICES / DRIVERS ===============

S2 mrtRate;mrtRate; [x]

S2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-11-15 116336]

S2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\Savrtpel.sys [2002-7-26 34992]

S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-11-13 317128]

S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2002-11-15 100032]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20030610.007\NAVENG.Sys [2003-8-28 67800]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20030610.007\NavEx15.Sys [2003-8-28 531128]

S3 SAVRT;SAVRT;c:\windows\system32\drivers\savrt.sys [2002-7-26 235184]

=============== Created Last 30 ================

2010-11-01 02:37:55 182880 -c--a-w- c:\windows\system32\dllcache\iuengine.dll

2010-11-01 02:37:55 182880 ----a-w- c:\windows\system32\iuengine.dll

2010-10-31 18:55:24 -------- d-----w- c:\docume~1\admini~1.you\applic~1\Malwarebytes

2010-10-31 18:55:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-31 18:55:08 19288 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-31 18:49:13 -------- d-s---w- c:\documents and settings\administrator.your-xhtr8hvc4p\UserData

2010-10-31 05:15:02 45056 ----a-w- c:\windows\system32\UTSCSI.EXE

2010-10-31 01:03:39 -------- d-----w- c:\windows\UfdApp

2010-10-28 23:43:46 -------- d-----w- C:\cmdcons(2)

2010-10-27 19:24:50 155648 ----a-w- c:\windows\system32\igfxres.dll

2010-10-27 19:24:12 208896 ----a-w- c:\windows\system32\wmpns.dll

2010-10-27 19:21:15 532480 -c--a-w- c:\windows\system32\dllcache\rpcrt4.dll

2010-10-27 19:21:15 532480 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll

2010-10-27 19:21:15 260608 -c--a-w- c:\windows\system32\dllcache\rpcss.dll

2010-10-27 19:21:15 260608 ----a-w- c:\windows\system32\rpcss(2)(2).dll

2010-10-27 19:21:15 1172992 -c--a-w- c:\windows\system32\dllcache\ole32.dll

2010-10-27 19:21:15 1172992 ----a-w- c:\windows\system32\ole32(2)(2).dll

2010-10-27 19:20:33 -------- d-----w- c:\program files\Java Web Start

2010-10-27 19:20:16 229487 ----a-w- c:\windows\system32\jpicpl32.cpl

2010-10-27 19:16:30 51072 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2010-10-27 19:16:30 23424 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2010-10-27 19:16:24 0 ----a-w- c:\windows\system32\iAlmcoin.dll

2010-10-27 19:14:23 57856 ----a-w- c:\windows\system32\drivers\drmk.sys

2010-10-27 19:14:23 134272 ----a-w- c:\windows\system32\drivers\portcls.sys

2010-10-27 19:08:43 24960 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-10-27 19:08:41 28160 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-10-27 19:08:33 5888 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-10-27 19:08:32 77440 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-10-27 19:08:31 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys

2010-10-27 19:08:29 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys

2010-10-27 19:08:28 142208 ----a-w- c:\windows\system32\drivers\aec.sys

2010-10-27 19:08:27 159360 ----a-w- c:\windows\system32\drivers\kmixer.sys

2010-10-27 19:08:26 2816 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2010-10-27 19:08:25 56832 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2010-10-27 18:34:41 -------- dcsh--r- c:\windows\system32\dllcache

==================== Find3M ====================

============= FINISH: 18:49:09.59 ===============

Attach.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.