 |  |  |  |  |  |  |  |
After Malware, IE and FF won't run
 |
Things seem to be running smooth except that...Whenever I try to scan with either Spybot or AVG, the computer crashes partway through just like it did with MBAM. Strange. 
Here's the log for the script thingy:
Here's the log for the script thingy:
•
•
•
•
ComboFix 08-09-05.10 - Bisterd 2008-09-08 22:44:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.704 [GMT -7:00]
Running from: C:\Documents and Settings\Bisterd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bisterd\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter
.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.
2008-09-08 19:59 . 2008-09-08 21:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-08 19:52 . 2008-09-08 19:58 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-08 19:52 . 2008-09-08 19:52 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-08 19:52 . 2008-09-08 19:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-08 19:52 . 2008-09-08 19:52 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-08 19:52 . 2008-09-08 19:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-08 19:51 . 2008-09-08 19:51 <DIR> d-------- C:\Program Files\AVG
2008-09-08 19:51 . 2008-09-08 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-08 11:46 . 2008-09-08 23:06 403,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-08 11:46 . 2008-09-08 22:57 5,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-08 09:26 . 2008-09-08 09:26 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-08 09:26 . 2008-09-08 23:04 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-09-08 09:26 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-08 09:05 . 2008-09-08 09:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 09:05 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-08 09:05 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 08:37 . 2008-09-08 08:38 <DIR> d-------- C:\Program Files\Unlocker
2008-09-07 21:35 . 2008-09-07 21:43 <DIR> d-------- C:\fixwareout
2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Program Files\CCleaner
2008-09-07 11:02 . 2008-09-07 11:02 <DIR> d-------- C:\Documents and Settings\Bisterd\Application Data\Malwarebytes
2008-09-07 11:02 . 2008-09-07 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 01:32 . 2008-09-07 01:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-07 00:22 . 2008-09-07 00:22 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-06 11:16 . 2008-09-06 11:16 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-06 10:50 . 2008-09-05 17:07 31,232 --a------ C:\x
2008-09-06 10:40 . 2008-09-06 10:40 0 --a------ C:\d1.exe
2008-09-06 10:39 . 2008-09-06 10:39 0 --a------ C:\944064064
2008-09-06 10:37 . 2008-09-06 10:37 <DIR> d-------- C:\Program Files\PowerISO
2008-09-06 07:27 . 2008-09-06 07:27 155,648 --a------ C:\WINDOWS\system32\CodecBHO.dll
2008-08-24 18:41 . 2008-09-04 16:27 <DIR> d-------- C:\Program Files\ColorPic 4.1
2008-08-24 18:41 . 2008-08-24 18:41 134,126 --a------ C:\WINDOWS\ColorPic Uninstaller.exe
2008-08-09 18:27 . 2008-08-09 18:27 <DIR> d-------- C:\Program Files\Multiple Image Resizer .NET
2008-08-09 17:58 . 2008-08-09 17:58 <DIR> d-------- C:\Program Files\Gadwin PrintScreenPro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 05:41 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\SiteAdvisor
2008-09-09 05:41 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\FileZilla
2008-09-08 23:27 1,331,200 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-08 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-08 18:44 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\.gaim
2008-09-07 08:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 18:09 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\uTorrent
2008-09-06 17:39 --------- d-----w C:\Program Files\Opera
2008-09-06 02:59 --------- d-----w C:\Program Files\eMule
2008-09-04 23:27 --------- d-----w C:\Program Files\FileZilla-3.1.0.1
2008-09-04 23:26 --------- d-----w C:\Program Files\ConTEXT
2008-08-30 02:51 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\gtk-2.0
2008-08-24 05:26 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\LimeWire
2008-08-10 06:54 --------- d-----w C:\Program Files\zsnesw
2008-08-10 01:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 01:13 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\OpenOffice.org2
2008-08-04 05:11 --------- d-----w C:\Program Files\Jnes
2008-08-04 00:51 45,168 ----a-w C:\Documents and Settings\Bisterd\Application Data\GDIPFONTCACHEV1.DAT
2008-07-30 23:06 --------- d-----w C:\Program Files\InterActual
2008-07-28 05:10 --------- d-----w C:\Program Files\PHP
2008-07-28 04:37 --------- d-----w C:\Program Files\Apache Software Foundation
2008-07-28 03:24 --------- d-----w C:\Program Files\MySQL
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-09 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-12 04:03 49 ----a-w C:\Program Files\Warnings.txt
2007-03-12 04:03 239 ----a-w C:\Program Files\Morrowind.ini
2007-03-12 04:03 114 ----a-w C:\Program Files\ProgramFlow.txt
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SETA1.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET83.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET79.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET64.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET58.tmp
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2006-05-25 05:05 88 --sh--r C:\WINDOWS\system32\2D10762079.sys
2006-06-12 05:09 56 --sh--r C:\WINDOWS\system32\792076102D.sys
2005-10-08 02:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-06-12 05:09 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-27 17:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-07_22.56.18.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-09 02:52:05 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-07-19 22:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-09 16:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2008-09-08 05:14:10 17,421 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-09-09 05:59:42 17,421 ----a-w C:\WINDOWS\system32\tablet.dat
- 2007-09-07 00:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-07-09 16:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
- 2007-09-07 00:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-07-09 16:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-07-09 16:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-07-09 16:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-07-09 16:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-07-09 16:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-07-09 16:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
- 2007-09-07 00:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-07-09 16:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-07-09 16:05:12 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2007-09-07 00:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-07-09 16:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
- 2007-09-07 00:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-07-09 16:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2007-11-22 19:09:05 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
+ 2008-09-08 18:43:03 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-07-09 16:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 07:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 21:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 07:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 07:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 07:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 07:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 07:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-20 06:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 21:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-20 01:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 07:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 07:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 07:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 07:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 21:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 01:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-07-09 16:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 19:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-07-09 16:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-07-09 16:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 16:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 16:05:24 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-09-08 23:00:17 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-07-09 16:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 16:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 16:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 16:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 16:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 10:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 10:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-07-09 16:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 15:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-27 10:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 10:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-07-09 16:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 16:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 16:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 03:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 23:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-07-09 16:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-12 00:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-07-09 16:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 16:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 16:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 16:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 16:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 16:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 15:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-07-09 16:05:12 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 16:05:12 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 16:05:14 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 16:05:14 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Google Update"="C:\Documents and Settings\Bisterd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-01-30 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-01-30 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-08 1235736]
"P17Helper"="P17.dll" [2005-05-02 C:\WINDOWS\system32\P17.dll]
"nwiz"="nwiz.exe" [2007-01-30 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Bisterd^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Bisterd\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bisterd^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Bisterd\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bisterd^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Bisterd\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 14:17 50736 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 03:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 12:01 67584 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-22 16:16 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-06-17 05:56 139264 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-12-04 16:39 461584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 08:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 08:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 17:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-04-09 10:57 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 18:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-16 23:32 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2006-07-07 12:58 8915456 C:\Program Files\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-01-30 11:54 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 21:20 339968 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"NetSvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-08 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-08 97928]
R2 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 20539]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-08 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 USA19W;USA19W;C:\WINDOWS\system32\DRIVERS\usa19w2k.sys [2002-05-13 292920]
R3 USA19w2KP;Keyspan High Speed USB Serial Adapter Port Driver;C:\WINDOWS\system32\DRIVERS\usa19w2kp.SYS [2002-04-08 40848]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 14156]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 16768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-zBrowser Launcher - C:\Program Files\Logitech\iTouch\iTouch.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 23:00:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mysql]
"ImagePath"="C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-08 23:55:19 - machine was rebooted [Bisterd]
ComboFix-quarantined-files.txt 2008-09-09 06:54:06
ComboFix2.txt 2008-09-08 06:00:02
Pre-Run: 47,107,624,960 bytes free
Post-Run: 47,065,931,776 bytes free
402 --- E O F --- 2008-05-17 10:02:44
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Bistered, I think I must have been a bit lazy... ok, hopeful, when I gave you that script to run.. I should not have included the prefixing file idents etc. I just tested it on my own machine and Combofix did not appreciate them.... Anyway, most are gone, but could you manually delete these files/folders please [it will save restarting combofix]:
C:\x
C:\d1.exe
C:\944064064
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\@@desktop.dat
Now, that scanning problem. Just to see if any malware remains could you:
==Run CCleaner in all Accounts.
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java.
Please ATTACH to your post the log it produces.
C:\x
C:\d1.exe
C:\944064064
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\@@desktop.dat
Now, that scanning problem. Just to see if any malware remains could you:
==Run CCleaner in all Accounts.
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java.
Please ATTACH to your post the log it produces.
Deep, deep in the woods, but walking about.
Why gerbil, I don't think anyone that would help a poor sucker like me clean his computer up is at all lazy. 
I scanned several times and attached all three logs. ActiveScan1.txt is the first scan I did. It could remove almost none of the 'threats' it found, so I deleted them, then scanned again, which is ActiveScan2.txt. After deleting those, ActiveScan3.txt, the final scan via pandasecurity, indicated no threats. Don't hold your breath...
I'm going to try another AVG scan now to see if the problem remains. Computer crash in: *starts countdown*...
EDIT: Yep, still crashed...This may be something unrelated to malware, my computer isn't in top shape these days and it gives me random blue screens from time to time..
I scanned several times and attached all three logs. ActiveScan1.txt is the first scan I did. It could remove almost none of the 'threats' it found, so I deleted them, then scanned again, which is ActiveScan2.txt. After deleting those, ActiveScan3.txt, the final scan via pandasecurity, indicated no threats. Don't hold your breath...
I'm going to try another AVG scan now to see if the problem remains. Computer crash in: *starts countdown*...
EDIT: Yep, still crashed...This may be something unrelated to malware, my computer isn't in top shape these days and it gives me random blue screens from time to time..
Last edited by bistered; Sep 13th, 2008 at 2:38 am.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Sorry, bistered.. I should have mentioned that Panda will actually clean only virii, but it is superb at listing other malwares which can then be targeted. Nice work on removing the baddies.
Note that it shows two M$ updates described in those two bulletins as not installed.
This is how the combofix CFScript.txt should have been presented... I had another long list to edit, and because a somewhat similar tool does accept the idents I thought I would give it a shot. Anyway, now I know.
I have removed the reg fixes because they were dealt with... I suggest you run this as before, but first delete your version of Combofix and dl the latest version [yours will have timed-out by now, and not run].
Re the blue screens...It might pay to remove and then swap RAM modules if you have more than one, unplug and replug any connections you can lay a hand to... Simple stuff, but they get real mean on the gold on those connectors, if gold there is.
Note that it shows two M$ updates described in those two bulletins as not installed.
This is how the combofix CFScript.txt should have been presented... I had another long list to edit, and because a somewhat similar tool does accept the idents I thought I would give it a shot. Anyway, now I know.
I have removed the reg fixes because they were dealt with... I suggest you run this as before, but first delete your version of Combofix and dl the latest version [yours will have timed-out by now, and not run].
Killall:: File:: C:\WINDOWS\system32\sups.dll C:\WINDOWS\system32\odiw.dll C:\WINDOWS\system32\2.ico C:\x C:\WINDOWS\system32\1.ico C:\d1.exe C:\uoju.exe C:\oitkxr.exe C:\accq.exe C:\ubcs.exe C:\WINDOWS\system32\gjm86akm34.dll C:\944064064 C:\WINDOWS\system32\CodecBHO.dll C:\WINDOWS\inf\SETA1.tmp C:\WINDOWS\inf\SET83.tmp C:\WINDOWS\inf\SET79.tmp C:\WINDOWS\inf\SET64.tmp C:\WINDOWS\inf\SET58.tmp C:\WINDOWS\@@desktop.dat C:\WINDOWS\system32\2D10762079.sys C:\WINDOWS\system32\792076102D.sys C:\WINDOWS\system32\kddwe.exe C:\WINDOWS\Temp\kddwe.ren
Re the blue screens...It might pay to remove and then swap RAM modules if you have more than one, unplug and replug any connections you can lay a hand to... Simple stuff, but they get real mean on the gold on those connectors, if gold there is.
Last edited by gerbil; Sep 13th, 2008 at 8:45 am.
Deep, deep in the woods, but walking about.
When I drag the script onto CF, it doesn't run. (I redownloaded CF.) Something wrong with it? CFScript.txt
|
Similar Threads
- Help w/ Malware "http://127.0.0.1:8080/ proxyconf" (Viruses, Spyware and other Nasties)
- TCP/IP stack whacked by malware; no DNS resolution (Windows NT / 2000 / XP)
- can't get rid of malware (HijackThis log inside) (Viruses, Spyware and other Nasties)
- "Upload active" searchbar Malware (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Help with notavirus
- Next Thread: CKVO.exe virus
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
