943,717 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > After Malware, IE and FF won't run
Ad:
You are currently viewing page 2 of this multi-page discussion thread; Jump to the first page
Permalink
Sep 9th, 2008
0

Re: After Malware, IE and FF won't run

Things seem to be running smooth except that...Whenever I try to scan with either Spybot or AVG, the computer crashes partway through just like it did with MBAM. Strange.

Here's the log for the script thingy:
Quote ...
ComboFix 08-09-05.10 - Bisterd 2008-09-08 22:44:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.704 [GMT -7:00]
Running from: C:\Documents and Settings\Bisterd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bisterd\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-08 19:59 . 2008-09-08 21:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-08 19:52 . 2008-09-08 19:58 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-08 19:52 . 2008-09-08 19:52 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-08 19:52 . 2008-09-08 19:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-08 19:52 . 2008-09-08 19:52 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-08 19:52 . 2008-09-08 19:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-08 19:51 . 2008-09-08 19:51 <DIR> d-------- C:\Program Files\AVG
2008-09-08 19:51 . 2008-09-08 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-08 11:46 . 2008-09-08 23:06 403,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-08 11:46 . 2008-09-08 22:57 5,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-08 09:26 . 2008-09-08 09:26 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-08 09:26 . 2008-09-08 23:04 352,918 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-09-08 09:26 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-08 09:05 . 2008-09-08 09:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 09:05 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-08 09:05 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 08:37 . 2008-09-08 08:38 <DIR> d-------- C:\Program Files\Unlocker
2008-09-07 21:35 . 2008-09-07 21:43 <DIR> d-------- C:\fixwareout
2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Program Files\CCleaner
2008-09-07 11:02 . 2008-09-07 11:02 <DIR> d-------- C:\Documents and Settings\Bisterd\Application Data\Malwarebytes
2008-09-07 11:02 . 2008-09-07 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 01:32 . 2008-09-07 01:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-07 00:22 . 2008-09-07 00:22 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-06 11:16 . 2008-09-06 11:16 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-06 10:50 . 2008-09-05 17:07 31,232 --a------ C:\x
2008-09-06 10:40 . 2008-09-06 10:40 0 --a------ C:\d1.exe
2008-09-06 10:39 . 2008-09-06 10:39 0 --a------ C:\944064064
2008-09-06 10:37 . 2008-09-06 10:37 <DIR> d-------- C:\Program Files\PowerISO
2008-09-06 07:27 . 2008-09-06 07:27 155,648 --a------ C:\WINDOWS\system32\CodecBHO.dll
2008-08-24 18:41 . 2008-09-04 16:27 <DIR> d-------- C:\Program Files\ColorPic 4.1
2008-08-24 18:41 . 2008-08-24 18:41 134,126 --a------ C:\WINDOWS\ColorPic Uninstaller.exe
2008-08-09 18:27 . 2008-08-09 18:27 <DIR> d-------- C:\Program Files\Multiple Image Resizer .NET
2008-08-09 17:58 . 2008-08-09 17:58 <DIR> d-------- C:\Program Files\Gadwin PrintScreenPro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 05:41 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\SiteAdvisor
2008-09-09 05:41 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\FileZilla
2008-09-08 23:27 1,331,200 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-08 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-08 18:44 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\.gaim
2008-09-07 08:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 18:09 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\uTorrent
2008-09-06 17:39 --------- d-----w C:\Program Files\Opera
2008-09-06 02:59 --------- d-----w C:\Program Files\eMule
2008-09-04 23:27 --------- d-----w C:\Program Files\FileZilla-3.1.0.1
2008-09-04 23:26 --------- d-----w C:\Program Files\ConTEXT
2008-08-30 02:51 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\gtk-2.0
2008-08-24 05:26 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\LimeWire
2008-08-10 06:54 --------- d-----w C:\Program Files\zsnesw
2008-08-10 01:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 01:13 --------- d-----w C:\Documents and Settings\Bisterd\Application Data\OpenOffice.org2
2008-08-04 05:11 --------- d-----w C:\Program Files\Jnes
2008-08-04 00:51 45,168 ----a-w C:\Documents and Settings\Bisterd\Application Data\GDIPFONTCACHEV1.DAT
2008-07-30 23:06 --------- d-----w C:\Program Files\InterActual
2008-07-28 05:10 --------- d-----w C:\Program Files\PHP
2008-07-28 04:37 --------- d-----w C:\Program Files\Apache Software Foundation
2008-07-28 03:24 --------- d-----w C:\Program Files\MySQL
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-09 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-12 04:03 49 ----a-w C:\Program Files\Warnings.txt
2007-03-12 04:03 239 ----a-w C:\Program Files\Morrowind.ini
2007-03-12 04:03 114 ----a-w C:\Program Files\ProgramFlow.txt
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SETA1.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET83.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET79.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET64.tmp
2006-10-03 09:43 2,402,550 ----a-w C:\WINDOWS\inf\SET58.tmp
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
2005-05-14 00:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2006-05-25 05:05 88 --sh--r C:\WINDOWS\system32\2D10762079.sys
2006-06-12 05:09 56 --sh--r C:\WINDOWS\system32\792076102D.sys
2005-10-08 02:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 19:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-06-12 05:09 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-27 17:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 20:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-07_22.56.18.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-09 02:52:05 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-07-19 22:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-09 16:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2008-09-08 05:14:10 17,421 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-09-09 05:59:42 17,421 ----a-w C:\WINDOWS\system32\tablet.dat
- 2007-09-07 00:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2008-07-09 16:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
- 2007-09-07 00:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-07-09 16:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2008-07-09 16:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2008-07-09 16:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2008-07-09 16:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2008-07-09 16:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2008-07-09 16:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
- 2007-09-07 00:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-07-09 16:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2008-07-09 16:05:12 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2007-09-07 00:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2008-07-09 16:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
- 2007-09-07 00:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-07-09 16:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2007-11-22 19:09:05 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
+ 2008-09-08 18:43:03 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-07-09 16:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 07:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 21:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 07:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 07:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 07:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 07:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 07:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-20 06:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 21:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-20 01:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 07:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 07:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 07:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 07:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 21:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 01:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-07-09 16:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 19:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2008-07-09 16:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2008-07-09 16:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 16:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 16:05:24 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-09-08 23:00:17 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-07-09 16:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 16:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 16:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 16:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 16:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 10:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 10:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2008-07-09 16:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 15:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-02-27 10:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2008-02-27 10:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2008-07-09 16:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 16:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 16:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 03:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 23:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2008-07-09 16:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-12 00:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2008-07-09 16:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 16:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 16:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 16:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 16:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 16:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 15:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2008-07-09 16:05:12 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 16:05:12 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 16:05:14 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 16:05:14 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Google Update"="C:\Documents and Settings\Bisterd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-01-30 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-01-30 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-08 1235736]
"P17Helper"="P17.dll" [2005-05-02 C:\WINDOWS\system32\P17.dll]
"nwiz"="nwiz.exe" [2007-01-30 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bisterd^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Bisterd\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bisterd^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Bisterd\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bisterd^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Bisterd\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 14:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 03:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 12:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-22 16:16 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-06-17 05:56 139264 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-12-04 16:39 461584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 08:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 08:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 17:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-04-09 10:57 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 18:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-16 23:32 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2006-07-07 12:58 8915456 C:\Program Files\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-01-30 11:54 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 21:20 339968 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"NetSvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-08 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-08 97928]
R2 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 20539]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-08 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 USA19W;USA19W;C:\WINDOWS\system32\DRIVERS\usa19w2k.sys [2002-05-13 292920]
R3 USA19w2KP;Keyspan High Speed USB Serial Adapter Port Driver;C:\WINDOWS\system32\DRIVERS\usa19w2kp.SYS [2002-04-08 40848]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 14156]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 16768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-zBrowser Launcher - C:\Program Files\Logitech\iTouch\iTouch.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 23:00:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mysql]
"ImagePath"="C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-08 23:55:19 - machine was rebooted [Bisterd]
ComboFix-quarantined-files.txt 2008-09-09 06:54:06
ComboFix2.txt 2008-09-08 06:00:02

Pre-Run: 47,107,624,960 bytes free
Post-Run: 47,065,931,776 bytes free

402 --- E O F --- 2008-05-17 10:02:44
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bistered is offline Offline
7 posts
since Sep 2008
Permalink
Sep 10th, 2008
0

Re: After Malware, IE and FF won't run

Bistered, I think I must have been a bit lazy... ok, hopeful, when I gave you that script to run.. I should not have included the prefixing file idents etc. I just tested it on my own machine and Combofix did not appreciate them.... Anyway, most are gone, but could you manually delete these files/folders please [it will save restarting combofix]:
C:\x
C:\d1.exe
C:\944064064
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\@@desktop.dat

Now, that scanning problem. Just to see if any malware remains could you:
==Run CCleaner in all Accounts.
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java.
Please ATTACH to your post the log it produces.
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005
Permalink
Sep 13th, 2008
0

Re: After Malware, IE and FF won't run

Why gerbil, I don't think anyone that would help a poor sucker like me clean his computer up is at all lazy.

I scanned several times and attached all three logs. ActiveScan1.txt is the first scan I did. It could remove almost none of the 'threats' it found, so I deleted them, then scanned again, which is ActiveScan2.txt. After deleting those, ActiveScan3.txt, the final scan via pandasecurity, indicated no threats. Don't hold your breath...

I'm going to try another AVG scan now to see if the problem remains. Computer crash in: *starts countdown*...

EDIT: Yep, still crashed...This may be something unrelated to malware, my computer isn't in top shape these days and it gives me random blue screens from time to time..
Last edited by bistered; Sep 13th, 2008 at 2:38 am.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bistered is offline Offline
7 posts
since Sep 2008
Permalink
Sep 13th, 2008
0

Re: After Malware, IE and FF won't run

Sorry, bistered.. I should have mentioned that Panda will actually clean only virii, but it is superb at listing other malwares which can then be targeted. Nice work on removing the baddies.
Note that it shows two M$ updates described in those two bulletins as not installed.
This is how the combofix CFScript.txt should have been presented... I had another long list to edit, and because a somewhat similar tool does accept the idents I thought I would give it a shot. Anyway, now I know.
I have removed the reg fixes because they were dealt with... I suggest you run this as before, but first delete your version of Combofix and dl the latest version [yours will have timed-out by now, and not run].

Killall::

File::
C:\WINDOWS\system32\sups.dll
C:\WINDOWS\system32\odiw.dll
C:\WINDOWS\system32\2.ico
C:\x
C:\WINDOWS\system32\1.ico
C:\d1.exe
C:\uoju.exe
C:\oitkxr.exe
C:\accq.exe
C:\ubcs.exe
C:\WINDOWS\system32\gjm86akm34.dll
C:\944064064
C:\WINDOWS\system32\CodecBHO.dll
C:\WINDOWS\inf\SETA1.tmp
C:\WINDOWS\inf\SET83.tmp
C:\WINDOWS\inf\SET79.tmp
C:\WINDOWS\inf\SET64.tmp
C:\WINDOWS\inf\SET58.tmp
C:\WINDOWS\@@desktop.dat
C:\WINDOWS\system32\2D10762079.sys
C:\WINDOWS\system32\792076102D.sys
C:\WINDOWS\system32\kddwe.exe
C:\WINDOWS\Temp\kddwe.ren

Re the blue screens...It might pay to remove and then swap RAM modules if you have more than one, unplug and replug any connections you can lay a hand to... Simple stuff, but they get real mean on the gold on those connectors, if gold there is.
Last edited by gerbil; Sep 13th, 2008 at 8:45 am.
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005
Permalink
Sep 13th, 2008
0

Re: After Malware, IE and FF won't run

When I drag the script onto CF, it doesn't run. (I redownloaded CF.) Something wrong with it? CFScript.txt
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bistered is offline Offline
7 posts
since Sep 2008
Permalink
Sep 14th, 2008
0

Re: After Malware, IE and FF won't run

Looks sweet. Did you delete the old one?
Try it from Safe Mode.
Reputation Points: 239
Solved Threads: 296
Industrious Poster
gerbil is offline Offline
4,169 posts
since May 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Help with notavirus
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: CKVO.exe virus





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC