Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Non-Responsive Computer Programs and Applications [RESOLVED]

Started by Elfykins , May 02 2008 08:07 PM

This topic is locked

#1
Elfykins

Posted 02 May 2008 - 08:07 PM

New Member

Member
4 posts

Okay I dont know if this is malware, or whatever, but this has been happening to me, and I've already rung a tech support here where I live, and the guys only offer was to have me come down personally and bring my computer, and spend ~$100 for him to get it looked at, thing is though i have a dislocated ankle and cannot do that, and nore can I afford it, and someone pointed me to this site so here it goes...sorry if I post wrong, but im in desperate need of help.

I have the following Virus/Spyware checkerS:

Ad-Aware (Just updated it)
Avast! (with up to date definitions, as it just updated it for me like 2 seconds ago)
Crap Cleaner (I use this to clean out all my files and fix up my registry, but I downloaded your ATF program and used that too).

The issue Im having is this. Sometimes when Im doing something so simple as browsing the internet, my explorer page will miss its "Menu" bar on somethings, and sit there with "Connecting...", only way for me to fix this is to close off one of my other screens, sometimes i could have absolutely NO other screens open, so I have to close one of my applications down such as Skype or MSN just so I can load up a new page or do anything, most of the times i have to reboot just so I can get back to doing what I want.

This doesnt just apply for explorer pages, it applies for everything Im trying to use, wheater it be applications or folders, I cant open them unless i close something else off, and its starting to drive me insane, especially when it also prevents me from right clicking.

This also even applies for bringing up task manager. When the bug is occuring, I cannot use ctrl+alt+delete or ANYTHING for that matter to bring up the task manager, I have to open up one of the spare folders and close that off in order to open up task manager to see whats going on, if the bug occurs while task manager is open, nothing out of the ordinary is in it at all, and it just wont let me click anything inside of task manager, i have to physically select one of the other little things on my hot bar to close it off.

The weirdist thing also happened one day, I clicked a PDF file once in iexplorer to open it, when I was searching for houses..., and it went crazy on me and started opening up a million of the PDF files, and it wouldnt stop for a bit, took 2 minutes before it finally did stop, and then I had to sit there spamming close on all windows pages trying to load this PDF file (I dont know if that was my computer or what, but when I rang the company they checked for me and the person from the company who had the pdf file on their website had no issues)

When I did my clean up using Avast! it picked up trojans, and removed the 2 it found, using Ad-Aware it picked up 6 Spy Cookies, that was it, and crap cleaner deleted ~760mb worth of Temporary files and so forth from my computer.

My computer is actually having this bug right now, and I had to close off my folders in order to be able to even post this.

I've asked for advice from so many sources, and no one could help, and someone pointed me here.

This is my Hijackthis Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:11 AM, on 3/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sarah\My Documents\aorelay\aorc\aorc+.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\php.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\php.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nexus Bot.lnk = C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\chatbot.bat
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7254 bytes

Again sorry if this is the wrong place, but you are professionals from what i was told, and Im really in need of help, the bug isnt actually killing my computer (from the looks), but its making using it so frustrating, considering I only got this computer 2 months ago.

On another note, when I tried to use the OnlinePanda ActiveScan, Avast! popped up with this:

Posted Image

Should i cancel Avast! when using this prog?

Edited by Elfykins, 04 May 2008 - 06:24 AM.

#2
greyknight17

Posted 03 May 2008 - 02:03 PM

Malware Expert

Visiting Consultant
16,560 posts

Welcome to GTG.

I'm not sure if this is malware related, but we can take a look.

Yes, disable Avast Antivirus before you run the Panda scan. Otherwise, as you have noticed, it might be blocked. Try running Panda once you disable Avast.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

#3
Elfykins

Posted 04 May 2008 - 01:57 AM

New Member

Topic Starter
Member
4 posts

This is the log report from Combofix:

ComboFix 08-05-01.3 - Sarah 2008-05-04 15:52:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1390 [GMT 9.5:30]
Running from: C:\Documents and Settings\Sarah\My Documents\Downloads2\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 11:51 . 2008-05-03 11:51 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-03 11:51 . 2008-05-03 11:51 <DIR> d-------- C:\Program Files\Panda Security
2008-05-03 11:44 . 2008-05-03 11:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 15:34 . 2008-05-02 15:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-02 15:34 . 2008-05-02 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-02 15:31 . 2008-05-02 15:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 15:04 . 2008-05-02 15:04 <DIR> d-------- C:\Program Files\Webroot
2008-05-02 15:04 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-05-02 15:02 . 2008-05-02 15:02 164 --a------ C:\install.dat
2008-05-02 14:36 . 2008-05-02 14:36 268 --ah----- C:\sqmdata19.sqm
2008-05-02 14:36 . 2008-05-02 14:36 244 --ah----- C:\sqmnoopt19.sqm
2008-04-30 12:46 . 2008-04-30 12:46 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\dvdcss
2008-04-30 10:46 . 2008-04-30 10:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-30 10:46 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-29 14:54 . 2008-04-29 14:54 268 --ah----- C:\sqmdata18.sqm
2008-04-29 14:54 . 2008-04-29 14:54 244 --ah----- C:\sqmnoopt18.sqm
2008-04-24 16:27 . 2008-04-24 16:27 268 --ah----- C:\sqmdata17.sqm
2008-04-24 16:27 . 2008-04-24 16:27 244 --ah----- C:\sqmnoopt17.sqm
2008-04-22 10:54 . 2008-04-22 17:21 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\MilkShape 3D 1.x.x
2008-04-19 23:06 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-19 23:06 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-19 23:06 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-19 23:06 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-19 23:06 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-19 23:06 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-19 23:06 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-19 23:06 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-19 23:06 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-19 23:06 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-19 23:04 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-19 23:03 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-19 23:02 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-19 23:01 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-19 23:00 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-19 22:59 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-19 22:58 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-04-19 22:57 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-04-19 22:56 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-19 22:55 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-19 22:54 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-04-19 22:53 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-19 22:52 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-19 22:51 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-19 22:50 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-19 22:49 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-19 22:48 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-18 12:46 . 2008-04-18 12:46 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\fltk.org
2008-04-18 12:44 . 2008-04-18 12:44 <DIR> d-------- C:\Program Files\ePSXe
2008-04-17 23:55 . 2008-04-17 23:55 <DIR> d-------- C:\Program Files\psx emulation cheater
2008-04-17 19:23 . 2008-04-17 19:23 <DIR> d-------- C:\WINDOWS\USB Vibration
2008-04-17 19:23 . 2008-04-17 19:23 <DIR> d-------- C:\Program Files\USB Vibration
2008-04-16 11:45 . 2008-04-16 11:45 8 -r-hs---- C:\WINDOWS\system32\E446E6CC01.sys
2008-04-16 11:42 . 2008-04-16 11:42 <DIR> d-------- C:\Program Files\Corel
2008-04-16 11:42 . 2008-04-16 11:43 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-16 11:31 . 2008-04-16 11:44 88 -r-hs---- C:\WINDOWS\system32\4E73720C1B.sys
2008-04-16 11:30 . 2008-04-16 11:44 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Corel
2008-04-16 11:30 . 2008-04-16 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-04-16 11:23 . 2008-04-25 12:32 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-11 17:27 . 2008-04-11 17:27 268 --ah----- C:\sqmdata16.sqm
2008-04-11 17:27 . 2008-04-11 17:27 244 --ah----- C:\sqmnoopt16.sqm
2008-04-11 17:22 . 2008-04-11 17:25 1,910 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 10:06 . 2008-04-05 10:06 268 --ah----- C:\sqmdata15.sqm
2008-04-05 10:06 . 2008-04-05 10:06 244 --ah----- C:\sqmnoopt15.sqm
2008-04-04 20:16 . 2008-04-04 20:16 268 --ah----- C:\sqmdata14.sqm
2008-04-04 20:16 . 2008-04-04 20:16 244 --ah----- C:\sqmnoopt14.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 12:14 --------- d-----w C:\Documents and Settings\Sarah\Application Data\Skype
2008-05-03 06:36 --------- d-----w C:\Documents and Settings\Sarah\Application Data\skypePM
2008-05-02 05:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-02 05:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 12:34 --------- d-----w C:\Program Files\DivX
2008-04-24 12:06 --------- d-----w C:\Program Files\EA GAMES
2008-04-23 23:02 --------- d-----w C:\Documents and Settings\Sarah\Application Data\uTorrent
2008-04-17 09:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 03:48 --------- d-----w C:\Program Files\SimPE
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 10:26 678,746 ----a-w C:\WINDOWS\unins000.exe
2008-03-24 00:41 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-24 00:32 --------- d-----w C:\Program Files\LucasArts
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 21:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-14 22:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-14 09:42 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-02-14 09:37 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:30 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 16:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 10:16 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:54 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 19:44 16844800 C:\WINDOWS\RTHDCPL.exe]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-06-26 16:26 2173480]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 21:30 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-07-23 11:11 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 21:30 33280 C:\WINDOWS\system32\rundll32.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 15:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 15:37 2178832]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-30 04:07 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 09:35 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 21:30 15360]

C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\
Nexus Bot.lnk - C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\chatbot.bat [2008-02-14 20:08:03 35]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 04:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 04:05]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-14 19:12]

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 15:55:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-04 15:56:55
ComboFix-quarantined-files.txt 2008-05-04 06:26:54

Pre-Run: 242,035,003,392 bytes free
Post-Run: 242,040,684,544 bytes free

175 --- E O F --- 2008-04-12 17:31:57

Last night also when I was trying to load up Paint, it kept saying "The Application is Unable to Open". This was when this bug was occuring, and no matter what it wouldnt let me open up paint, so I eneded up having to close off EVERY window, and every application in order to let paint even open...

PandaScan found the following:

Common name: VB.XB
Technical name: Bck/VB.XB
Threat level: Low
Type: Backdoor
Effects: It allows to gain remote access to the affected computer. It causes the slowdown of the system, preventing planned tasks from being carried out. It uses stealth techniques to avoid being detected by the user. It does not spread automatically using its own means.
Affected platforms: Windows 2003/XP/2000/NT/ME/98/95

First detected on: June 16, 2007
Detection updated on: June 16, 2007
Statistics No
Proactive protection: Yes, using TruPrevent Technologies

and

Common name: Rebooter.J
Technical name: Trj/Rebooter.J
Threat level: Medium
Type: Trojan
Effects: It allows to get into the affected computer. It does not spread automatically using its own means.
Affected platforms: Windows XP/2000/NT/ME/98/95

First detected on: Jan. 2, 2007
Detection updated on: Jan. 2, 2007
Statistics Yes
Proactive protection: Yes, using TruPrevent Technologies

Its weird because my virus scanner, and my Ad-Aware did not pick these up.

Edited by Elfykins, 04 May 2008 - 02:06 AM.

#4
greyknight17

Posted 04 May 2008 - 12:28 PM

Malware Expert

Visiting Consultant
16,560 posts

Does Panda indicate where the infected files are located?

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.`

#5
Elfykins

Posted 04 May 2008 - 08:44 PM

New Member

Topic Starter
Member
4 posts

Scan complete.
No malware has been detected. The sections that have been scanned are CLEAN

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 12:04:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 740088
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 141437
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:47:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\call256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\chat512.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\index2.dat Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\user1024.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\user16384.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\user256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Skype\elfykins\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Sarah\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\History\History.IE5\MSHist012008050520080506\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\data\budabot.db Object is locked skipped
C:\Documents and Settings\Sarah\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sarah\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD9A39F4-B2F6-4D90-94F9-5003AB7C4918}\RP96\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B0E32C5A-57DF-4F3E-9234-1908D53A1172}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\LVCOMSX.LOG Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_678.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

I just ran Panda Scan (quick scan which says it can take an hour....) and it finished in 2 seconds, and said:
Congratulations!

Today you are not infected.

We have not detected any protection on your PC. With Panda solutions you will be protected against more than 3 million viruses, spyware and other threats.

Im not sure if its resolved or not, as I've had it telling me the all clear before, but then at some point its decided to start doing the weird application thing and preventing me from doing anything at all.

Last night I defragmented my computer, perhaps that helped?

Im going to run a system clean up for next time I reboot my computer.

If you can see anythingwrongin the logs I posted, please do tell me. If not then I suppose it may have been resolved now, if it returns though is there anyway to contact you or something?

#6
greyknight17

Posted 05 May 2008 - 06:46 PM

Malware Expert

Visiting Consultant
16,560 posts

Run the below two scans also to see if they find anything. Post both logs here.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Download SmitfraudFix at http://siri.urz.free...mitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop.

Open the SmitfraudFix folder. Double-click on smitfraudfix.cmd and select option #1 - Search by typing 1 and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 or any other option until you are directed to do so!

NOTE: process.exe is detected by some antivirus programs as a Risk Tool. It is not a virus. If you get this detected, ignore it.

#7
Elfykins

Posted 05 May 2008 - 07:23 PM

New Member

Topic Starter
Member
4 posts

Malwarebytes' Anti-Malware 1.11
Database version: 721

Scan type: Quick Scan
Objects scanned: 37668
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

smit:

SmitFraudFix v2.319

Scan done at 10:51:52.67, Tue 06/05/2008
Run from C:\Documents and Settings\Sarah\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\php.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Sarah\My Documents\ET BOT2\Budabot\php.exe
C:\Documents and Settings\Sarah\My Documents\aorelay\aorc\aorc+.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sarah

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sarah\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sarah\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{ECD375F3-2322-4CAE-BD5D-8F4199A9F7C9}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ECD375F3-2322-4CAE-BD5D-8F4199A9F7C9}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ECD375F3-2322-4CAE-BD5D-8F4199A9F7C9}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

#8
greyknight17

Posted 05 May 2008 - 07:36 PM

Malware Expert

Visiting Consultant
16,560 posts

Looks clean. If you get those detected again, see if the program specifies where the infected file is located.

It's probably best to post in the forum if you get a problem again as I may not always be available online.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

#9
greyknight17

Posted 12 May 2008 - 08:19 PM

Malware Expert

Visiting Consultant
16,560 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.