lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Iexplore.exe Virus Problem, Wont Start in Safe Mode

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Iexplore.exe Virus Problem, Wont Start in Safe Mode




Reply
Page 2 of 3 1 2 3
 
Thread Tools
  #11  
Old 16th Apr 2009, 17:11
New Member Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

ComboFix 09-04-17.01 - Master 04/16/2009 19:07.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.663 [GMT -4:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Master\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 22:37 . 2009-04-16 22:39 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 22:31 . 2009-04-16 22:31 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-16 22:31 . 2009-04-16 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 22:10 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:10 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:10 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 22:10 . 2009-02-06 16:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 22:10 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-16 22:10 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:10 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:10 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:10 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:10 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 22:09 . 2009-03-27 07:09 1193414 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 22:09 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 21:56 . 2009-04-16 21:56 -------- d-----w c:\documents and settings\Master\Application Data\Auslogics
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\Master\Application Data\Malwarebytes
2009-04-16 01:10 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 01:10 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\Master\Application Data\SUPERAntiSpyware.com
2009-04-15 01:46 . 2009-04-15 01:46 -------- d-----w c:\documents and settings\Master\Application Data\U3
2009-04-15 00:27 . 2009-04-16 12:16 -------- d--h--w C:\$AVG8.VAULT$
2009-04-15 00:25 . 2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-15 00:25 . 2009-04-15 00:25 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-15 00:25 . 2009-04-15 00:25 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-15 00:24 . 2009-04-16 21:56 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-15 00:24 . 2009-04-15 22:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 00:10 . 2009-04-14 00:20 -------- d-----w C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-16 22:35 . 2005-06-22 19:35 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-16 22:33 . 2009-04-16 22:33 9327 ----a-w C:\JavaRa.log
2009-04-16 22:33 . 2005-06-21 17:02 -------- d-----w c:\program files\Java
2009-04-16 21:54 . 2009-04-16 21:54 -------- d-----w c:\program files\Auslogics
2009-04-16 21:09 . 2005-06-21 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-16 21:09 . 2001-12-14 21:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 21:08 . 2008-05-07 17:06 -------- d-----w c:\program files\Native Instruments
2009-04-16 17:19 . 2006-01-26 00:57 -------- d-----w c:\program files\Common Files\Motive
2009-04-16 17:18 . 2001-12-14 21:11 -------- d-----w c:\program files\Sony
2009-04-16 17:09 . 2009-04-16 17:09 -------- d-----w c:\program files\CCleaner
2009-04-16 16:45 . 2008-10-21 03:45 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-15 00:24 . 2009-04-15 00:24 -------- d-----w c:\program files\AVG
2009-04-13 23:59 . 2005-07-09 23:28 -------- d-----w c:\program files\Trend Micro
2009-04-11 00:19 . 2009-01-11 00:19 63488 --sha-w c:\windows\system32\hosuriru.exe
2009-03-22 04:43 . 2005-06-21 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-12 16:41 . 2005-07-09 03:35 -------- d-----w c:\documents and settings\Master\Application Data\dvdcss
2009-03-06 14:44 . 2001-12-14 19:25 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2005-06-17 04:18 81920 ------w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2001-12-14 19:26 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2001-12-14 19:25 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-12-14 19:25 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-12-14 19:25 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-12-14 19:25 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-12-14 19:26 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2001-12-14 19:25 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-12-14 19:25 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-12-14 19:25 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-12-01 14:59 . 2007-05-09 05:16 81920 ----a-w c:\documents and settings\Master\Application Data\ezpinst.exe
2008-12-01 14:59 . 2007-05-09 05:16 47360 ----a-w c:\documents and settings\Master\Application Data\pcouffin.sys
2008-11-12 21:46 . 2005-06-17 04:27 49448 ----a-w c:\documents and settings\Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-07-15 19:22 . 2005-07-15 19:22 129 ----a-w c:\documents and settings\Master\Local Settings\Application Data\fusioncache.dat
2001-12-15 02:56 . 2001-12-15 02:56 17408 --sha-w c:\program files\Thumbs.db
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-09-12 15:2007-12-11 23:46 19:00 . c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:2007-12-11 23:46 22:00 . c:\program files\mozilla firefox\plugins\unicows.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-28 08:2009-01-26 22:14 20:41 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-28 08:2009-01-26 22:14 20:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-16_22.25.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-06-17 04:13 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2001-12-14 20:42 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2001-12-14 20:42 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 39424 c:\windows\system32\pngfilt.dll
- 2001-12-14 19:25 . 2009-03-23 19:47 63528 c:\windows\system32\perfc009.dat
+ 2001-12-14 19:25 . 2009-04-16 22:46 63528 c:\windows\system32\perfc009.dat
+ 2001-12-14 20:35 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2001-12-14 19:25 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2001-12-14 19:25 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2001-12-14 20:35 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2001-12-14 20:35 . 2004-08-04 04:56 58880 c:\windows\system32\msdtclog.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 16384 c:\windows\system32\jsproxy.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 96256 c:\windows\system32\inseng.dll
- 2005-06-17 04:18 . 2008-10-16 10:37 55808 c:\windows\system32\extmgr.dll
+ 2005-06-17 04:18 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:23 . 2008-10-16 10:37 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-02-20 08:30 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2006-05-09 11:00 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-09 11:00 . 2008-10-15 09:45 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-10 05:22 . 2008-10-16 10:37 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
- 2009-04-16 22:11 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\spcustom.dl l
- 2009-04-16 22:11 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\spmsg.dll
- 2009-02-04 09:12 . 2009-02-04 09:12 56832 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\secur32.dll
- 2009-02-03 19:52 . 2009-02-03 19:52 56320 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\secur32.dll
- 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\secur32.dll
+ 2005-05-17 00:25 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
- 2005-05-17 00:25 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
- 2005-06-17 04:18 . 2004-08-04 04:56 351232 c:\windows\system32\winhttp.dll
+ 2005-06-17 04:18 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2001-12-14 20:35 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2001-12-14 20:35 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2001-12-14 20:35 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2001-12-14 19:26 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 474112 c:\windows\system32\shlwapi.dll
+ 2001-12-14 19:25 . 2009-04-16 22:46 406328 c:\windows\system32\perfh009.dat
- 2001-12-14 19:25 . 2009-03-23 19:47 406328 c:\windows\system32\perfh009.dat
+ 2001-12-14 19:25 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 532480 c:\windows\system32\mstime.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 146432 c:\windows\system32\msrating.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 449024 c:\windows\system32\mshtmled.dll
+ 2001-12-14 20:35 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2001-12-14 20:35 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2001-12-14 20:35 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2005-06-21 17:23 . 2009-04-16 22:31 148888 c:\windows\system32\javaws.exe
+ 2005-06-21 17:23 . 2009-04-16 22:31 144792 c:\windows\system32\javaw.exe
+ 2005-06-21 17:23 . 2009-04-16 22:31 144792 c:\windows\system32\java.exe
- 2001-12-14 19:25 . 2008-10-16 10:37 251392 c:\windows\system32\iepeers.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 205312 c:\windows\system32\dxtrans.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 357888 c:\windows\system32\dxtmsft.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
- 2006-05-10 05:23 . 2008-10-16 10:37 659456 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-05-10 05:23 . 2008-10-16 10:37 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2008-10-16 10:37 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2008-10-16 10:37 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2008-10-16 10:37 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-08-17 12:28 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 151040 c:\windows\system32\cdfview.dll
- 2009-04-16 22:11 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\updspapi.dl l
- 2009-04-16 22:11 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe
- 2009-04-16 22:11 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\spuninst.exe
- 2009-03-21 13:59 . 2009-03-21 13:59 991744 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dl l
- 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dl l
- 2009-03-21 13:54 . 2009-03-21 13:54 989184 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dl l
- 2009-03-21 14:18 . 2009-03-21 14:18 986112 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dl l
+ 2001-12-14 19:25 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2001-12-14 19:25 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
+ 2001-12-14 19:25 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2001-12-14 19:25 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2001-12-14 19:25 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 3059712 c:\windows\system32\mshtml.dll
+ 2006-05-29 15:30 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
- 2007-10-29 22:43 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2007-10-29 22:43 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 14:15 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-19 15:08 . 2008-10-16 10:37 3059712 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
- 2006-05-10 05:22 . 2008-10-16 10:37 1023488 c:\windows\system32\dllcache\browseui.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 1054208 c:\windows\system32\danim.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
+ 2001-12-14 19:25 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
- 2001-12-14 19:25 . 2008-10-16 10:37 1023488 c:\windows\system32\browseui.dll
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-15 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-03-23 18:07 1830128 ----a-w c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2001-04-26 19:02 2220 ----a-w c:\program files\support.com\client\lserver\Server.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"59334:UDP"= 59334:UDP:utorrent
"59334:TCP"= 59334:TCP:utorrent

R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2004-01-19 6828]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 KORG_1394;KORG_1394;c:\windows\system32\Drivers\KO RG_1394.sys [2006-11-17 114176]
R3 KORG_avs;KORG_avs;c:\windows\system32\Drivers\KORG _avs.sys [2006-11-17 28672]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFUXP.sy s [2007-04-12 16512]
R3 MAUSBXP;Service for M-Audio Xponent (WDM); [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\Drivers\SMBE.SYS [2001-09-22 593000]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-15 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-15 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-15 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-15 298264]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2007-08-03 46112]
S2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\Drivers\SonyFKC.sys [2001-12-06 12032]

.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_02\bin\jusched.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://advisorcompass.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: smartofficeonline.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3F D-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\fibufeti.dll"
"ThreadingModel"="Both"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2304)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-04-17 20:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 00:10
ComboFix2.txt 2009-04-16 22:28
ComboFix3.txt 2009-04-16 16:36

Pre-Run: 5,267,283,968 bytes free
Post-Run: 5,247,483,904 bytes free

355 --- E O F --- 2009-04-16 22:39
  #12  
Old 16th Apr 2009, 18:01
Moderator Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

That key isn't deleting...

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

File::
c:\windows\system32\fibufeti.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

RegNull::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #13  
Old 16th Apr 2009, 18:26
New Member Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

If it helps, when Combo fix is restarting the computer, it goes to the blue screen that says shutting down, but it just stays there, i had to power it off and then turn it on. Also, when combo fix first starts running, I get a windows box that says that "pv.cfexe" malfunctioned and do I want to send an error report.

ComboFix 09-04-17.01 - Master 04/16/2009 21:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.630 [GMT -4:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Master\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\fibufeti.dll
.

((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 22:37 . 2009-04-16 22:39 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 22:31 . 2009-04-16 22:31 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-16 22:31 . 2009-04-16 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 22:10 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:10 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:10 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 22:10 . 2009-02-06 16:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 22:10 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-16 22:10 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:10 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:10 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:10 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:10 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 22:09 . 2009-03-27 07:09 1193414 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 22:09 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 21:56 . 2009-04-16 21:56 -------- d-----w c:\documents and settings\Master\Application Data\Auslogics
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\Master\Application Data\Malwarebytes
2009-04-16 01:10 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 01:10 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\Master\Application Data\SUPERAntiSpyware.com
2009-04-15 01:46 . 2009-04-15 01:46 -------- d-----w c:\documents and settings\Master\Application Data\U3
2009-04-15 00:27 . 2009-04-16 12:16 -------- d--h--w C:\$AVG8.VAULT$
2009-04-15 00:25 . 2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-15 00:25 . 2009-04-15 00:25 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-15 00:25 . 2009-04-15 00:25 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-15 00:24 . 2009-04-16 21:56 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-15 00:24 . 2009-04-15 22:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 00:10 . 2009-04-14 00:20 -------- d-----w C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-16 22:35 . 2005-06-22 19:35 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-16 22:33 . 2009-04-16 22:33 9327 ----a-w C:\JavaRa.log
2009-04-16 22:33 . 2005-06-21 17:02 -------- d-----w c:\program files\Java
2009-04-16 21:54 . 2009-04-16 21:54 -------- d-----w c:\program files\Auslogics
2009-04-16 21:09 . 2005-06-21 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-16 21:09 . 2001-12-14 21:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 21:08 . 2008-05-07 17:06 -------- d-----w c:\program files\Native Instruments
2009-04-16 17:19 . 2006-01-26 00:57 -------- d-----w c:\program files\Common Files\Motive
2009-04-16 17:18 . 2001-12-14 21:11 -------- d-----w c:\program files\Sony
2009-04-16 17:09 . 2009-04-16 17:09 -------- d-----w c:\program files\CCleaner
2009-04-16 16:45 . 2008-10-21 03:45 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-15 00:24 . 2009-04-15 00:24 -------- d-----w c:\program files\AVG
2009-04-13 23:59 . 2005-07-09 23:28 -------- d-----w c:\program files\Trend Micro
2009-04-11 00:19 . 2009-01-11 00:19 63488 --sha-w c:\windows\system32\hosuriru.exe
2009-03-22 04:43 . 2005-06-21 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-12 16:41 . 2005-07-09 03:35 -------- d-----w c:\documents and settings\Master\Application Data\dvdcss
2009-03-06 14:44 . 2001-12-14 19:25 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2005-06-17 04:18 81920 ------w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2001-12-14 19:26 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2001-12-14 19:25 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-12-14 19:25 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-12-14 19:25 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-12-14 19:25 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-12-14 19:26 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2001-12-14 19:25 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-12-14 19:25 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-12-14 19:25 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-12-01 14:59 . 2007-05-09 05:16 81920 ----a-w c:\documents and settings\Master\Application Data\ezpinst.exe
2008-12-01 14:59 . 2007-05-09 05:16 47360 ----a-w c:\documents and settings\Master\Application Data\pcouffin.sys
2008-11-12 21:46 . 2005-06-17 04:27 49448 ----a-w c:\documents and settings\Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-07-15 19:22 . 2005-07-15 19:22 129 ----a-w c:\documents and settings\Master\Local Settings\Application Data\fusioncache.dat
2001-12-15 02:56 . 2001-12-15 02:56 17408 --sha-w c:\program files\Thumbs.db
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-09-12 15:2007-12-11 23:46 19:00 . c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:2007-12-11 23:46 22:00 . c:\program files\mozilla firefox\plugins\unicows.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-28 08:2009-01-26 22:14 20:41 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-28 08:2009-01-26 22:14 20:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-15 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-03-23 18:07 1830128 ----a-w c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2001-04-26 19:02 2220 ----a-w c:\program files\support.com\client\lserver\Server.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"59334:UDP"= 59334:UDP:utorrent
"59334:TCP"= 59334:TCP:utorrent

R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2004-01-19 6828]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 KORG_1394;KORG_1394;c:\windows\system32\Drivers\KO RG_1394.sys [2006-11-17 114176]
R3 KORG_avs;KORG_avs;c:\windows\system32\Drivers\KORG _avs.sys [2006-11-17 28672]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFUXP.sy s [2007-04-12 16512]
R3 MAUSBXP;Service for M-Audio Xponent (WDM); [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\Drivers\SMBE.SYS [2001-09-22 593000]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-15 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-15 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-15 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-15 298264]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2007-08-03 46112]
S2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\Drivers\SonyFKC.sys [2001-12-06 12032]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://advisorcompass.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: smartofficeonline.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 21:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3F D-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\fibufeti.dll"
"ThreadingModel"="Both"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2224)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-04-17 21:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 01:24
ComboFix2.txt 2009-04-17 00:10
ComboFix3.txt 2009-04-16 22:28
ComboFix4.txt 2009-04-16 16:36

Pre-Run: 7,232,405,504 bytes free
Post-Run: 7,260,897,280 bytes free

215 --- E O F --- 2009-04-16 22:39
  #14  
Old 16th Apr 2009, 19:43
Moderator Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

Quote:
Also, when combo fix first starts running, I get a windows box that says that "pv.cfexe" malfunctioned and do I want to send an error report.
That is ComboFix. Not sure why it is giving the error.

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

  • Double-click on drweb-cureit.exe and then click Start
  • An information notice will appear, click OK.
  • This starts a short scan that will scan the files currently running in memory.
  • If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
  • If or when something is found, click the Yes button when it asks you if you want to cure it.


  • Once the short scan has finished, Click Settings > Change Settings
  • Under the Scanning tab UNcheck Heuristic analysis and click OK
  • Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
  • When the scan is done.
  • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.


* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply
__________________
  #15  
Old 17th Apr 2009, 11:43
New Member Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

When I run Dr. Web, i get a windows error message that says setup.exe has an error and then the program doesn't run the scan. Also, now whenever the computer shuts down, it gets stuck on the blue screen that says shutting down and I have to power it off. Some of the other .dll files and the iexplore.exe problem have come back somehow so I'm going to run the other scans again to try and get rid of them.
  #16  
Old 17th Apr 2009, 12:40
New Member Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

Here are the logs from the scans I just did today:

Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 2

4/17/2009 2:51:03 PM
mbam-log-2009-04-17 (14-51-03).txt

Scan type: Quick Scan
Objects scanned: 84408
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gumiviho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\votojoye.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\darunuwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zedomuju.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sohibesi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5991f80-9a0c-49ee-9b2a-1847007b2e2e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{c5991f80-9a0c-49ee-9b2a-1847007b2e2e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c5991f80-9a0c-49ee-9b2a-1847007b2e2e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\844ca7b9 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\viwihiyiya (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm877f9425 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\votojoye.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\darunuwe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\votojoye.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gumiviho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ohivimug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\darunuwe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gopikobi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sohibesi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zedomuju.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\votojoye.dll (Trojan.Vundo.H) -> Delete on reboot.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2009 at 03:19 PM

Application Version : 4.26.1000

Core Rules Database Version : 3845
Trace Rules Database Version: 1800

Scan type : Complete Scan
Total Scan Time : 00:23:15

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 6503
Registry threats detected : 4
File items scanned : 30381
File threats detected : 61

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Adware.Tracking Cookie
C:\Documents and Settings\Master\Cookies\master@ad2.doublepimp[1].txt
C:\Documents and Settings\Master\Cookies\master@redirectclicks[1].txt
C:\Documents and Settings\Master\Cookies\master@doubleclick[1].txt
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.doubleclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.sonyelectronicssupportus.112.2o7.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.rambler.ru [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.mediaplex.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.mediaplex.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.apmebf.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.zedo.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adbrite.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adbrite.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adbrite.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adbrite.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
flagcounter.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.chitika.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.kontera.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.kontera.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.atdmt.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.statcounter.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.bluestreak.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.kanoodle.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.casalemedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adlegend.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adlegend.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]

Rogue.Component/Trace
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\FIAS4057

ComboFix 09-04-18.01 - Master 04/17/2009 15:31.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.665 [GMT -4:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-16 22:37 . 2009-04-16 22:39 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 22:31 . 2009-04-16 22:31 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-16 22:31 . 2009-04-16 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 22:10 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:10 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:10 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 22:10 . 2009-02-06 16:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 22:10 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-16 22:10 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:10 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:10 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:10 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:10 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 22:09 . 2009-03-27 07:09 1193414 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 22:09 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 21:56 . 2009-04-17 02:20 -------- d-----w c:\documents and settings\Master\Application Data\Auslogics
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\Master\Application Data\Malwarebytes
2009-04-16 01:10 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 01:10 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\Master\Application Data\SUPERAntiSpyware.com
2009-04-15 01:46 . 2009-04-15 01:46 -------- d-----w c:\documents and settings\Master\Application Data\U3
2009-04-15 00:27 . 2009-04-17 19:12 -------- d--h--w C:\$AVG8.VAULT$
2009-04-15 00:25 . 2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-15 00:25 . 2009-04-15 00:25 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-15 00:25 . 2009-04-15 00:25 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-15 00:24 . 2009-04-17 18:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-15 00:24 . 2009-04-15 22:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 00:10 . 2009-04-14 00:20 -------- d-----w C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-17 02:20 . 2009-04-16 21:54 -------- d-----w c:\program files\Auslogics
2009-04-16 22:35 . 2005-06-22 19:35 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-16 22:33 . 2009-04-16 22:33 9327 ----a-w C:\JavaRa.log
2009-04-16 22:33 . 2005-06-21 17:02 -------- d-----w c:\program files\Java
2009-04-16 21:09 . 2005-06-21 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-16 21:09 . 2001-12-14 21:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 21:08 . 2008-05-07 17:06 -------- d-----w c:\program files\Native Instruments
2009-04-16 17:19 . 2006-01-26 00:57 -------- d-----w c:\program files\Common Files\Motive
2009-04-16 17:18 . 2001-12-14 21:11 -------- d-----w c:\program files\Sony
2009-04-16 17:09 . 2009-04-16 17:09 -------- d-----w c:\program files\CCleaner
2009-04-16 16:45 . 2008-10-21 03:45 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-15 00:24 . 2009-04-15 00:24 -------- d-----w c:\program files\AVG
2009-04-13 23:59 . 2005-07-09 23:28 -------- d-----w c:\program files\Trend Micro
2009-04-11 00:19 . 2009-01-11 00:19 63488 --sha-w c:\windows\system32\hosuriru.exe
2009-03-22 04:43 . 2005-06-21 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-12 16:41 . 2005-07-09 03:35 -------- d-----w c:\documents and settings\Master\Application Data\dvdcss
2009-03-06 14:44 . 2001-12-14 19:25 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2005-06-17 04:18 81920 ------w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2001-12-14 19:26 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2001-12-14 19:25 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-12-14 19:25 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-12-14 19:25 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-12-14 19:25 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-12-14 19:26 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2001-12-14 19:25 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-12-14 19:25 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-12-14 19:25 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-12-01 14:59 . 2007-05-09 05:16 81920 ----a-w c:\documents and settings\Master\Application Data\ezpinst.exe
2008-12-01 14:59 . 2007-05-09 05:16 47360 ----a-w c:\documents and settings\Master\Application Data\pcouffin.sys
2008-11-12 21:46 . 2005-06-17 04:27 49448 ----a-w c:\documents and settings\Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-07-15 19:22 . 2005-07-15 19:22 129 ----a-w c:\documents and settings\Master\Local Settings\Application Data\fusioncache.dat
2001-12-15 02:56 . 2001-12-15 02:56 17408 --sha-w c:\program files\Thumbs.db
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-09-12 15:2007-12-11 23:46 19:00 . c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:2007-12-11 23:46 22:00 . c:\program files\mozilla firefox\plugins\unicows.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-28 08:2009-01-26 22:14 20:41 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-28 08:2009-01-26 22:14 20:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-17_00.07.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-12-14 20:40 . 2009-04-17 18:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2001-12-14 20:40 . 2005-06-17 04:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2001-12-14 20:40 . 2009-04-17 18:13 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2001-12-14 20:40 . 2005-06-17 04:25 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-15 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w c:\windows\system32\LMIinit.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-03-23 18:07 1830128 ----a-w c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2001-04-26 19:02 2220 ----a-w c:\program files\support.com\client\lserver\Server.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"59334:UDP"= 59334:UDP:utorrent
"59334:TCP"= 59334:TCP:utorrent

R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2004-01-19 6828]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 KORG_1394;KORG_1394;c:\windows\system32\Drivers\KO RG_1394.sys [2006-11-17 114176]
R3 KORG_avs;KORG_avs;c:\windows\system32\Drivers\KORG _avs.sys [2006-11-17 28672]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFUXP.sy s [2007-04-12 16512]
R3 MAUSBXP;Service for M-Audio Xponent (WDM); [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\Drivers\SMBE.SYS [2001-09-22 593000]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-15 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-15 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-15 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-15 298264]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2007-08-03 46112]
S2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\Drivers\SonyFKC.sys [2001-12-06 12032]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://advisorcompass.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: smartofficeonline.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 15:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3856)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-04-17 15:36
ComboFix-quarantined-files.txt 2009-04-17 19:36
ComboFix2.txt 2009-04-17 01:24
ComboFix3.txt 2009-04-17 00:10
ComboFix4.txt 2009-04-16 22:28
ComboFix5.txt 2009-04-17 19:30

Pre-Run: 7,210,307,584 bytes free
Post-Run: 7,195,254,784 bytes free

201 --- E O F --- 2009-04-16 22:39
  #17  
Old 17th Apr 2009, 12:51
Moderator Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59334:UDP"=-
"59334:TCP"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Delete the fixme.reg from the Desktop.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.


When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save




Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.
__________________
  #18  
Old 17th Apr 2009, 14:07
New Member Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

After running the other scans, Dr. Web started working, right now it is still scanning, I will run the other scan you requested after Dr. Web and post both results once they finish. Thank You once again for your help, I would be lost without it.
  #19  
Old 18th Apr 2009, 06:30
New Member Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

Dr. Web

realpatch.EXE;C:\Documents and Settings\Default User\Local Settings\Temp\Real;BackDoor.VCR.1;Deleted.;
data002;C:\Documents and Settings\Master\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Master\Desktop;Container contains infected objects;Moved.;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Master\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable. Deleted.;
A0110747.EXE;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1048;Program.PsExec.170;Incurable. Deleted.;
A0110777.EXE;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1049;Program.PsExec.170;Incurable. Deleted.;
data002;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1057;Archive contains infected objects;;
A0111362.exe;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1057;Container contains infected objects;Moved.;
A0111362.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1057\A0111362.exe/data002;Program.PsExec.171;;
A0112366.EXE;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1059;Program.PsExec.170;Incurable. Deleted.;
A0112766.exe;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1062;Archive contains infected objects;Moved.;
A0113738.EXE;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1062;Program.PsExec.170;Incurable. Deleted.;
A0112766.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1062\A0112766.exe;Tool.Prockill;;
A0114736.EXE;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1063;Program.PsExec.170;Incurable. Deleted.;
data002;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1063;Archive contains infected objects;;
A0115781.exe;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1063;Container contains infected objects;Moved.;
A0115781.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1063\A0115781.exe/data002;Program.PsExec.171;;


KScan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, April 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 18, 2009 00:32:47
Records in database: 2056291
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan statistics:
Files scanned: 92084
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 12:12:28

No malware has been detected. The scan area is clean.

The selected area was scanned.
  #20  
Old 18th Apr 2009, 08:59
Moderator Group
  
Default Iexplore.exe Virus Problem, Wont Start in Safe Mode

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator
  • Under Main: Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • Click Exit on the Main menu to close the program.


Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it yourself.


Important: Restart the computer before continuing.

----------

How is the computer running now?
__________________
Reply
Page 2 of 3 1 2 3

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Logon to Win XP Due to Password, Cannot Start in Safe Mode Due to Crash marcos82 Windows Operating Systems 1 5th Nov 2009 11:50
Progressive Problem with Dell XPS M140, Now It Wont Even Start Up. jch461 Laptops, Mobiles & PDAs 0 5th Jun 2009 20:54
Blue Screen of Death Problem - Safe Mode Not Working Adolfoutor General Hardware Chat 3 13th Feb 2009 15:45
Safe mode out of resolution range, but normal mode is fine... Count Jackula Windows Operating Systems 5 25th Mar 2008 11:18
IEXPLORE.EXE virus problem sungod000 Virus, Spyware & Security 12 21st Jan 2008 11:28
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.