Thread: IE 7 not working
View Single Post
Old 01-19-2009, 03:58 AM   #7 (permalink)
emergencylight
Registered User
 
Join Date: Jan 2009
Posts: 8
OS: Windows XP SP3


Re: IE 7 not working
Hello Iain,
Following are ComboFix and ActiveScan logs

ComboFix 09-01-17.04 - fahad 2009-01-19 1:40:06.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.193 [GMT 3:00]
Kِrs frهn: c:\documents and settings\pc4\Desktop\ComboFix.exe
Anvنnda kommandovنxlar :: c:\documents and settings\pc4\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning enabled* (Updated)
* Skapade en ny هterstنllningspunkt

FILE ::
G:\cfdflx.com
G:\RavMon.exe
I:\f0.cmd
.

(((((((((((((((((((((((( Filer Skapade frهn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-13 19:03 . 2007-04-13 05:48 391,984 --a------ c:\windows\system32\vnetlib.dll
2009-01-13 19:03 . 2007-04-13 05:48 142,128 --a------ c:\windows\system32\vmnat.exe
2009-01-13 19:03 . 2007-04-13 05:48 113,456 --a------ c:\windows\system32\vmnetdhcp.exe
2009-01-13 19:03 . 2007-04-13 05:49 22,576 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2009-01-13 18:57 . 2009-01-13 18:57 <DIR> d-------- c:\program files\Common Files\VMware
2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\MSN Messenger
2009-01-13 18:10 . 2009-01-13 18:11 436 --a------ c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Skype
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-10 20:45 . 2009-01-13 02:25 250 --a------ c:\windows\gmer.ini
2009-01-10 02:15 . 2008-04-14 03:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-10 02:15 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\dllcache\apphelp.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\apphelp.dll
2009-01-05 15:11 . 2009-01-05 15:11 <DIR> d-------- c:\program files\Apple Software Update
2008-12-21 01:13 . 2008-12-21 01:13 50 --a------ c:\windows\winzipme.ini
2008-12-21 01:12 . 2008-12-21 01:12 <DIR> d-------- c:\program files\DSL Speed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-07 13:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-03-01 21:16 144 ----a-w c:\program files\song-10452.ram
2007-09-20 17:03 486 ----a-w c:\program files\recover.arr
2007-09-20 17:02 486 ----a-w c:\program files\~arpr.arr
2007-09-20 16:09 6,502,752 ----a-w c:\program files\new.rpc
.

((((((((((((((((((((((((((((( snapshot@2009-01-18_17.36.48.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-18 17:48:02 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_194.dat
+ 2009-01-18 17:47:26 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_43c.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-04 01:14 204248 --a------ d:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]
"Google Update"="c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 52168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pc4\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2007-04-21 192512]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-07-02 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-20 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-20 20560]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-01-27 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-01-27 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-01-27 60816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23bf74-76fb-11db-9d62-0040cadbf51d}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
.
Innehهllet i mappen 'Schemalagda aktiviteter'

2009-01-17 c:\windows\Tasks\MyPicsVids.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-17 c:\windows\Tasks\MyDocuments.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job
- c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 10:24]

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Extra genomsِkning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc4\Application Data\Mozilla\Firefox\Profiles\tqim454j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 01:41:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsِkningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
Sluttid: 2009-01-19 1:47:19
ComboFix-quarantined-files.txt 2009-01-18 22:46:28
ComboFix3.txt 2009-01-18 14:37:42
ComboFix2.txt 2009-01-18 17:50:56

Fِre genomsِkningen: 904,445,952 bytes free
Efter genomsِkningen: 888,086,528 bytes free

162 --- E O F --- 2009-01-18 14:10:34
Attached Files
File Type: txt ActiveScan.txt (5.7 KB, 1 views)
emergencylight is offline