Firefox and other pograms are Crashing - Page 2

Ried · 11-10-2008, 05:47 AM

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/301352-computer-infected-please-help-red-circle-white-x-taskbar-pc-antispy-post1762855.html#post1762855

Collect::
c:\windows\system32\xwr89050.dll

File::
c:\windows\system32\wr89050.dll

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.
A browser will open.
Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

Please post the C:\ComboFix.txt along with an update on system behavior.

stevetry · 11-11-2008, 06:40 AM

here as you know in last post i told you some sites were not showing
someone told me to put this in run notepad %systemroot%\system32\drivers\etc\hosts i deleted some sites that were there and the sites are now working so that have been fix also i haven see any crash of my browser

ComboFix 08-11-10.01 - jova 2008-11-11 9:14:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.602 [GMT 11:00]
Running from: c:\documents and settings\jova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jova\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\wr89050.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wr89050.dll
c:\windows\system32\xwr89050.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 21:13 . 2008-11-10 21:13 <DIR> d--hs---- c:\documents and settings\jova\UserData
2008-11-10 13:53 . 2008-11-10 13:53 <DIR> d-------- c:\program files\Opera
2008-11-10 06:38 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-09 17:33 . 2008-11-09 17:40 4,062 --ahs---- c:\windows\system32\tratsniw.dat
2008-11-09 17:33 . 2008-11-09 17:33 32 --ahs---- c:\windows\system32\tratsniw.le
2008-11-08 14:11 . 2008-11-08 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-11-05 20:29 . 2008-11-05 20:29 <DIR> d-------- c:\windows\Logs
2008-11-05 17:13 . 2008-11-05 17:14 250 --a------ c:\windows\gmer.ini
2008-11-04 07:58 . 2008-11-04 07:58 <DIR> d-------- c:\program files\ZyX
2008-11-04 07:28 . 2008-11-04 13:54 <DIR> d-------- c:\program files\Illusion
2008-11-02 13:39 . 2008-11-02 13:39 <DIR> d-------- c:\program files\Dreams
2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291453.exe
2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291171.exe
2008-10-31 11:40 . 2008-10-31 11:40 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Search
2008-10-30 14:04 . 2008-10-30 14:04 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Desktop Search
2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-30 14:01 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-30 14:01 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-30 14:01 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-30 14:00 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-30 13:58 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-30 13:58 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-30 13:58 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-30 13:58 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-30 13:58 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-30 13:58 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-30 13:52 . 2008-05-02 01:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-30 13:51 . 2008-04-12 06:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-29 20:49 . 2008-10-29 20:50 <DIR> d-------- C:\rsit
2008-10-24 18:11 . 2008-10-24 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-24 18:09 . 2008-10-24 18:09 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-24 11:51 . 2008-10-24 11:51 1,087,750 --a------ C:\output.avi
2008-10-23 19:51 . 2008-10-23 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-10-23 19:50 . 2008-10-23 19:50 <DIR> d-------- c:\program files\TechSmith
2008-10-23 19:47 . 2008-10-23 19:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-19 18:06 . 2008-10-19 18:07 <DIR> d-------- c:\program files\Parallel Port Joystick
2008-10-19 18:00 . 2008-10-19 18:00 <DIR> d-------- C:\Downloads
2008-10-19 18:00 . 2008-10-20 06:42 <DIR> d-------- c:\documents and settings\jova\Application Data\GetRightToGo
2008-10-19 16:16 . 2008-10-19 17:56 <DIR> d-------- c:\program files\The Rosetta Stone
2008-10-17 23:29 . 2008-10-18 14:29 <DIR> d-------- c:\documents and settings\jova\Application Data\U3
2008-10-16 19:14 . 2008-10-16 19:14 <DIR> d--hs---- C:\found.000
2008-10-16 13:38 . 2008-10-16 13:42 384 --a------ c:\windows\w32dasm8.ini
2008-10-15 23:02 . 2008-11-11 07:10 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-10-13 13:40 . 2008-10-13 13:40 <DIR> d-------- c:\program files\SanDisk
2008-10-13 13:40 . 2008-02-03 10:53 15,760 --a------ c:\windows\system32\iviaspi.sys
2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\program files\Apple Software Update
2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-10 19:10 . 2008-10-24 18:01 <DIR> d-------- c:\program files\BSR Screen Recorder 4
2008-10-10 19:10 . 2008-10-10 20:24 2,048 --a------ c:\windows\system32\Tr_sttool.dat
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Deskshare
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-10-10 12:56 . 2008-10-10 12:56 <DIR> d-------- C:\dsbu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 22:12 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-10 22:12 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2008-11-10 20:10 337,180 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-10 20:10 337,180 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2008-11-10 08:49 --------- d-----w c:\documents and settings\jova\Application Data\LimeWire
2008-11-10 01:54 --------- d-----w c:\documents and settings\jova\Application Data\MegauploadToolbar
2008-11-09 21:08 --------- d-----w c:\program files\GameSpy Arcade
2008-11-09 15:35 --------- d-----w c:\documents and settings\jova\Application Data\uTorrent
2008-11-09 10:51 --------- d-----w c:\program files\—zŽË‚µ‚Ì’†‚ÌƒŠƒAƒ‹
2008-11-07 20:03 --------- d-----w c:\program files\PowerArchiver
2008-11-04 02:30 --------- d-----w c:\program files\eMule
2008-11-03 19:57 --------- d-----w c:\program files\uTorrent
2008-10-31 11:11 --------- d-----w c:\documents and settings\jova\Application Data\Hide IP NG
2008-10-31 11:08 --------- d-----w c:\program files\Banner Maker Pro 7
2008-10-31 11:07 --------- d-----w c:\program files\Aurora Video Converter VCD SVCD DVD Creator
2008-10-30 03:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 20:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 20:31 --------- d-----w c:\program files\ArcSoft
2008-10-25 15:41 --------- d-----w c:\program files\LimeWire
2008-10-24 07:09 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 07:03 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-10-24 07:03 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-10-24 07:03 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-10-24 07:03 129,784 ------w c:\windows\system32\pxafs.dll
2008-10-24 07:03 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-10-24 07:03 116,472 ------w c:\windows\system32\pxcpyi64.exe
2008-10-24 06:41 --------- d-----w c:\program files\MagicISO
2008-10-20 19:12 --------- d-----w c:\program files\Google
2008-10-12 23:14 --------- d-----w c:\program files\QuickTime
2008-10-09 05:43 --------- d-----w c:\documents and settings\jova\Application Data\Hamachi
2008-10-09 05:37 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-10-08 07:34 --------- d-----w c:\program files\Tibia
2008-10-01 02:31 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-30 15:35 --------- d-----w c:\program files\FXhome EffectsLab Pro
2008-09-19 04:56 --------- d-----w c:\documents and settings\jova\Application Data\FreeCall
2008-09-19 04:41 --------- d-----w c:\documents and settings\jova\Application Data\VoipCheapCom
2008-09-18 23:31 --------- d-----w c:\documents and settings\jova\Application Data\VoipBuster
2008-09-18 15:33 --------- d-----w c:\program files\Investintech.com Inc
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 17:31 --------- d-----w c:\documents and settings\jova\Application Data\Sony
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-19 16:10 34,688 ----a-w c:\windows\system32\ssqNGvWN.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-07 15:36 88 --sh--r c:\documents and settings\All Users\Application Data\47EC2F9192.sys
2008-04-29 15:30 2,089,030 ----a-w c:\documents and settings\jova\PROCESSLIST.ZIP
2008-04-29 15:30 140,042 ----a-w c:\documents and settings\jova\PROCESSLISTRELATED.ZIP
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
2005-10-13 00:04 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2008-02-01 14:13 56 --sh--r c:\windows\system32\92912FEC47.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-05-22 00:22 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
2008-05-09 22:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_ 7.04.52.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-30 03:03:37 79,730 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-09 14:42:47 80,574 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-30 03:03:37 466,540 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-09 14:42:47 469,444 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-19 19:43:02 212,900 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-09 07:04:26 165,248 ----a-w c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-29 3660848]
"Google Update"="c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-10-05 455984]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-29 570664]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-16 675840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2005-12-05 1668096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"PCTVOICE"="pctspk.exe" [2002-06-05 c:\windows\system32\pctspk.exe]

c:\documents and settings\jova\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-05-24 557568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 14:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-09-29 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-12 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-11-15 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-12 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-10-26 03:50 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-24 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-12 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-12 30648]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-09 24760]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2005-06-11 7140]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-13 537520]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-13 178872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-10 16269]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\DRIVERS\netimflt.sys [2007-11-20 143160]
R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;c:\windows\system32\DRIVERS\sisnicxp.sys [2006-02-15 32768]
R3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\DRIVERS\rt2500usb.sys [2005-09-10 104320]
S2 gupdate1c91054a69c0f74;Google Update Service (gupdate1c91054a69c0f74);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2006-11-09 12006784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029122-9c47-11dd-a863-001601784c70}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ec60341-c71b-11dc-9563-001601784c70}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 14:00]

2008-11-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-05 19:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A6583545-854E-352E-98AE-C93D342DF3F8} - c:\windows\system32\xwr89050.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 09:21:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-11-11 9:27:23
ComboFix-quarantined-files.txt 2008-11-10 22:26:18
ComboFix2.txt 2008-11-06 01:45:17
ComboFix3.txt 2008-11-05 20

53

Pre-Run: 5,096,849,408 bytes free
Post-Run: 5,207,154,688 bytes free

257 --- E O F --- 2008-10-31 00:20:02

Ried · 11-13-2008, 07:08 PM

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

11-11-2008, 06:40 AM	#22 (permalink)
stevetry Registered User Join Date: Oct 2008 Posts: 12 OS: xp	Re: Firefox and other pograms are Crashing here as you know in last post i told you some sites were not showing someone told me to put this in run notepad %systemroot%\system32\drivers\etc\hosts i deleted some sites that were there and the sites are now working so that have been fix also i haven see any crash of my browser ComboFix 08-11-10.01 - jova 2008-11-11 9:14:36.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.602 [GMT 11:00] Running from: c:\documents and settings\jova\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\jova\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\wr89050.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wr89050.dll c:\windows\system32\xwr89050.dll . ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-10 21:13 . 2008-11-10 21:13 <DIR> d--hs---- c:\documents and settings\jova\UserData 2008-11-10 13:53 . 2008-11-10 13:53 <DIR> d-------- c:\program files\Opera 2008-11-10 06:38 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-11-09 17:33 . 2008-11-09 17:40 4,062 --ahs---- c:\windows\system32\tratsniw.dat 2008-11-09 17:33 . 2008-11-09 17:33 32 --ahs---- c:\windows\system32\tratsniw.le 2008-11-08 14:11 . 2008-11-08 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData 2008-11-05 20:29 . 2008-11-05 20:29 <DIR> d-------- c:\windows\Logs 2008-11-05 17:13 . 2008-11-05 17:14 250 --a------ c:\windows\gmer.ini 2008-11-04 07:58 . 2008-11-04 07:58 <DIR> d-------- c:\program files\ZyX 2008-11-04 07:28 . 2008-11-04 13:54 <DIR> d-------- c:\program files\Illusion 2008-11-02 13:39 . 2008-11-02 13:39 <DIR> d-------- c:\program files\Dreams 2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291453.exe 2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291171.exe 2008-10-31 11:40 . 2008-10-31 11:40 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Search 2008-10-30 14:04 . 2008-10-30 14:04 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Desktop Search 2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\windows\system32\GroupPolicy 2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\program files\Windows Desktop Search 2008-10-30 14:01 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2008-10-30 14:01 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2008-10-30 14:01 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2008-10-30 14:00 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-30 13:58 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-30 13:58 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-30 13:58 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-30 13:58 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-30 13:58 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-30 13:58 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-30 13:52 . 2008-05-02 01:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-10-30 13:51 . 2008-04-12 06:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-10-29 20:49 . 2008-10-29 20:50 <DIR> d-------- C:\rsit 2008-10-24 18:11 . 2008-10-24 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-24 18:09 . 2008-10-24 18:09 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2008-10-24 11:51 . 2008-10-24 11:51 1,087,750 --a------ C:\output.avi 2008-10-23 19:51 . 2008-10-23 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith 2008-10-23 19:50 . 2008-10-23 19:50 <DIR> d-------- c:\program files\TechSmith 2008-10-23 19:47 . 2008-10-23 19:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-10-19 18:06 . 2008-10-19 18:07 <DIR> d-------- c:\program files\Parallel Port Joystick 2008-10-19 18:00 . 2008-10-19 18:00 <DIR> d-------- C:\Downloads 2008-10-19 18:00 . 2008-10-20 06:42 <DIR> d-------- c:\documents and settings\jova\Application Data\GetRightToGo 2008-10-19 16:16 . 2008-10-19 17:56 <DIR> d-------- c:\program files\The Rosetta Stone 2008-10-17 23:29 . 2008-10-18 14:29 <DIR> d-------- c:\documents and settings\jova\Application Data\U3 2008-10-16 19:14 . 2008-10-16 19:14 <DIR> d--hs---- C:\found.000 2008-10-16 13:38 . 2008-10-16 13:42 384 --a------ c:\windows\w32dasm8.ini 2008-10-15 23:02 . 2008-11-11 07:10 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys 2008-10-13 13:40 . 2008-10-13 13:40 <DIR> d-------- c:\program files\SanDisk 2008-10-13 13:40 . 2008-02-03 10:53 15,760 --a------ c:\windows\system32\iviaspi.sys 2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\program files\Apple Software Update 2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\program files\Common Files\Apple 2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-10-10 19:10 . 2008-10-24 18:01 <DIR> d-------- c:\program files\BSR Screen Recorder 4 2008-10-10 19:10 . 2008-10-10 20:24 2,048 --a------ c:\windows\system32\Tr_sttool.dat 2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Deskshare 2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Common Files\DeskShare Shared 2008-10-10 12:56 . 2008-10-10 12:56 <DIR> d-------- C:\dsbu . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 22:12 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck 2008-11-10 22:12 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG 2008-11-10 20:10 337,180 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck 2008-11-10 20:10 337,180 ----a-w c:\windows\system32\drivers\APPFCONT.DAT 2008-11-10 08:49 --------- d-----w c:\documents and settings\jova\Application Data\LimeWire 2008-11-10 01:54 --------- d-----w c:\documents and settings\jova\Application Data\MegauploadToolbar 2008-11-09 21:08 --------- d-----w c:\program files\GameSpy Arcade 2008-11-09 15:35 --------- d-----w c:\documents and settings\jova\Application Data\uTorrent 2008-11-09 10:51 --------- d-----w c:\program files\—zŽË‚µ‚Ì’†‚ÌƒŠƒAƒ‹ 2008-11-07 20:03 --------- d-----w c:\program files\PowerArchiver 2008-11-04 02:30 --------- d-----w c:\program files\eMule 2008-11-03 19:57 --------- d-----w c:\program files\uTorrent 2008-10-31 11:11 --------- d-----w c:\documents and settings\jova\Application Data\Hide IP NG 2008-10-31 11:08 --------- d-----w c:\program files\Banner Maker Pro 7 2008-10-31 11:07 --------- d-----w c:\program files\Aurora Video Converter VCD SVCD DVD Creator 2008-10-30 03:23 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-28 20:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-28 20:31 --------- d-----w c:\program files\ArcSoft 2008-10-25 15:41 --------- d-----w c:\program files\LimeWire 2008-10-24 07:09 --------- d-----w c:\program files\Common Files\Adobe 2008-10-24 07:03 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys 2008-10-24 07:03 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2008-10-24 07:03 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys 2008-10-24 07:03 129,784 ------w c:\windows\system32\pxafs.dll 2008-10-24 07:03 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-10-24 07:03 116,472 ------w c:\windows\system32\pxcpyi64.exe 2008-10-24 06:41 --------- d-----w c:\program files\MagicISO 2008-10-20 19:12 --------- d-----w c:\program files\Google 2008-10-12 23:14 --------- d-----w c:\program files\QuickTime 2008-10-09 05:43 --------- d-----w c:\documents and settings\jova\Application Data\Hamachi 2008-10-09 05:37 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-10-08 07:34 --------- d-----w c:\program files\Tibia 2008-10-01 02:31 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-09-30 15:35 --------- d-----w c:\program files\FXhome EffectsLab Pro 2008-09-19 04:56 --------- d-----w c:\documents and settings\jova\Application Data\FreeCall 2008-09-19 04:41 --------- d-----w c:\documents and settings\jova\Application Data\VoipCheapCom 2008-09-18 23:31 --------- d-----w c:\documents and settings\jova\Application Data\VoipBuster 2008-09-18 15:33 --------- d-----w c:\program files\Investintech.com Inc 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-12 17:31 --------- d-----w c:\documents and settings\jova\Application Data\Sony 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-19 16:10 34,688 ----a-w c:\windows\system32\ssqNGvWN.dll 2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-08-07 15:36 88 --sh--r c:\documents and settings\All Users\Application Data\47EC2F9192.sys 2008-04-29 15:30 2,089,030 ----a-w c:\documents and settings\jova\PROCESSLIST.ZIP 2008-04-29 15:30 140,042 ----a-w c:\documents and settings\jova\PROCESSLISTRELATED.ZIP 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL 2005-10-13 00:04 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2008-02-01 14:13 56 --sh--r c:\windows\system32\92912FEC47.sys 2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2008-05-22 00:22 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll 2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll 2008-05-09 22:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-06_ 7.04.52.65 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-30 03:03:37 79,730 ----a-w c:\windows\system32\perfc009.dat + 2008-11-09 14:42:47 80,574 ----a-w c:\windows\system32\perfc009.dat - 2008-10-30 03:03:37 466,540 ----a-w c:\windows\system32\perfh009.dat + 2008-11-09 14:42:47 469,444 ----a-w c:\windows\system32\perfh009.dat - 2008-10-19 19:43:02 212,900 ----a-w c:\windows\system32\Restore\rstrlog.dat + 2008-11-09 07:04:26 165,248 ----a-w c:\windows\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-29 3660848] "Google Update"="c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-05 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-10-05 455984] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-29 570664] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-16 675840] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2005-12-05 1668096] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "PCTVOICE"="pctspk.exe" [2002-06-05 c:\windows\system32\pctspk.exe] c:\documents and settings\jova\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-05-24 557568] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-16 14:02 50736 c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "VIDC.ZMBV"= zmbv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdccoms.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544] R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-09-29 71608] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-12 51256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-11-15 21816] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-12 191672] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-10-26 03:50 132664] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-24 38968] R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-12 37304] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-12 30648] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-09 24760] R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2005-06-11 7140] R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-13 537520] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-13 178872] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-10 16269] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ] R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\DRIVERS\netimflt.sys [2007-11-20 143160] R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ] R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ] R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952] R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;c:\windows\system32\DRIVERS\sisnicxp.sys [2006-02-15 32768] R3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\DRIVERS\rt2500usb.sys [2005-09-10 104320] S2 gupdate1c91054a69c0f74;Google Update Service (gupdate1c91054a69c0f74);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 133104] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2006-11-09 12006784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029122-9c47-11dd-a863-001601784c70}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ec60341-c71b-11dc-9563-001601784c70}] \Shell\AutoRun\command - E:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder 2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-11-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 14:00] 2008-11-10 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-05 19:26] . - - - - ORPHANS REMOVED - - - - BHO-{A6583545-854E-352E-98AE-C93D342DF3F8} - c:\windows\system32\xwr89050.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 09:21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-11-11 9:27:23 ComboFix-quarantined-files.txt 2008-11-10 22:26:18 ComboFix2.txt 2008-11-06 01:45:17 ComboFix3.txt 2008-11-05 2053 Pre-Run: 5,096,849,408 bytes free Post-Run: 5,207,154,688 bytes free 257 --- E O F --- 2008-10-31 00:20:02

11-13-2008, 07:08 PM	#23 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,833 OS: WinXP and Vista	Re: Firefox and other pograms are Crashing Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page. IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? Think Prevention Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. Kindly respond one more time and let me know if we may consider this thread resolved. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."