Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Firefox and other pograms are Crashing
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-29-2008, 04:12 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Firefox and other pograms are Crashing
Firefox and other programs are Crashing lots of time window movie maker Crash internet explorer also they just close them self please help

here the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:38 PM, on 10/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [MsUpdate] C:\MsUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jova\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c91054a69c0f74) (gupdate1c91054a69c0f74) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12460 bytes
Last edited by stevetry; 10-29-2008 at 04:13 PM.
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-01-2008, 09:02 AM   #2 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
help please
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2008, 08:57 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
Hello stevetry,

Please follow the instructions in our sticky topic Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-05-2008, 02:20 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
Logfile of random's system information tool 1.04 (written by random/random)
Run by jova at 2008-11-05 17:13:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (4%) free of 79 GB
Total RAM: 1150 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:26 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\lkads.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jova\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jova.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {A6583545-854E-352E-98AE-C93D342DF3F8} - C:\WINDOWS\system32\xwr89050.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [MsUpdate] C:\MsUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jova\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c91054a69c0f74) (gupdate1c91054a69c0f74) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12801 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-17 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-16 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-01 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-08 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-15 392240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6583545-854E-352E-98AE-C93D342DF3F8}]
D - C:\WINDOWS\system32\xwr89050.dll [2008-11-01 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-24 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll [2008-10-08 1560576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2007-12-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2007-12-04 2703360]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-08 1090912]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-01 1933256]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-20 352256]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-22 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-22 126976]
"PCTVOICE"=C:\WINDOWS\SYSTEM32\pctspk.exe [2002-06-05 167936]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-19 2221352]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE [2007-10-05 455984]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-29 570664]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe []
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-09-16 675840]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-18 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2005-12-05 1668096]
"MsUpdate"=C:\MsUpdate.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-29 1828136]
"Aim6"= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-29 3660848]
""= []
"VoipBuster"=C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe -nosplash -minimized []
"VoipCheapCom"=C:\Program Files\VoipCheapCom\VoipCheapCom.exe -nosplash -minimized []
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe -nosplash -minimized []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\jova\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\SYSTEM32\avldr.dll [2007-02-16 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxsrvc.dll [2005-06-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxdccoms.exe"="C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Microsoft Games\Rise of Nations\patriots.exe"="C:\Program Files\Microsoft Games\Rise of Nations\patriots.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Documents and Settings\jova\Desktop\utorrent.exe"="C:\Documents and Settings\jova\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11be73bc-e22b-11dc-95ee-000ae6db53d5}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e49dfce-d7d4-11dc-95b9-000ae6db53d5}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3128ec99-f53f-11dc-96b7-000ae6db53d5}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029122-9c47-11dd-a863-001601784c70}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029123-9c47-11dd-a863-001601784c70}]
shell\AutoRun\command - RavMon.exe
shell\explore\command - RavMon.exe -e
shell\open\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43cae7c0-c8f4-11dc-956f-000ae6db53d5}]
shell\AutoRun\command - F:\_AUTORUN\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592bc468-3387-11dd-a66b-000ae6db53d5}]
shell\AutoRun\command - 32e2.com
shell\explore\command - 32e2.com
shell\open\command - 32e2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66efa8d7-c9ac-11dc-9574-000ae6db53d5}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ec60341-c71b-11dc-9563-001601784c70}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b026c3fb-d570-11dc-95b0-000ae6db53d5}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceb95934-a280-11dd-a89e-000ae6db53d5}]
shell\AutoRun\command - cqdis.cmd
shell\explore\command - cqdis.cmd
shell\open\command - cqdis.cmd


======File associations======

.js - open - C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.vbs - open - C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*

======List of files/folders created in the last 1 months======

2008-11-04 07:58:24 ----D---- C:\Program Files\ZyX
2008-11-04 07:28:14 ----D---- C:\Program Files\Illusion
2008-11-02 13:39:43 ----D---- C:\Program Files\Dreams
2008-11-01 16:25:16 ----A---- C:\WINDOWS\system32\xwr89050.dll
2008-11-01 16:25:16 ----A---- C:\WINDOWS\system32\wr89050.dll
2008-11-01 16:25:15 ----A---- C:\WINDOWS\system32\xa1291453.exe
2008-11-01 16:25:15 ----A---- C:\WINDOWS\system32\xa1291171.exe
2008-11-01 16:21:06 ----D---- C:\Program Files\D-Fend Reloaded
2008-10-31 11:40:08 ----D---- C:\Documents and Settings\jova\Application Data\Windows Search
2008-10-30 14:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-30 14:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-30 14:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-30 14:20:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-30 14:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-30 14:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-30 14:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-30 14:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-30 14:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-30 14:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-30 14:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-30 14:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-30 14:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-30 14:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-30 14:04:12 ----D---- C:\Documents and Settings\jova\Application Data\Windows Desktop Search
2008-10-30 14:03:24 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-10-30 14:03:24 ----D---- C:\Program Files\Windows Desktop Search
2008-10-30 14:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-10-30 14:02:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-30 14:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-10-29 20:49:57 ----D---- C:\rsit
2008-10-25 10:14:09 ----A---- C:\DTSHDSpOut.txt
2008-10-24 18:11:02 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-24 18:09:22 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-10-24 18:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-10-24 18:03:25 ----N---- C:\WINDOWS\system32\px.dll
2008-10-23 19:51:02 ----D---- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-10-23 19:50:45 ----D---- C:\Program Files\TechSmith
2008-10-23 19:47:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 23:20:16 ----D---- C:\Documents and Settings\jova\Application Data\FunWebProducts
2008-10-19 23:19:21 ----D---- C:\Program Files\FunWebProducts
2008-10-19 23:19:14 ----D---- C:\Program Files\MyWebSearch
2008-10-19 1824 ----D---- C:\Program Files\Parallel Port Joystick
2008-10-19 18:00:09 ----D---- C:\Downloads
2008-10-19 18:00:08 ----D---- C:\Documents and Settings\jova\Application Data\GetRightToGo
2008-10-19 16:16:38 ----D---- C:\Program Files\The Rosetta Stone
2008-10-17 23:29:46 ----D---- C:\Documents and Settings\jova\Application Data\U3
2008-10-16 19:14:51 ----SHD---- C:\found.000
2008-10-16 13:38:15 ----A---- C:\WINDOWS\w32dasm8.ini
2008-10-13 13:40:11 ----D---- C:\Program Files\SanDisk
2008-10-13 10:15:22 ----D---- C:\Program Files\Apple Software Update
2008-10-13 10:15:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-13 10:13:41 ----D---- C:\Program Files\Common Files\Apple
2008-10-13 10:13:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-10 19:10:30 ----D---- C:\Program Files\BSR Screen Recorder 4
2008-10-10 19:03:12 ----D---- C:\Program Files\Common Files\DeskShare Shared
2008-10-10 19:03:09 ----D---- C:\Program Files\Deskshare
2008-10-10 12:56:28 ----D---- C:\dsbu
2008-10-09 16:38:22 ----D---- C:\Documents and Settings\jova\Application Data\Hamachi

======List of files/folders modified in the last 1 months======

2008-11-05 17:13:17 ----D---- C:\WINDOWS\Temp
2008-11-05 17:09:21 ----D---- C:\Program Files\Mozilla Firefox
2008-11-05 17:09:06 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 16:15:34 ----D---- C:\Documents and Settings\jova\Application Data\uTorrent
2008-11-05 16:14:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-05 16:14:15 ----D---- C:\WINDOWS\system32
2008-11-05 15:26:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 09:47:01 ----D---- C:\WINDOWS
2008-11-05 07:43:50 ----D---- C:\Config.Msi
2008-11-05 07:43:49 ----D---- C:\Program Files
2008-11-05 07:43:48 ----SHD---- C:\WINDOWS\Installer
2008-11-05 07:36:56 ----HD---- C:\WINDOWS\inf
2008-11-05 07:36:30 ----RSD---- C:\WINDOWS\assembly
2008-11-05 07:35:40 ----D---- C:\WINDOWS\system32\DirectX
2008-11-04 13:35:56 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 13:30:27 ----D---- C:\Program Files\eMule
2008-11-04 06:57:28 ----D---- C:\Program Files\uTorrent
2008-11-04 06:28:14 ----D---- C:\WINDOWS\Prefetch
2008-11-03 22:31:53 ----D---- C:\Documents and Settings\jova\Application Data\LimeWire
2008-11-03 21:37:35 ----D---- C:\temp
2008-11-03 20:10:04 ----D---- C:\Program Files\PowerArchiver
2008-11-01 17:32:27 ----A---- C:\WINDOWS\system.ini
2008-10-31 22:11:00 ----D---- C:\DSGameMaker
2008-10-31 22:08:06 ----D---- C:\Program Files\Banner Maker Pro 7
2008-10-31 22:07:46 ----D---- C:\Program Files\Aurora Video Converter VCD SVCD DVD Creator
2008-10-31 11:38:16 ----D---- C:\Documents and Settings\jova\Application Data\MegauploadToolbar
2008-10-31 09:22:14 ----D---- C:\WINDOWS\Minidump
2008-10-30 14:23:53 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-30 14:22:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-30 14:21:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-30 14:21:36 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 14:21:36 ----A---- C:\WINDOWS\imsins.BAK
2008-10-30 14:21:18 ----D---- C:\Program Files\Internet Explorer
2008-10-30 14:21:02 ----D---- C:\WINDOWS\ie7updates
2008-10-30 14:18:12 ----A---- C:\WINDOWS\win.ini
2008-10-30 14:09:02 ----D---- C:\WINDOWS\WinSxS
2008-10-30 14:04:39 ----D---- C:\Program Files\Messenger
2008-10-30 14:03:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-30 14:03:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 14:03:32 ----D---- C:\WINDOWS\system32\en-US
2008-10-30 14:03:24 ----D---- C:\WINDOWS\system32\wbem
2008-10-29 07:31:12 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 07:31:12 ----D---- C:\Program Files\ArcSoft
2008-10-26 02:41:18 ----D---- C:\Program Files\LimeWire
2008-10-25 18:40:14 ----D---- C:\Program Files\GameSpy Arcade
2008-10-24 18:13:32 ----D---- C:\Documents and Settings\jova\Application Data\Adobe
2008-10-24 18:09:25 ----D---- C:\Program Files\Common Files\Adobe
2008-10-24 18:09:22 ----D---- C:\Program Files\Common Files
2008-10-24 18:04:36 ----RSD---- C:\WINDOWS\Fonts
2008-10-24 18:03:35 ----D---- C:\Program Files\Adobe
2008-10-24 18:02:42 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-24 17:41:42 ----D---- C:\Program Files\MagicISO
2008-10-21 06:12:12 ----D---- C:\Program Files\Google
2008-10-20 1955 ----SD---- C:\WINDOWS\Tasks
2008-10-20 06:43:01 ----D---- C:\WINDOWS\system32\config
2008-10-20 06:42:34 ----D---- C:\WINDOWS\Registration
2008-10-17 11:31:38 ----A---- C:\WINDOWS\MegaManager.INI
2008-10-16 03:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 22:23:18 ----A---- C:\WINDOWS\cdplayer.ini
2008-10-13 10:14:14 ----D---- C:\Program Files\QuickTime
2008-10-09 13:57:14 ----D---- C:\dsbuff
2008-10-08 18:34:12 ----D---- C:\Program Files\Tibia
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []
R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-24 38968]
R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-09 24760]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-11 7140]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-08-28 15781]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-29 83896]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-24 11776]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-10 1373120]
R3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-22 807998]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-18 16128]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97; C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-20 143160]
R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2002-06-11 134012]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-15 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-09-17 91678]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-09-17 71514]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-23 223128]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-09 25280]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-09-10 130309]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-11 162816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-11-09 12006784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-09-10 104320]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-07 496640]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2005-10-12 45056]
R2 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 537520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-19 877864]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2005-10-11 49152]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe [2007-07-13 169264]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe [2007-07-13 173360]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-15 63024]
R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe [2007-09-29 148272]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-20 81920]
R2 PSHost;Panda Host Service; c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE [2007-04-05 226864]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe [2007-05-25 108592]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe [2007-10-25 406832]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-29 529704]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-19 98328]
S2 gupdate1c91054a69c0f74;Google Update Service (gupdate1c91054a69c0f74); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2005-08-26 688190]
S2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2005-10-12 53248]
S2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2005-10-12 204800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-10 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-12 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-26 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-12 122880]

-----------------EOF-----------------
Attached Files
File Type: txt gmer.tx.txt (1.1 KB, 1 views)
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-05-2008, 08:04 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
Hello stevetry,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

1. Download Flash_Disinfector.exe and save it to your desktop.


2. Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2008, 04:14 AM   #6 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
here the log

ComboFix 08-11-05.02 - jova 2008-11-06 6:58:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.565 [GMT 11:00]
Running from: c:\documents and settings\jova\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\jova\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Secure Solutions
c:\documents and settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080819080904671.log
c:\documents and settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080819131641687.log
c:\documents and settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080819133453953.log
c:\documents and settings\jova\Application Data\FunWebProducts
c:\documents and settings\jova\Application Data\FunWebProducts\Data\jova\avatar.dat
c:\documents and settings\jova\Application Data\FunWebProducts\Data\jova\zbucks.dat
c:\documents and settings\jova\My Documents\mc-installer-0.8.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Cache\0003BFD6.bin
c:\program files\MyWebSearch\bar\Cache\00858CE7
c:\program files\MyWebSearch\bar\Cache\0085A002
c:\program files\MyWebSearch\bar\Cache\0085B697.bin
c:\program files\MyWebSearch\bar\Cache\0085BD7C.bin
c:\program files\MyWebSearch\bar\Cache\0085C404.bin
c:\program files\MyWebSearch\bar\Cache\0085C954.bin
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\base64.tmp
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\taack.dat
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 20:29 . 2008-11-05 20:29 <DIR> d-------- c:\windows\Logs
2008-11-05 17:13 . 2008-11-05 17:14 250 --a------ c:\windows\gmer.ini
2008-11-04 07:58 . 2008-11-04 07:58 <DIR> d-------- c:\program files\ZyX
2008-11-04 07:28 . 2008-11-04 13:54 <DIR> d-------- c:\program files\Illusion
2008-11-02 13:39 . 2008-11-02 13:39 <DIR> d-------- c:\program files\Dreams
2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291453.exe
2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291171.exe
2008-11-01 16:25 . 2008-11-01 16:25 172,032 --a------ c:\windows\system32\xwr89050.dll
2008-11-01 16:25 . 2008-11-01 16:25 172,032 --a------ c:\windows\system32\wr89050.dll
2008-11-01 16:21 . 2008-11-01 16:21 <DIR> d-------- c:\program files\D-Fend Reloaded
2008-11-01 16:21 . 2008-11-01 16:23 <DIR> d-------- c:\documents and settings\jova\D-Fend Reloaded
2008-10-31 11:40 . 2008-10-31 11:40 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Search
2008-10-30 14:04 . 2008-10-30 14:04 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Desktop Search
2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-30 14:01 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-30 14:01 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-30 14:01 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-30 14:00 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-30 13:58 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-30 13:58 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-30 13:58 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-30 13:58 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-30 13:58 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-30 13:58 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-30 13:52 . 2008-05-02 01:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-30 13:51 . 2008-04-12 06:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-29 20:49 . 2008-10-29 20:50 <DIR> d-------- C:\rsit
2008-10-24 18:11 . 2008-10-24 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-24 18:09 . 2008-10-24 18:09 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-24 11:51 . 2008-10-24 11:51 1,087,750 --a------ C:\output.avi
2008-10-23 19:51 . 2008-10-23 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-10-23 19:50 . 2008-10-23 19:50 <DIR> d-------- c:\program files\TechSmith
2008-10-23 19:47 . 2008-10-23 19:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-19 18:06 . 2008-10-19 18:07 <DIR> d-------- c:\program files\Parallel Port Joystick
2008-10-19 18:00 . 2008-10-19 18:00 <DIR> d-------- C:\Downloads
2008-10-19 18:00 . 2008-10-20 06:42 <DIR> d-------- c:\documents and settings\jova\Application Data\GetRightToGo
2008-10-19 16:16 . 2008-10-19 17:56 <DIR> d-------- c:\program files\The Rosetta Stone
2008-10-17 23:29 . 2008-10-18 14:29 <DIR> d-------- c:\documents and settings\jova\Application Data\U3
2008-10-16 19:14 . 2008-10-16 19:14 <DIR> d--hs---- C:\found.000
2008-10-16 13:38 . 2008-10-16 13:42 384 --a------ c:\windows\w32dasm8.ini
2008-10-15 23:02 . 2008-11-06 06:28 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-10-13 13:40 . 2008-10-13 13:40 <DIR> d-------- c:\program files\SanDisk
2008-10-13 13:40 . 2008-02-03 10:53 15,760 --a------ c:\windows\system32\iviaspi.sys
2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\program files\Apple Software Update
2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-10 19:10 . 2008-10-24 18:01 <DIR> d-------- c:\program files\BSR Screen Recorder 4
2008-10-10 19:10 . 2008-10-10 20:24 2,048 --a------ c:\windows\system32\Tr_sttool.dat
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Deskshare
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-10-10 12:56 . 2008-10-10 12:56 <DIR> d-------- C:\dsbu
2008-10-09 16:38 . 2008-10-09 16:43 <DIR> d-------- c:\documents and settings\jova\Application Data\Hamachi
2008-10-09 16:37 . 2008-10-09 16:37 25,280 --a------ c:\windows\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 19:48 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-05 19:48 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2008-11-05 19:30 332,836 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-05 19:30 332,836 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2008-11-05 11:59 --------- d-----w c:\documents and settings\jova\Application Data\LimeWire
2008-11-05 07:38 --------- d-----w c:\documents and settings\jova\Application Data\MegauploadToolbar
2008-11-05 05:15 --------- d-----w c:\documents and settings\jova\Application Data\uTorrent
2008-11-04 02:30 --------- d-----w c:\program files\eMule
2008-11-03 19:57 --------- d-----w c:\program files\uTorrent
2008-11-03 09:10 --------- d-----w c:\program files\PowerArchiver
2008-10-31 11:11 --------- d-----w c:\documents and settings\jova\Application Data\Hide IP NG
2008-10-31 11:08 --------- d-----w c:\program files\Banner Maker Pro 7
2008-10-31 11:07 --------- d-----w c:\program files\Aurora Video Converter VCD SVCD DVD Creator
2008-10-30 03:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 20:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 20:31 --------- d-----w c:\program files\ArcSoft
2008-10-25 15:41 --------- d-----w c:\program files\LimeWire
2008-10-25 07:40 --------- d-----w c:\program files\GameSpy Arcade
2008-10-24 07:09 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 07:03 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-10-24 07:03 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-10-24 07:03 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-10-24 07:03 129,784 ------w c:\windows\system32\pxafs.dll
2008-10-24 07:03 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-10-24 07:03 116,472 ------w c:\windows\system32\pxcpyi64.exe
2008-10-24 06:41 --------- d-----w c:\program files\MagicISO
2008-10-20 19:12 --------- d-----w c:\program files\Google
2008-10-12 23:14 --------- d-----w c:\program files\QuickTime
2008-10-08 07:34 --------- d-----w c:\program files\Tibia
2008-10-01 02:31 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-30 15:35 --------- d-----w c:\program files\FXhome EffectsLab Pro
2008-09-19 04:56 --------- d-----w c:\documents and settings\jova\Application Data\FreeCall
2008-09-19 04:41 --------- d-----w c:\documents and settings\jova\Application Data\VoipCheapCom
2008-09-18 23:31 --------- d-----w c:\documents and settings\jova\Application Data\VoipBuster
2008-09-18 15:33 --------- d-----w c:\program files\Investintech.com Inc
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 17:31 --------- d-----w c:\documents and settings\jova\Application Data\Sony
2008-09-08 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-19 16:10 34,688 ----a-w c:\windows\system32\ssqNGvWN.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-07 15:36 88 --sh--r c:\documents and settings\All Users\Application Data\47EC2F9192.sys
2008-04-29 15:30 2,089,030 ----a-w c:\documents and settings\jova\PROCESSLIST.ZIP
2008-04-29 15:30 140,042 ----a-w c:\documents and settings\jova\PROCESSLISTRELATED.ZIP
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
2005-10-13 00:04 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2008-02-01 14:13 56 --sh--r c:\windows\system32\92912FEC47.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-05-22 00:22 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
2008-05-09 22:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6583545-854E-352E-98AE-C93D342DF3F8}]
2008-11-01 16:25 172032 --a------ c:\windows\system32\xwr89050.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-29 3660848]
"Google Update"="c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-10-05 455984]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-29 570664]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-16 675840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2005-12-05 1668096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"PCTVOICE"="pctspk.exe" [2002-06-05 c:\windows\system32\pctspk.exe]

c:\documents and settings\jova\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-05-24 557568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 14:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-09-29 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-12 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-11-15 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-12 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-10-26 03:50 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-24 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-12 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-12 30648]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-09 24760]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2005-06-11 7140]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-13 537520]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-13 178872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-10 16269]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\DRIVERS\netimflt.sys [2007-11-20 143160]
R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;c:\windows\system32\DRIVERS\sisnicxp.sys [2006-02-15 32768]
S2 gupdate1c91054a69c0f74;Google Update Service (gupdate1c91054a69c0f74);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2006-11-09 12006784]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\DRIVERS\rt2500usb.sys [2005-09-10 104320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11be73bc-e22b-11dc-95ee-000ae6db53d5}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e49dfce-d7d4-11dc-95b9-000ae6db53d5}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3128ec99-f53f-11dc-96b7-000ae6db53d5}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029122-9c47-11dd-a863-001601784c70}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029123-9c47-11dd-a863-001601784c70}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43cae7c0-c8f4-11dc-956f-000ae6db53d5}]
\Shell\AutoRun\command - f:\_autorun\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592bc468-3387-11dd-a66b-000ae6db53d5}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66efa8d7-c9ac-11dc-9574-000ae6db53d5}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ec60341-c71b-11dc-9563-001601784c70}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b026c3fb-d570-11dc-95b0-000ae6db53d5}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceb95934-a280-11dd-a89e-000ae6db53d5}]
\Shell\AutoRun\command - cqdis.cmd
\Shell\explore\Command - cqdis.cmd
\Shell\open\Command - cqdis.cmd

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 14:00]

2008-11-05 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-05 19:26]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
HKCU-Run-VoipCheapCom - c:\program files\VoipCheapCom\VoipCheapCom.exe
HKCU-Run-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-tsnp2std - c:\windows\tsnp2std.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\jova\Application Data\Mozilla\Firefox\Profiles\1qgl3n11.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.pr/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\documents and settings\jova\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Panda Security\TotalScan\npwrapper.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 07:02:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-06 749
ComboFix-quarantined-files.txt 2008-11-05 20:05:45

Pre-Run: 3,077,001,216 bytes free
Post-Run: 5,804,343,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

385 --- E O F --- 2008-10-31 00:20:02
Attached Files
File Type: txt combofix.txt (26.2 KB, 1 views)
Last edited by Ried; 11-06-2008 at 06:38 AM.
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2008, 06:42 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
Hello stevetry,

Please do not attach logs unless requested. It's much quicker and easier for us if you copy/paste the contents of reports directly into the reply box.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

FileLook::
c:\windows\system32\xa1291171.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= -
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11be73bc-e22b-11dc-95ee-000ae6db53d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e49dfce-d7d4-11dc-95b9-000ae6db53d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3128ec99-f53f-11dc-96b7-000ae6db53d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029123-9c47-11dd-a863-001601784c70}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43cae7c0-c8f4-11dc-956f-000ae6db53d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592bc468-3387-11dd-a66b-000ae6db53d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66efa8d7-c9ac-11dc-9574-000ae6db53d5}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b026c3fb-d570-11dc-95b0-000ae6db53d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceb95934-a280-11dd-a89e-000ae6db53d5}]
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the contents of that report in your next reply along with an update on system behavior.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2008, 11:38 AM   #8 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
well firefox crashed one time i dont know about other programs here the log

ComboFix 08-11-05.02 - jova 2008-11-06 12:31:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.614 [GMT 11:00]
Running from: c:\documents and settings\jova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jova\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-05 20:29 . 2008-11-05 20:29 <DIR> d-------- c:\windows\Logs
2008-11-05 17:13 . 2008-11-05 17:14 250 --a------ c:\windows\gmer.ini
2008-11-04 07:58 . 2008-11-04 07:58 <DIR> d-------- c:\program files\ZyX
2008-11-04 07:28 . 2008-11-04 13:54 <DIR> d-------- c:\program files\Illusion
2008-11-02 13:39 . 2008-11-02 13:39 <DIR> d-------- c:\program files\Dreams
2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291453.exe
2008-11-01 16:25 . 2008-11-01 16:25 212,992 --a------ c:\windows\system32\xa1291171.exe
2008-11-01 16:25 . 2008-11-01 16:25 172,032 --a------ c:\windows\system32\xwr89050.dll
2008-11-01 16:25 . 2008-11-01 16:25 172,032 --a------ c:\windows\system32\wr89050.dll
2008-11-01 16:21 . 2008-11-01 16:21 <DIR> d-------- c:\program files\D-Fend Reloaded
2008-11-01 16:21 . 2008-11-01 16:23 <DIR> d-------- c:\documents and settings\jova\D-Fend Reloaded
2008-10-31 11:40 . 2008-10-31 11:40 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Search
2008-10-30 14:04 . 2008-10-30 14:04 <DIR> d-------- c:\documents and settings\jova\Application Data\Windows Desktop Search
2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 14:03 . 2008-10-30 14:03 <DIR> d-------- c:\program files\Windows Desktop Search
2008-10-30 14:01 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-10-30 14:01 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-10-30 14:01 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-10-30 14:00 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-30 13:58 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-30 13:58 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-30 13:58 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-30 13:58 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-30 13:58 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-30 13:58 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-30 13:52 . 2008-05-02 01:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-30 13:51 . 2008-04-12 06:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-29 20:49 . 2008-10-29 20:50 <DIR> d-------- C:\rsit
2008-10-24 18:11 . 2008-10-24 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-24 18:09 . 2008-10-24 18:09 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-10-24 11:51 . 2008-10-24 11:51 1,087,750 --a------ C:\output.avi
2008-10-23 19:51 . 2008-10-23 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-10-23 19:50 . 2008-10-23 19:50 <DIR> d-------- c:\program files\TechSmith
2008-10-23 19:47 . 2008-10-23 19:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-19 18:06 . 2008-10-19 18:07 <DIR> d-------- c:\program files\Parallel Port Joystick
2008-10-19 18:00 . 2008-10-19 18:00 <DIR> d-------- C:\Downloads
2008-10-19 18:00 . 2008-10-20 06:42 <DIR> d-------- c:\documents and settings\jova\Application Data\GetRightToGo
2008-10-19 16:16 . 2008-10-19 17:56 <DIR> d-------- c:\program files\The Rosetta Stone
2008-10-17 23:29 . 2008-10-18 14:29 <DIR> d-------- c:\documents and settings\jova\Application Data\U3
2008-10-16 19:14 . 2008-10-16 19:14 <DIR> d--hs---- C:\found.000
2008-10-16 13:38 . 2008-10-16 13:42 384 --a------ c:\windows\w32dasm8.ini
2008-10-15 23:02 . 2008-11-06 11:55 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-10-13 13:40 . 2008-10-13 13:40 <DIR> d-------- c:\program files\SanDisk
2008-10-13 13:40 . 2008-02-03 10:53 15,760 --a------ c:\windows\system32\iviaspi.sys
2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\program files\Apple Software Update
2008-10-13 10:15 . 2008-10-13 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-13 10:13 . 2008-10-13 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-10 19:10 . 2008-10-24 18:01 <DIR> d-------- c:\program files\BSR Screen Recorder 4
2008-10-10 19:10 . 2008-10-10 20:24 2,048 --a------ c:\windows\system32\Tr_sttool.dat
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Deskshare
2008-10-10 19:03 . 2008-10-10 19:03 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-10-10 12:56 . 2008-10-10 12:56 <DIR> d-------- C:\dsbu
2008-10-09 16:38 . 2008-10-09 16:43 <DIR> d-------- c:\documents and settings\jova\Application Data\Hamachi
2008-10-09 16:37 . 2008-10-09 16:37 25,280 --a------ c:\windows\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 01:06 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-06 01:06 1,484 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2008-11-06 00:57 330,664 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-06 00:57 330,664 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2008-11-05 11:59 --------- d-----w c:\documents and settings\jova\Application Data\LimeWire
2008-11-05 07:38 --------- d-----w c:\documents and settings\jova\Application Data\MegauploadToolbar
2008-11-05 05:15 --------- d-----w c:\documents and settings\jova\Application Data\uTorrent
2008-11-04 02:30 --------- d-----w c:\program files\eMule
2008-11-03 19:57 --------- d-----w c:\program files\uTorrent
2008-11-03 09:10 --------- d-----w c:\program files\PowerArchiver
2008-10-31 11:11 --------- d-----w c:\documents and settings\jova\Application Data\Hide IP NG
2008-10-31 11:08 --------- d-----w c:\program files\Banner Maker Pro 7
2008-10-31 11:07 --------- d-----w c:\program files\Aurora Video Converter VCD SVCD DVD Creator
2008-10-30 03:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 20:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 20:31 --------- d-----w c:\program files\ArcSoft
2008-10-25 15:41 --------- d-----w c:\program files\LimeWire
2008-10-25 07:40 --------- d-----w c:\program files\GameSpy Arcade
2008-10-24 07:09 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 07:03 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-10-24 07:03 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-10-24 07:03 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-10-24 07:03 129,784 ------w c:\windows\system32\pxafs.dll
2008-10-24 07:03 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-10-24 07:03 116,472 ------w c:\windows\system32\pxcpyi64.exe
2008-10-24 06:41 --------- d-----w c:\program files\MagicISO
2008-10-20 19:12 --------- d-----w c:\program files\Google
2008-10-12 23:14 --------- d-----w c:\program files\QuickTime
2008-10-08 07:34 --------- d-----w c:\program files\Tibia
2008-10-01 02:31 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-09-30 15:35 --------- d-----w c:\program files\FXhome EffectsLab Pro
2008-09-19 04:56 --------- d-----w c:\documents and settings\jova\Application Data\FreeCall
2008-09-19 04:41 --------- d-----w c:\documents and settings\jova\Application Data\VoipCheapCom
2008-09-18 23:31 --------- d-----w c:\documents and settings\jova\Application Data\VoipBuster
2008-09-18 15:33 --------- d-----w c:\program files\Investintech.com Inc
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 17:31 --------- d-----w c:\documents and settings\jova\Application Data\Sony
2008-09-08 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-19 16:10 34,688 ----a-w c:\windows\system32\ssqNGvWN.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-07 15:36 88 --sh--r c:\documents and settings\All Users\Application Data\47EC2F9192.sys
2008-04-29 15:30 2,089,030 ----a-w c:\documents and settings\jova\PROCESSLIST.ZIP
2008-04-29 15:30 140,042 ----a-w c:\documents and settings\jova\PROCESSLISTRELATED.ZIP
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
2005-10-13 00:04 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2008-02-01 14:13 56 --sh--r c:\windows\system32\92912FEC47.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-05-22 00:22 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
2008-05-09 22:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\system32\xa1291171.exe ----
Company: PARSLEY
File Description:
File Version: 1, 0, 0, 1
Product Name:
Copyright: Copyright (C) PARSLEY 1996,1999
Original file name: T_love95.EXE
MD5: 798144499771abdd5d2d3ac62105b5bf


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6583545-854E-352E-98AE-C93D342DF3F8}]
2008-11-01 16:25 172032 --a------ c:\windows\system32\xwr89050.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-29 3660848]
"Google Update"="c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-10-05 455984]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-29 570664]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-16 675840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2005-12-05 1668096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"PCTVOICE"="pctspk.exe" [2002-06-05 c:\windows\system32\pctspk.exe]

c:\documents and settings\jova\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-05-24 557568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 14:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.ZMBV"= zmbv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-09-29 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-12 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-11-15 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-12 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-10-26 03:50 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2007-05-24 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-12 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-12 30648]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\Drivers\cpoint.sys [2007-06-09 24760]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2005-06-11 7140]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-13 537520]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2007-07-13 178872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-10 16269]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\DRIVERS\netimflt.sys [2007-11-20 143160]
R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;c:\windows\system32\DRIVERS\sisnicxp.sys [2006-02-15 32768]
S2 gupdate1c91054a69c0f74;Google Update Service (gupdate1c91054a69c0f74);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 133104]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2006-11-09 12006784]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\DRIVERS\rt2500usb.sys [2005-09-10 104320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41029122-9c47-11dd-a863-001601784c70}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ec60341-c71b-11dc-9563-001601784c70}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b026c3fb-d570-11dc-95b0-000ae6db53d5}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - ASNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 14:00]

2008-11-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\jova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-05 19:26]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 12:37:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-06 12:45:14
ComboFix-quarantined-files.txt 2008-11-06 01:44:07
ComboFix2.txt 2008-11-05 2053

Pre-Run: 5,819,809,792 bytes free
Post-Run: 5,804,347,392 bytes free

251 --- E O F --- 2008-10-31 00:20:02
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2008, 07:09 AM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
Hello stevetry,

Are all of the following, files that have been renamed by D-Fend Reloaded? They seem to have come onto the system at the same time as that tool:

c:\windows\system32\xa1291453.exe
c:\windows\system32\xa1291171.exe
c:\windows\system32\xwr89050.dll
c:\windows\system32\wr89050.dll


Open notepad and copy/paste the entire text in the quote box below: (don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b026c3fb-d570-11dc-95b0-000ae6db53d5}]
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2008, 05:48 PM   #10 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
my internet and firefox browser are still crashing here the report


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 8, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 08, 2008 09:12:11
Records in database: 1374412
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 158422
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:24:54


File name / Threat name / Threats count
C:\Documents and Settings\jova\Desktop\my docu\homebrew\10640_snezzidsv0.28a2.zip Infected: Backdoor.Win32.Agent.ezx 2
C:\Documents and Settings\jova\My Documents\audio\final omen 2.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\jova\My Documents\audio\grand inquisition.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2008, 06:06 PM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
As you can see, those files are infected. Navigate to each of them using Windows Explorer and delete them.
  1. How often are the browsers crashing?
  2. What are you doing when they crash?
  3. What do you mean by 'crash'--do the browsers freeze, or do you receive an error message?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 04:18 AM   #12 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
like when i am on a website and i click a link to go to another part of the site the browser closes it self that what i mean sometimes fires fox gives me a crash report
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 08:47 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
Does the same thing happen with IE? Please, I need as much detail as possible since I am not in front of your machine.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 08:50 AM   #14 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
Quote:
Originally Posted by Ried View Post
Does the same thing happen with IE? Please, I need as much detail as possible since I am not in front of your machine.
yes IE also closes it self but without me clinking anything sometime i
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 08:54 AM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
Quote:
Originally Posted by Ried
Are all of the following, files that have been renamed by D-Fend Reloaded? They seem to have come onto the system at the same time as that tool:

c:\windows\system32\xa1291453.exe
c:\windows\system32\xa1291171.exe
c:\windows\system32\xwr89050.dll
c:\windows\system32\wr89050.dll
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 02:44 PM   #16 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing


whats that
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 04:20 PM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
D-Fend Reloaded is a program that someone who uses your PC has downloaded to the system. See this link for an explanation of the program.

Earlier, I had gotten a look at c:\windows\system32\xa1291171.exe to find out more about it:

Quote:
c:\windows\system32\xa1291171.exe ----
Company: PARSLEY
File Description:
File Version: 1, 0, 0, 1
Product Name:
Copyright: Copyright (C) PARSLEY 1996,1999
Original file name: T_love95.EXE
MD5: 798144499771abdd5d2d3ac62105b5bf
T_love95.EXE is an old game that would require the use of D-Fend Reloaded in order to play.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 05:18 PM   #18 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
so do i deleted the program
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2008, 07:36 PM   #19 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista


Re: Firefox and other pograms are Crashing
It's up to you whether or not you want to uninstall it. Do you want the program? Do you now recognize it as something you want on this system?

I suspect that malware was bundled with that download. It would be helpful to know what site it was downloaded from.

Please go to Virus Total
  • Copy paste the following full path into the empty box under 'Upload a file'

    c:\windows\system32\xwr89050.dll
  • Click 'Send File'

  • Copy/paste the results inot Notepad and save it to your desktop.
Please repeat the above procedure for this file:
c:\windows\system32\xa1291453.exe
Please post the results of those scans in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 11-09-2008 at 07:54 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2008, 03:32 AM   #20 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 12
OS: xp


Re: Firefox and other pograms are Crashing
File xa1291453.exe received on 11.10.2008 11:26:06

Antivirus Version Last Update Result
AhnLab-V3 2008.11.7.1 2008.11.10 -
AntiVir 7.9.0.29 2008.11.10 -
Authentium 5.1.0.4 2008.11.09 -
Avast 4.8.1248.0 2008.11.10 -
AVG 8.0.0.161 2008.11.09 -
BitDefender 7.2 2008.11.10 -
CAT-QuickHeal 9.50 2008.11.10 -
ClamAV 0.94.1 2008.11.10 -
DrWeb 4.44.0.09170 2008.11.10 -
eSafe 7.0.17.0 2008.11.09 -
eTrust-Vet 31.6.6200 2008.11.09 -
Ewido 4.0 2008.11.09 -
F-Prot 4.4.4.56 2008.11.09 -
F-Secure 8.0.14332.0 2008.11.10 -
Fortinet 3.117.0.0 2008.11.09 -
GData 19 2008.11.10 -
Ikarus T3.1.1.45.0 2008.11.10 -
K7AntiVirus 7.10.520 2008.11.08 -
Kaspersky 7.0.0.125 2008.11.10 -
McAfee 5429 2008.11.10 -
Microsoft 1.4104 2008.11.10 -
NOD32 3599 2008.11.10 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.09 -
PCTools 4.4.2.0 2008.11.09 -
Prevx1 V2 2008.11.10 -
Rising 21.03.02.00 2008.11.10 -
SecureWeb-Gateway 6.7.6 2008.11.10 -
Sophos 4.35.0 2008.11.10 -
Sunbelt 3.1.1785.2 2008.11.08 -
Symantec 10 2008.11.10 -
TheHacker 6.3.1.1.147 2008.11.10 -
TrendMicro 8.700.0.1004 2008.11.10 -
VBA32 3.12.8.9 2008.11.10 -
ViRobot 2008.11.10.1458 2008.11.10 -
VirusBuster 4.5.11.0 2008.11.09 -


File xwr89050.dll received on 11.10.2008 11:17:28 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.11.7.1 2008.11.10 -
AntiVir 7.9.0.29 2008.11.10 -
Authentium 5.1.0.4 2008.11.09 -
Avast 4.8.1248.0 2008.11.10 -
AVG 8.0.0.161 2008.11.09 -
BitDefender 7.2 2008.11.10 Trojan.BHO.ODZ
CAT-QuickHeal 9.50 2008.11.10 -
ClamAV 0.94.1 2008.11.10 -
DrWeb 4.44.0.09170 2008.11.10 -
eSafe 7.0.17.0 2008.11.09 -
eTrust-Vet 31.6.6199 2008.11.08 -
Ewido 4.0 2008.11.09 -
F-Prot 4.4.4.56 2008.11.09 -
F-Secure 8.0.14332.0 2008.11.10 -
Fortinet 3.117.0.0 2008.11.09 -
GData 19 2008.11.10 Trojan.BHO.ODZ
Ikarus T3.1.1.45.0 2008.11.10 Trojan.Win32.BHO.h
K7AntiVirus 7.10.520 2008.11.08 -
Kaspersky 7.0.0.125 2008.11.10 -
McAfee 5429 2008.11.10 -
Microsoft 1.4104 2008.11.10 Trojan:Win32/BHO.H
NOD32 3599 2008.11.10 -







for some reason now i cant go to Google youtube yahoo my msn email it say cant connect to server but other site works
stevetry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:51 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85