Jump to content


Photo
- - - - -

firefox, IE keep crashing


  • Please log in to reply
5 replies to this topic

#1 wildphilldude

wildphilldude

    New Member

  • Members
  • Pip
  • 3 posts

Posted 17 April 2011 - 03:20 PM

got stung with a virus that keept popping up a fake security center saying i was infected, malwarebytes seemed to have got rid of it can connect to the internet but soon as try to go off google to other sites that need login such as google mail or my youtube channel firefox crashes as does internet explorer cannot download either as that causes a crash.

Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6353

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17/04/2011 12:36:45
mbam-log-2011-04-17 (12-36-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 364403
Time elapsed: 2 hour(s), 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS/GMER log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Test Account at 20:23:49.41 on 16/04/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.892.364 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\mobsync.exe
C:\Users\Test Account\Desktop\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.packardbell.com/?id=9088
uDefault_Page_URL = hxxp://go.packardbell.com/?id=9088
mStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
mRun: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\testac~1\appdata\roaming\mozilla\firefox\profiles\dzlmizxi.default\
FF - prefs.js: browser.startup.homepage - google
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
.
============= SERVICES / DRIVERS ===============
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2008-9-25 41456]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-9-26 281088]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-9-26 456192]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2011-4-15 47616]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-9-25 13976]
S3 ActionReplay_360_PowerSaves;ActionReplay_360_PowerSaves;c:\windows\system32\drivers\ActionReplay_360_PowerSaves.sys [2011-1-30 29184]
S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [2009-3-6 47744]
.
=============== Created Last 30 ================
.
2011-04-15 11:40:40 -------- d-----w- c:\users\test account\.gimp-2.6
2011-04-15 10:46:05 -------- d-----w- c:\users\testac~1\appdata\local\Mozilla
2011-04-15 10:33:49 47616 ----a-w- c:\windows\system32\drivers\SiSGB6.sys
2011-04-15 10:28:09 -------- d-----w- c:\users\testac~1\appdata\roaming\DRPSu
2011-04-14 20:19:26 -------- d-----w- c:\users\testac~1\appdata\local\Microsoft Games
2011-04-14 20:17:09 -------- d-----w- c:\users\testac~1\appdata\roaming\Microsoft Games
2011-04-14 15:31:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-14 15:31:15 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-13 18:06:10 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-13 18:06:10 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-13 18:06:10 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-13 18:06:10 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-13 18:06:10 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-13 18:06:10 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-13 18:06:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-13 18:06:09 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-13 15:03:57 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{86c98bd3-f5a1-46ca-b460-7176ca324f4a}\mpengine.dll
2011-04-08 16:27:35 -------- dc-h--w- c:\progra~2\{813FE3E7-4DEA-4751-81F5-3F690027E505}
2011-04-05 18:56:44 16218112 ----a-w- c:\windows\system32\imageres.dll
2011-04-05 18:56:16 -------- d-----w- c:\progra~2\Stardock
2011-04-05 18:54:30 -------- d--h--w- c:\progra~2\{F0297D39-7A45-442F-AFF5-271488E85934}
2011-04-05 18:54:25 -------- d-----w- c:\program files\Stardock
2011-04-05 17:00:12 90112 ----a-w- c:\windows\unvise32.exe
2011-04-05 16:59:32 -------- d-----w- c:\program files\The Logo Creator v5
2011-04-03 08:57:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 21:41:42 -------- d-----w- c:\progra~2\iLpMpMeLoBn09001
2011-03-24 17:21:08 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-24 17:21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-02-22 15:26:45 520192 ----a-w- c:\windows\system32\ZooTycoon2_Screensaver.scr
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-04-03 16:03:58 528095 ----a-w- c:\program files\ZT2 Object Editor.exe
.
============= FINISH: 20:25:23.29 ===============

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 20 April 2011 - 02:07 AM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 wildphilldude

wildphilldude

    New Member

  • Members
  • Pip
  • 3 posts

Posted 20 April 2011 - 09:43 AM

Here are the new logs, the problem seems fixed at the moment.

Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6405

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20/04/2011 11:46:34
mbam-log-2011-04-20 (11-46-34).txt

Scan type: Quick scan
Objects scanned: 191498
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS Log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Test Account at 15:35:02.40 on 20/04/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.892.430 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Test Account\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.packardbell.com/?id=9088
mStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\testac~1\appdata\roaming\mozilla\firefox\profiles\dzlmizxi.default\
FF - prefs.js: browser.startup.homepage - google
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
.
============= SERVICES / DRIVERS ===============
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2008-9-25 41456]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-9-26 281088]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-9-26 456192]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2011-4-15 47616]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-9-25 13976]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
S3 ActionReplay_360_PowerSaves;ActionReplay_360_PowerSaves;c:\windows\system32\drivers\ActionReplay_360_PowerSaves.sys [2011-1-30 29184]
S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [2009-3-6 47744]
.
=============== Created Last 30 ================
.
2011-04-20 11:54:26 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-20 11:54:12 -------- d-----w- c:\users\testac~1\appdata\local\temp
2011-04-20 11:23:11 98816 ----a-w- c:\windows\sed.exe
2011-04-20 11:23:11 89088 ----a-w- c:\windows\MBR.exe
2011-04-20 11:23:11 256512 ----a-w- c:\windows\PEV.exe
2011-04-20 11:23:11 161792 ----a-w- c:\windows\SWREG.exe
2011-04-17 09:27:24 -------- d-----w- c:\users\testac~1\appdata\roaming\Malwarebytes
2011-04-15 11:40:40 -------- d-----w- c:\users\test account\.gimp-2.6
2011-04-15 10:46:05 -------- d-----w- c:\users\testac~1\appdata\local\Mozilla
2011-04-15 10:33:49 47616 ----a-w- c:\windows\system32\drivers\SiSGB6.sys
2011-04-15 10:28:09 -------- d-----w- c:\users\testac~1\appdata\roaming\DRPSu
2011-04-14 20:19:26 -------- d-----w- c:\users\testac~1\appdata\local\Microsoft Games
2011-04-14 20:17:09 -------- d-----w- c:\users\testac~1\appdata\roaming\Microsoft Games
2011-04-14 15:31:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-14 15:31:15 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-13 18:06:10 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-13 18:06:10 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-13 18:06:10 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-13 18:06:10 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-13 18:06:10 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-13 18:06:10 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-13 18:06:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-13 18:06:09 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-13 15:03:57 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{86c98bd3-f5a1-46ca-b460-7176ca324f4a}\mpengine.dll
2011-04-08 16:27:35 -------- dc-h--w- c:\progra~2\{813FE3E7-4DEA-4751-81F5-3F690027E505}
2011-04-05 18:56:44 16218112 ----a-w- c:\windows\system32\imageres.dll
2011-04-05 18:56:16 -------- d-----w- c:\progra~2\Stardock
2011-04-05 18:54:30 -------- d--h--w- c:\progra~2\{F0297D39-7A45-442F-AFF5-271488E85934}
2011-04-05 18:54:25 -------- d-----w- c:\program files\Stardock
2011-04-05 17:00:12 90112 ----a-w- c:\windows\unvise32.exe
2011-04-05 16:59:32 -------- d-----w- c:\program files\The Logo Creator v5
2011-04-03 08:57:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 21:41:42 -------- d-----w- c:\progra~2\iLpMpMeLoBn09001
2011-03-24 17:21:08 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-24 17:21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-02-22 15:26:45 520192 ----a-w- c:\windows\system32\ZooTycoon2_Screensaver.scr
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-04-03 16:03:58 528095 ----a-w- c:\program files\ZT2 Object Editor.exe
.
============= FINISH: 15:36:23.92 ===============



Combo-Fix Log

ComboFix 11-04-19.05 - Test Account 20/04/2011 12:29:20.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.892.406 [GMT 1:00]
Running from: c:\users\Test Account\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\BZM\AppData\Local\jrr.exe
c:\users\BZM\AppData\Roaming\Microsoft\Windows\Templates\e8010lu874aguygbc
.
----- BITS: Possible infected sites -----
.
hxxp://www.hhdsoftware.com
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 )))))))))))))))))))))))))))))))
.
.
2011-04-20 11:47 . 2011-04-20 11:47 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-04-20 11:47 . 2011-04-20 11:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-20 11:47 . 2011-04-20 11:47 -------- d-----w- c:\users\BZM\AppData\Local\temp
2011-04-15 10:33 . 2007-06-20 10:12 47616 ----a-w- c:\windows\system32\drivers\SiSGB6.sys
2011-04-14 20:07 . 2011-04-16 19:20 -------- d-----w- c:\users\Test Account
2011-04-14 15:31 . 2011-04-14 20:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-14 15:31 . 2011-04-14 16:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-13 18:06 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-13 18:06 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-13 18:06 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-13 18:06 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-13 18:06 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-13 18:06 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-13 18:06 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-13 18:06 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-13 15:03 . 2011-03-23 09:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86C98BD3-F5A1-46CA-B460-7176CA324F4A}\mpengine.dll
2011-04-08 18:40 . 2011-04-08 20:55 -------- d-----w- c:\users\BZM\AppData\Roaming\Luziet
2011-04-08 16:27 . 2011-04-08 16:27 -------- dc-h--w- c:\programdata\{813FE3E7-4DEA-4751-81F5-3F690027E505}
2011-04-08 16:26 . 2011-04-08 16:26 -------- d-----w- c:\users\BZM\AppData\Local\PackageAware
2011-04-05 19:58 . 2011-04-05 19:59 -------- d-----w- c:\users\BZM\Misc
2011-04-05 18:56 . 2011-04-05 18:56 16218112 ----a-w- c:\windows\system32\imageres.dll
2011-04-05 18:56 . 2011-04-05 18:56 -------- d-----w- c:\programdata\Stardock
2011-04-05 18:54 . 2011-04-05 18:54 -------- d--h--w- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2011-04-05 18:54 . 2011-04-08 16:26 -------- d-----w- c:\program files\Stardock
2011-04-05 17:00 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2011-04-05 16:59 . 2011-04-05 17:00 -------- d-----w- c:\program files\The Logo Creator v5
2011-04-03 08:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 15:36 . 2011-03-25 15:46 -------- d-----w- c:\users\BZM\AppData\Local\PlayMovie
2011-03-25 15:35 . 2011-03-25 15:36 -------- d-----w- c:\users\BZM\AppData\Roaming\CyberLink
2011-03-25 15:35 . 2011-03-25 15:35 -------- d-----w- c:\users\BZM\AppData\Local\PowerCinema
2011-03-24 21:41 . 2011-03-24 21:43 -------- d-----w- c:\programdata\iLpMpMeLoBn09001
2011-03-24 17:21 . 2011-03-24 17:21 -------- d-----w- c:\users\BZM\AppData\Roaming\Malwarebytes
2011-03-24 17:21 . 2011-03-24 17:21 -------- d-----w- c:\programdata\Malwarebytes
2011-03-24 17:21 . 2011-04-03 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 15:26 . 2011-02-22 15:26 520192 ----a-w- c:\windows\system32\ZooTycoon2_Screensaver.scr
2011-02-02 17:11 . 2011-01-18 15:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-04-03 16:03 . 2009-04-03 16:03 528095 ----a-w- c:\program files\ZT2 Object Editor.exe
2011-03-18 17:53 . 2011-04-13 18:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\BZM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 ActionReplay_360_PowerSaves;ActionReplay_360_PowerSaves;c:\windows\system32\Drivers\ActionReplay_360_PowerSaves.sys [2007-02-08 29184]
R3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\DRIVERS\PhSerUsb.sys [2005-11-04 47744]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-13 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2008-02-21 456192]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\Recovery DVD Creator-Ben Tycoon Master.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-09-25 10:13]
.
2011-04-20 c:\windows\Tasks\User_Feed_Synchronization-{D3182FBC-4448-4B40-A404-0C82F437493A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://go.packardbell.com/?id=9088
mStart Page = about:blank
FF - ProfilePath - c:\users\Test Account\AppData\Roaming\Mozilla\Firefox\Profiles\dzlmizxi.default\
FF - prefs.js: browser.startup.homepage - google
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SiSTray - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
AddRemove-Arabian Nights: Download First - c:\users\Ben Tycoon Master\Desktop\Installations + Z2F Files\SAVES+EXTRAS\SAVES+EXTRAS\Best Downloads\Artifex\AN\Uninstal Arabian Nights Download First.exe
AddRemove-Arabian Nights: ES - c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights ES.exe
AddRemove-Arabian Nights: ES Animals 1 - c:\users\Ben Tycoon Master\Desktop\Installations + Z2F Files\SAVES+EXTRAS\SAVES+EXTRAS\Best Downloads\Artifex\AN\Uninstal Arabian Nights ES Animals 1.exe
AddRemove-Arabian Nights: ES Animals 2 - c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights ES Animals 2.exe
AddRemove-Arabian Nights: ES Foliage - c:\users\Ben Tycoon Master\Desktop\Installations + Z2F Files\SAVES+EXTRAS\SAVES+EXTRAS\Best Downloads\Artifex\AN\Uninstal Arabian Nights ES Foliage.exe
AddRemove-Arabian Nights: Foliage 1 - c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Foliage 1.exe
AddRemove-Arabian Nights: Foliage 2 - c:\program files\Microsoft Games\Zoo Tycoon 2\Uninstal Arabian Nights Foliage 2.exe
AddRemove-Arabian Nights: MM - c:\users\Ben Tycoon Master\Desktop\Installations + Z2F Files\SAVES+EXTRAS\SAVES+EXTRAS\Best Downloads\Artifex\AN\Uninstal Arabian Nights MM.exe
AddRemove-Arabian Nights: MM Animals 1 - c:\users\BZM's Work Account\Desktop\CUsersBen Tycoon MasterDesktopInstallations + Z2F FilesSAVES+EXTRASSAVES+EXTRASBest DownloadsArtifexAN\Uninstal Arabian Nights MM Animals 1.exe
AddRemove-Arabian Nights: MM Animals 2 - c:\users\BZM's Work Account\Desktop\CUsersBen Tycoon MasterDesktopInstallations + Z2F FilesSAVES+EXTRASSAVES+EXTRASBest DownloadsArtifexAN\Uninstal Arabian Nights MM Animals 2.exe
AddRemove-Baiji - c:\users\BZM\Desktop\ZT2\Uninstal.exe
AddRemove-Genesis Expansion Project v2 2 - c:\users\BZM's Work Account\Desktop\GEPv2\uninstall.exe
AddRemove-Jurassic Park - Operation Genesis - Primeval Pack I - c:\users\BZM\Desktop\primeval pack\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-20 12:49
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
Completion time: 2011-04-20 12:54:07
ComboFix-quarantined-files.txt 2011-04-20 11:54
.
Pre-Run: 45,524,914,176 bytes free
Post-Run: 51,658,256,384 bytes free
.
- - End Of File - - 0AA02D4167394F47D3419BFFD7931355

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 21 April 2011 - 07:24 PM

Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 wildphilldude

wildphilldude

    New Member

  • Members
  • Pip
  • 3 posts

Posted 22 April 2011 - 11:21 AM

Here are the logs

Eset Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


Security Check Log

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Adobe Flash Player 10.1.102.64
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Eset found two infected files in quarentine folders from the Combo-Fix scan. No problems have occorued though and everything appears normal. Both firefox and IE have stopped crashing, so it appears that no issues remain.

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 24 April 2011 - 02:30 AM

Hi,

Next, it is absolutely essential that you upgrade to Vista Service Pack 2. Service Pack 1, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please click Start, type in Windows Update, and click Windows Update. Download all critical updates, including Service Pack 2.


Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.


Next, uninstall HijackThis 1.99.1 from Add or Remove Programs. Also uninstall Adobe Flash Player 10.1.102.64


Get the latest version of Adobe Flash Player.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users