BleepingComputer.com: PC freezes when clicking on desktop icon for...

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

PC freezes when clicking on desktop icon for... ...recently downloaded software.

#1 User is offline   Mr Misery 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 26-December 09

Posted 26 December 2009 - 02:16 PM

Hi
My PC freezes when I double-click on the desktop icon for recently downloaded software - PosterRaster and DAZ Studio 3. All other software OK. Any ideas?
I have run AVG virus and combofix.
Combofix report log:
ComboFix 09-12-25.05 - user 26/12/2009 18:42:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.404 [GMT 0:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents
c:\windows\unins000.dat
c:\windows\unins000.exe
N:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 18:32 . 2009-12-26 18:32 114688 ----a-w- c:\windows\system\aclui.dll
2009-12-26 18:13 . 2009-12-26 18:13 94512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-26 18:10 . 2009-12-26 18:10 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-26 18:10 . 2009-12-26 18:10 -------- d-----w- c:\program files\MSBuild
2009-12-26 18:10 . 2009-12-26 18:10 -------- d-----w- c:\program files\Reference Assemblies
2009-12-26 18:09 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-26 18:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-26 18:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-26 18:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-26 18:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-26 18:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-26 18:08 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-26 18:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-26 18:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-26 18:05 . 2009-12-26 18:15 0 ----a-w- c:\documents and settings\user\Local Settings\Application Data\prvlcl.dat
2009-12-26 17:53 . 2009-12-26 17:53 -------- d-----w- c:\windows\LastGood
2009-12-26 17:53 . 2009-12-26 17:53 -------- d-----w- c:\program files\MSXML 6.0
2009-12-26 17:44 . 2009-12-26 17:44 -------- d-----w- C:\rwc
2009-12-26 17:09 . 2009-12-26 18:51 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-26 15:59 . 2009-12-26 15:59 -------- d-----w- c:\program files\MSXML 4.0
2009-12-26 15:43 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-26 15:31 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-26 15:31 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-26 15:31 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-26 15:31 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-26 15:30 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-26 15:30 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-12-26 15:30 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-26 15:30 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-26 15:30 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-26 15:30 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-26 15:30 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-26 15:30 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-26 15:30 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-26 15:30 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-26 15:30 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-26 15:26 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-26 15:25 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-26 15:23 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-26 15:23 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-26 15:23 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-26 15:23 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-26 15:22 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-26 14:02 . 2009-12-26 14:02 -------- d-----w- c:\documents and settings\user\Application Data\WinPatrol
2009-12-26 14:02 . 2004-10-22 11:32 0 ----a-w- c:\documents and settings\user\Application Data\WinPatrol\Config.sys
2009-12-26 14:01 . 2009-12-26 14:01 -------- d-----w- c:\program files\BillP Studios
2009-12-26 12:44 . 2009-12-26 13:09 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-12-26 12:31 . 2009-12-26 12:32 -------- d-----w- c:\documents and settings\user\Application Data\Auslogics
2009-12-26 12:30 . 2009-12-26 12:30 -------- d-----w- c:\program files\Auslogics
2009-12-26 12:16 . 2009-12-26 12:16 -------- d-----w- c:\program files\Common Files\DAZ
2009-12-26 11:43 . 2009-12-26 17:12 -------- d-----w- c:\program files\PosteRazor
2009-12-23 10:12 . 2009-12-14 20:48 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-23 10:12 . 2009-12-14 20:47 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-23 10:12 . 2009-12-14 20:47 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-23 10:12 . 2009-12-14 20:47 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-20 19:49 . 2009-12-20 19:49 -------- d-----w- c:\documents and settings\user\Application Data\DAZ 3D
2009-12-20 19:44 . 2009-12-20 19:44 -------- d-----w- c:\program files\DAZ 3D
2009-12-19 13:21 . 2009-12-19 13:21 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-19 13:21 . 2009-12-14 20:47 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-17 15:13 . 2008-12-11 12:32 132976 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-17 15:13 . 2008-12-11 12:32 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-17 15:13 . 2008-12-11 08:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-17 15:12 . 2009-12-20 19:49 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-15 11:40 . 2009-12-15 11:40 -------- d-----w- c:\program files\Terminal Reality
2009-12-14 22:14 . 2009-12-14 22:14 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar
2009-12-14 20:49 . 2009-12-17 16:50 -------- d-----w- C:\$AVG
2009-12-14 20:48 . 2009-12-14 20:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-14 20:48 . 2009-12-14 20:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-14 20:48 . 2009-12-14 20:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-14 20:48 . 2009-12-26 17:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-14 20:48 . 2009-12-14 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-14 20:47 . 2009-12-14 20:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\AVG
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-14 16:27 . 2009-12-14 18:27 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-04 20:04 . 2009-12-04 20:04 -------- d-----w- c:\documents and settings\user\Application Data\BAMZOOKi SW
2009-12-04 20:02 . 2009-12-04 20:02 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 20:02 . 2009-12-04 20:02 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 20:00 . 2008-10-10 04:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-04 20:00 . 2009-12-04 20:00 -------- d-----w- c:\windows\Logs
2009-12-04 20:00 . 2009-12-04 20:30 -------- d-----w- c:\program files\BAMZOOKi SR
2009-11-30 21:01 . 2009-11-30 21:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 19:00 . 2008-10-28 00:09 942071840 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-26 18:50 . 2008-03-09 23:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-26 17:39 . 2008-10-28 00:09 10889192 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-26 15:27 . 2008-10-23 16:17 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-26 15:16 . 2004-10-22 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 14:54 . 2006-01-22 17:49 32216 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 13:06 . 2008-10-23 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC425
2009-12-26 13:06 . 2008-05-01 16:56 -------- d-----w- c:\program files\Adventure Rock
2009-12-26 13:06 . 2008-11-23 13:13 -------- d-----w- c:\program files\RamBooster 2.0
2009-12-26 12:16 . 2008-10-23 16:17 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-12-26 12:15 . 2008-10-23 14:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-26 09:24 . 2005-03-14 19:47 -------- d-----w- c:\program files\SpywareBlaster
2009-12-15 15:15 . 2009-05-22 17:11 -------- d-----w- c:\program files\Bulk Image Downloader
2009-12-15 11:28 . 2007-04-12 17:50 -------- d-----w- c:\program files\Atari
2009-12-04 20:28 . 2006-08-13 16:53 -------- d-----w- c:\program files\directx
2009-12-04 20:01 . 2008-07-19 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 21:17 . 2009-04-05 09:52 -------- d-----w- c:\program files\Safari
2009-11-07 22:06 . 2007-04-12 17:14 -------- d-----w- c:\program files\EA SPORTS
2009-11-02 22:25 . 2009-11-02 22:23 -------- d-----w- c:\program files\iTunes
2009-11-02 22:24 . 2005-05-28 22:45 -------- d-----w- c:\program files\iPod
2009-11-02 22:24 . 2007-10-29 21:04 -------- d-----w- c:\program files\Common Files\Apple
2009-11-02 21:09 . 2009-11-02 21:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:46 . 2004-10-22 13:50 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2006-01-22 17:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-24 16:57 . 2009-10-24 16:57 29100 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-13 10:53 . 2004-10-22 13:48 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-10-22 13:49 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54 . 2004-10-22 13:49 69632 ----a-w- c:\windows\system32\raschap.dll
2009-09-05 00:55 . 2009-09-05 00:55 1230112 ----a-w- c:\program files\QuickTimePlayer.exe
2009-09-05 00:55 . 2009-09-05 00:55 795952 ----a-w- c:\program files\QTPlugin.ocx
2009-09-05 00:55 . 2009-09-05 00:55 7861536 ----a-w- c:\program files\QuickTimePlayer.dll
2009-09-05 00:55 . 2009-09-05 00:55 365856 ----a-w- c:\program files\QTUIPanelControl.dll
2009-09-05 00:54 . 2009-09-05 00:54 894240 ----a-w- c:\program files\QTOControl.dll
2009-09-05 00:54 . 2009-09-05 00:54 820512 ----a-w- c:\program files\QTOLibrary.dll
2009-09-05 00:54 . 2009-09-05 00:54 800032 ----a-w- c:\program files\QTInfo.exe
2009-09-05 00:54 . 2009-09-05 00:54 8933 ----a-w- c:\program files\QuickTime Read Me.htm
2009-09-05 00:54 . 2009-09-05 00:54 55622 ----a-w- c:\program files\Sample.mov
2009-09-05 00:54 . 2009-09-05 00:54 417792 ----a-w- c:\program files\QTTask.exe
2009-09-05 00:54 . 2009-09-05 00:54 18663 ----a-w- c:\program files\Sample.qtif
2009-09-05 00:54 . 2009-09-05 00:54 561152 ----a-w- c:\program files\PictureViewer.exe
2009-04-25 08:23 . 2009-04-25 08:23 332868 ----a-w- c:\program files\poo City.sc3
2009-04-25 07:28 . 2009-04-25 07:28 43796 ----a-w- c:\program files\Small City..sc3
2009-04-24 19:09 . 2009-04-24 19:09 239398 -c--a-w- c:\program files\Alex City.sc3
2009-04-24 18:46 . 2009-04-24 18:46 194849 ----a-w- c:\program files\Center Vil.sc3
2009-04-23 18:50 . 2009-04-23 18:50 265963 ----a-w- c:\program files\Hard City.sc3
2009-03-22 08:02 . 2009-03-22 08:02 250455 ----a-w- c:\program files\Manchester.sc3
2008-12-12 17:03 . 2008-12-12 17:03 195678 ----a-w- c:\program files\twerl City.sc3
2008-11-02 15:49 . 2008-11-02 15:49 300830 ----a-w- c:\program files\Londen.sc3
2008-11-01 14:41 . 2008-11-01 14:41 244454 ----a-w- c:\program files\Ewan`s City.sc3
2008-08-22 12:22 . 2007-02-09 19:43 265390 ----a-w- c:\program files\Tree City.sc3
2008-08-22 11:30 . 2007-03-27 19:02 262977 ----a-w- c:\program files\New City.sc3
2008-08-19 19:01 . 2008-08-19 19:01 45148 ----a-w- c:\program files\THE BEST CITY !!!.sc3
2008-08-19 18:38 . 2007-01-21 18:53 272492 ----a-w- c:\program files\Manchester City.sc3
2008-08-19 17:39 . 2007-04-26 17:00 327782 ----a-w- c:\program files\Sim City.sc3
2008-08-18 09:52 . 2007-03-29 18:14 254811 ----a-w- c:\program files\Nice City.sc3
2008-08-18 08:48 . 2007-09-01 13:58 371549 ----a-w- c:\program files\Manchester City..sc3
2008-01-17 22:56 . 2006-09-03 18:15 774144 ----a-w- c:\program files\autostitch.exe
2007-08-12 10:22 . 2007-01-25 17:44 368545 ----a-w- c:\program files\Dad City.sc3
2007-03-30 20:00 . 2007-03-25 19:24 201325 ----a-w- c:\program files\Snow City.sc3
2006-12-12 21:57 . 2006-09-03 18:15 3221 ----a-w- c:\program files\README.TXT
2006-12-12 21:56 . 2006-09-03 18:15 639 ----a-w- c:\program files\LICENSE.TXT
2006-09-13 10:39 . 2006-09-13 20:06 455312 ----a-w- c:\program files\PTLensManual.pdf
2006-09-13 10:32 . 2006-09-13 20:07 393216 ----a-w- c:\program files\PTLens.8BF
2006-09-10 14:11 . 2006-09-13 20:07 121992 ----a-w- c:\program files\PTLens.dat
2006-06-18 20:06 . 2006-10-01 09:33 1744 ----a-w- c:\program files\CHANGES
2006-06-17 10:42 . 2006-10-01 09:33 419840 ----a-w- c:\program files\PosteRazor.exe
2006-06-03 23:18 . 2006-10-01 09:33 311 ----a-w- c:\program files\README
2006-06-03 23:18 . 2006-10-01 09:33 18350 ----a-w- c:\program files\LICENSE
2006-05-18 08:04 . 2004-11-12 17:04 247559 ----a-w- c:\program files\cwshredder.zip
2005-02-24 02:38 . 2009-05-22 17:25 11497 ----a-w- c:\program files\history.txt
2005-02-16 11:06 . 2006-03-02 16:55 218112 ----a-w- c:\program files\HijackThis.exe
2005-02-07 13:35 . 2005-02-07 13:35 465040 ------w- c:\program files\CWShredder_1.exe
2005-01-04 22:37 . 2009-05-22 17:25 413 ----a-w- c:\program files\important - read.txt
2005-01-04 22:36 . 2009-05-22 17:25 1829 ----a-w- c:\program files\code types.txt
2004-12-07 09:13 . 2004-12-07 09:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 09:13 . 2004-12-07 09:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 09:13 . 2004-12-07 09:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 09:13 . 2004-12-07 09:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 09:13 . 2004-12-07 09:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 09:13 . 2004-12-07 09:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 09:13 . 2004-12-07 09:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 09:13 . 2004-12-07 09:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 09:13 . 2004-12-07 09:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 08:47 . 2004-12-07 08:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt
2004-11-28 17:02 . 2004-11-28 17:02 4915119 ----a-w- c:\program files\Firefox Setup 1.0.exe
2004-11-18 17:22 . 2004-11-18 17:22 4252279 ----a-w- c:\program files\ezantivirus.exe
2004-11-18 17:03 . 2004-11-18 17:34 4586680 ----a-w- c:\program files\agentinstall.exe
2004-11-12 16:58 . 2004-11-12 16:58 149504 ----a-w- c:\program files\cwshredder.exe
2004-11-07 20:40 . 2004-11-07 20:40 28737 -c--a-w- c:\program files\2200-UC-PC.zip
2004-11-07 20:37 . 2004-11-07 20:37 783091 ----a-w- c:\program files\QuadTonePCbeta3.zip
2004-11-06 17:50 . 2004-11-06 17:50 10479136 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2004-10-27 19:28 . 2004-10-24 16:59 474256 ----a-w- c:\program files\GoogleToolbarInstaller.exe
2004-10-25 19:29 . 2004-10-25 19:24 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-10-25 19:24 . 2004-10-25 19:22 6811656 ----a-w- c:\program files\psa201se_us.exe
2004-10-24 17:15 . 2004-10-24 17:15 4354084 ----a-w- c:\program files\spybotsd13.exe
2004-10-24 17:09 . 2004-10-24 17:09 2636408 ----a-w- c:\program files\aawsepersonal.exe
2004-10-22 13:33 . 2004-10-22 13:33 2028640 ----a-w- c:\program files\sp1aexpress_usa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-29 28739]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2006-10-10 43520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-19 2002160]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-11-25 3176408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-11-10 249927]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-04-23 2158592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BOC-425"="c:\progra~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 342272]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-12-20 2652056]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2007-01-25 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2007-01-25 16384]
"Netdrive"="c:\program files\Netdrive\Netdrive.exe" [2008-11-18 3089408]
"QuickTime Task"="c:\program files\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-14 2033432]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-25 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-12-28 131584]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-2-13 294912]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-19 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-14 18:26 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-14 20:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\n:\0autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^ubisoft register.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Netdrive\\ndsvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31503:UDP"= 31503:UDP:schemasSystem AgentWorks
"51415:TCP"= 51415:TCP:schemasSystem ResourcesDownloaded
"14231:UDP"= 14231:UDP:schemasSystem L2Sregistration
"47229:TCP"= 47229:TCP:schemasSystem OfflineCommon

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [22/10/2004 11:42 75904]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14/12/2009 20:47 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14/12/2009 20:48 360584]
R1 is-O0FVOdrv;is-O0FVOdrv;c:\windows\system32\drivers\63524034.sys [28/10/2008 00:09 148496]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [17/12/2009 15:13 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 10:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 10:43 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14/12/2009 20:47 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/12/2009 20:47 285392]
R2 BlackICE;BlackICE;c:\program files\ISS\BlackICE\blackd.exe [14/01/2008 18:41 847872]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [23/10/2008 13:37 73472]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [17/12/2009 15:13 73840]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [26/12/2009 15:27 583640]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [17/12/2009 15:12 95640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 10:43 7408]
R4 black;black;c:\windows\system32\drivers\blackdrv.sys [14/01/2008 18:41 229367]
S2 ndsvc;NetDrive Service;c:\program files\Netdrive\ndsvc.exe [18/11/2008 14:33 2543104]
S2 Rasaccess;Monitor Center;c:\windows\system32\svchost.exe -k netsvcs [18/08/2001 12:00 14336]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [17/03/2008 12:01 20160]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\user\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\user\LOCALS~1\Temp\cusbohcn.sys [?]
S3 ham50;Intel HaM Data Fax Voice Modem;c:\windows\system32\drivers\ham50.sys [22/10/2004 11:53 365853]
S3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [12/11/2008 13:03 70656]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [24/10/2004 16:45 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [24/10/2004 16:45 24344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FONTCACHE3.0.0.0
*NewlyCreated* - MSISERVER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hzgjlbc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Crawler Search - tbr:iemenu
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
TCP: {023E672C-1B84-4845-897D-77D9F6F6896E} = 194.72.0.114 62.6.40.162
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5f57qrby.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5f57qrby.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Plugins\npqtplugin7.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Shogun Total War - Warlord Edition - c:\program files\Total War\Shogun - Total War - Warlord Edition\Uninst.isu
AddRemove-Tiger Woods PGA TOUR 2001 - d:\games\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95302786-EB7F-C232-EEC6-2A3996E06940}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaeblkgigefcjklmdpodjlanpnidpj"=hex:6a,61,69,6d,63,65,67,70,69,6a,65,6b,6f,64,
6f,70,61,68,6f,65,00,00
"naoaoenlamomejkdlolhnlgjdoea"=hex:6a,61,69,6d,63,65,67,70,69,6a,65,6b,6f,64,
6f,70,61,68,6f,65,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\midimap.dll
.
Completion time: 2009-12-26 19:05:34
ComboFix-quarantined-files.txt 2009-12-26 19:05
ComboFix2.txt 2008-10-27 19:33

Pre-Run: 10,901,823,488 bytes free
Post-Run: 11,607,420,928 bytes free

- - End Of File - - A729908368E63784D26EFEC0202642A1

Thanks

This post has been edited by Orange Blossom: 26 December 2009 - 08:47 PM
Reason for edit: Moved to HiJack This forum. ~ OB

#2 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 06 January 2010 - 03:16 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#3 User is offline   syler 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 8,150
  • Joined: 07-November 07
  • Gender:Male
  • Location:Warrington, UK

Posted 10 January 2010 - 11:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
If I have helped you, and you would like to make a donation to me, click here

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users