Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus & Firewall Disabled "not A Valid Win32 Application"


  • Please log in to reply
1 reply to this topic

#1 pythonet

pythonet

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 14 March 2008 - 06:35 AM

I am infected by some kind of virus or malware which has disabled my antivirus and firewall "nod32 and zonealarm". Whenever i open them it says that they aren't a valid win32 application and doesn't open up. I then download cleanup and erased all of my internet temporary files. Then i downloaded combofix and ran it. It did improve my pc conditions as it enabled my windows updates but still i am unable to open up my antivirus and firewall. Following is the log file of combofix and i need an urgent solution to my problem:


ComboFix 08-03-13.4 - Raza Abbas 2008-03-14 15:36:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.642 [GMT 5:00]
Running from: C:\Documents and Settings\Raza Abbas\Desktop\combo-fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\127390.exe
C:\WINDOWS\system32\drivers\down\128984.exe
C:\WINDOWS\system32\drivers\down\130781.exe
C:\WINDOWS\system32\drivers\down\130937.exe
C:\WINDOWS\system32\drivers\down\133031.exe
C:\WINDOWS\system32\drivers\down\137187.exe
C:\WINDOWS\system32\drivers\down\139234.exe
C:\WINDOWS\system32\drivers\down\140140.exe
C:\WINDOWS\system32\drivers\down\143078.exe
C:\WINDOWS\system32\drivers\down\143156.exe
C:\WINDOWS\system32\drivers\down\143343.exe
C:\WINDOWS\system32\drivers\down\145500.exe
C:\WINDOWS\system32\drivers\down\150359.exe
C:\WINDOWS\system32\drivers\down\163796.exe
C:\WINDOWS\system32\drivers\down\167359.exe
C:\WINDOWS\system32\drivers\down\169453.exe
C:\WINDOWS\system32\drivers\down\171953.exe
C:\WINDOWS\system32\drivers\down\186812.exe
C:\WINDOWS\system32\drivers\down\187031.exe
C:\WINDOWS\system32\drivers\down\188312.exe
C:\WINDOWS\system32\drivers\down\188531.exe
C:\WINDOWS\system32\drivers\down\192968.exe
C:\WINDOWS\system32\drivers\down\194656.exe
C:\WINDOWS\system32\drivers\down\195828.exe
C:\WINDOWS\system32\drivers\down\202531.exe
C:\WINDOWS\system32\drivers\down\203796.exe
C:\WINDOWS\system32\drivers\down\209765.exe
C:\WINDOWS\system32\drivers\down\212921.exe
C:\WINDOWS\system32\drivers\down\220953.exe
C:\WINDOWS\system32\drivers\down\226156.exe
C:\WINDOWS\system32\drivers\down\228078.exe
C:\WINDOWS\system32\drivers\down\235937.exe
C:\WINDOWS\system32\drivers\down\239531.exe
C:\WINDOWS\system32\drivers\down\240875.exe
C:\WINDOWS\system32\drivers\down\249218.exe
C:\WINDOWS\system32\drivers\down\250468.exe
C:\WINDOWS\system32\drivers\down\255640.exe
C:\WINDOWS\system32\drivers\down\258765.exe
C:\WINDOWS\system32\drivers\down\259093.exe
C:\WINDOWS\system32\drivers\down\263109.exe
C:\WINDOWS\system32\drivers\down\268031.exe
C:\WINDOWS\system32\drivers\down\274890.exe
C:\WINDOWS\system32\drivers\down\277484.exe
C:\WINDOWS\system32\drivers\down\279125.exe
C:\WINDOWS\system32\drivers\down\283250.exe
C:\WINDOWS\system32\drivers\down\286906.exe
C:\WINDOWS\system32\drivers\down\289250.exe
C:\WINDOWS\system32\drivers\down\305953.exe
C:\WINDOWS\system32\drivers\down\308953.exe
C:\WINDOWS\system32\drivers\down\309062.exe
C:\WINDOWS\system32\drivers\down\312078.exe
C:\WINDOWS\system32\drivers\down\313234.exe
C:\WINDOWS\system32\drivers\down\317921.exe
C:\WINDOWS\system32\drivers\down\336406.exe
C:\WINDOWS\system32\drivers\down\338968.exe
C:\WINDOWS\system32\drivers\down\340281.exe
C:\WINDOWS\system32\drivers\down\340359.exe
C:\WINDOWS\system32\drivers\down\342187.exe
C:\WINDOWS\system32\drivers\down\343125.exe
C:\WINDOWS\system32\drivers\down\344906.exe
C:\WINDOWS\system32\drivers\down\349750.exe
C:\WINDOWS\system32\drivers\down\352078.exe
C:\WINDOWS\system32\drivers\down\353234.exe
C:\WINDOWS\system32\drivers\down\361734.exe
C:\WINDOWS\system32\drivers\down\365734.exe
C:\WINDOWS\system32\drivers\down\381921.exe
C:\WINDOWS\system32\drivers\down\387359.exe
C:\WINDOWS\system32\drivers\down\387640.exe
C:\WINDOWS\system32\drivers\down\393640.exe
C:\WINDOWS\system32\drivers\down\396796.exe
C:\WINDOWS\system32\drivers\down\399125.exe
C:\WINDOWS\system32\drivers\down\400734.exe
C:\WINDOWS\system32\drivers\down\402937.exe
C:\WINDOWS\system32\drivers\down\403562.exe
C:\WINDOWS\system32\drivers\down\406671.exe
C:\WINDOWS\system32\drivers\down\421343.exe
C:\WINDOWS\system32\drivers\down\424953.exe
C:\WINDOWS\system32\drivers\down\424968.exe
C:\WINDOWS\system32\drivers\down\428968.exe
C:\WINDOWS\system32\drivers\down\433015.exe
C:\WINDOWS\system32\drivers\down\445562.exe
C:\WINDOWS\system32\drivers\down\450015.exe
C:\WINDOWS\system32\drivers\down\452953.exe
C:\WINDOWS\system32\drivers\down\453718.exe
C:\WINDOWS\system32\drivers\down\454703.exe
C:\WINDOWS\system32\drivers\down\462046.exe
C:\WINDOWS\system32\drivers\down\465140.exe
C:\WINDOWS\system32\drivers\down\467140.exe
C:\WINDOWS\system32\drivers\down\473812.exe
C:\WINDOWS\system32\drivers\down\477125.exe
C:\WINDOWS\system32\drivers\down\478843.exe
C:\WINDOWS\system32\drivers\down\484109.exe
C:\WINDOWS\system32\drivers\down\488703.exe
C:\WINDOWS\system32\drivers\down\492015.exe
C:\WINDOWS\system32\drivers\down\497296.exe
C:\WINDOWS\system32\drivers\down\498359.exe
C:\WINDOWS\system32\drivers\down\502421.exe
C:\WINDOWS\system32\drivers\down\507046.exe
C:\WINDOWS\system32\drivers\down\516234.exe
C:\WINDOWS\system32\drivers\down\517265.exe
C:\WINDOWS\system32\drivers\down\532109.exe
C:\WINDOWS\system32\drivers\down\537296.exe
C:\WINDOWS\system32\drivers\down\537312.exe
C:\WINDOWS\system32\drivers\down\547562.exe
C:\WINDOWS\system32\drivers\down\548406.exe
C:\WINDOWS\system32\drivers\down\555984.exe
C:\WINDOWS\system32\drivers\down\558687.exe
C:\WINDOWS\system32\drivers\down\562328.exe
C:\WINDOWS\system32\drivers\down\564031.exe
C:\WINDOWS\system32\drivers\down\572906.exe
C:\WINDOWS\system32\drivers\down\573281.exe
C:\WINDOWS\system32\drivers\down\581484.exe
C:\WINDOWS\system32\drivers\down\582156.exe
C:\WINDOWS\system32\drivers\down\583046.exe
C:\WINDOWS\system32\drivers\down\584828.exe
C:\WINDOWS\system32\drivers\down\588140.exe
C:\WINDOWS\system32\drivers\down\590015.exe
C:\WINDOWS\system32\drivers\down\591671.exe
C:\WINDOWS\system32\drivers\down\600390.exe
C:\WINDOWS\system32\drivers\down\610656.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA


((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-14 11:26 . 2008-03-14 15:31 <DIR> d-------- C:\Program Files\CleanUp!
2008-03-13 21:58 . 2008-03-13 21:58 <DIR> d-------- C:\SDFix
2008-03-13 21:06 . 2008-03-13 21:06 <DIR> d-------- C:\Program Files\VideoMach-4.0.4
2008-03-08 13:50 . 2008-03-08 13:50 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-03-08 13:50 . 2008-03-08 13:50 <DIR> d-------- C:\Documents and Settings\Raza Abbas\Application Data\Logitech
2008-03-08 13:50 . 2008-03-08 13:50 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-08 13:47 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-03-08 13:47 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-03-08 13:47 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-03-08 13:47 . 2007-04-11 15:33 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-03-08 13:47 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-03-08 13:47 . 2007-04-11 15:32 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-03-08 13:47 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-03-08 13:47 . 2007-04-11 15:32 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-03-08 13:46 . 2008-03-08 13:49 <DIR> d-------- C:\Program Files\Logitech
2008-03-08 13:46 . 2008-03-08 13:47 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-08 13:46 . 2008-03-08 13:46 <DIR> d-------- C:\Documents and Settings\Raza Abbas\Application Data\InstallShield
2008-03-08 13:46 . 2008-03-08 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-08 13:45 . 2008-03-08 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-07 00:07 . 2008-03-07 00:07 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-02-28 17:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-28 17:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-28 17:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 20:44 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 20:34 . 2008-02-27 20:34 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 20:08 . 2008-02-27 20:36 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 20:07 . 2008-02-29 13:46 <DIR> d-------- C:\Program Files\Windows Live
2008-02-27 20:07 . 2008-02-27 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-18 19:48 . 2008-02-18 19:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-15 18:29 . 2008-03-09 17:59 <DIR> d-------- C:\Downloads
2008-02-15 18:21 . 2008-02-15 18:21 <DIR> d-------- C:\Program Files\Free Download Manager
2008-02-15 18:21 . 2008-03-14 15:34 <DIR> d-------- C:\Documents and Settings\Raza Abbas\Application Data\Free Download Manager
2008-02-15 18:21 . 2008-02-15 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-02-15 13:45 . 2008-02-15 13:45 <DIR> d-------- C:\Program Files\Ocean Technologies & Media
2008-02-15 13:45 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2008-02-15 13:10 . 2008-02-26 18:07 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-15 12:30 . 2008-02-15 12:30 <DIR> d-------- C:\Program Files\Lonely Cat Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 10:44 --------- d-----w C:\Program Files\ViStart
2008-03-12 13:54 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-03-11 16:18 200,192 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-03-11 16:18 1,413,632 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-03-10 13:56 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-03-10 13:56 1,402,880 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-03-10 13:50 1,131,520 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-03-08 08:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 07:16 738,304 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-03-08 07:16 4,250,112 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-03-08 07:14 4,249,600 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-03-07 08:07 --------- d-----w C:\Program Files\Java
2008-03-05 10:34 671,744 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-03-05 10:34 4,230,144 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-03-04 17:09 --------- d-----w C:\Program Files\FlashFXP
2008-03-04 12:21 282,112 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-03-04 10:21 1,227,776 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-03-01 11:27 --------- d-----w C:\Documents and Settings\Raza Abbas\Application Data\MegauploadToolbar
2008-02-29 10:44 4,218,368 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-02-29 10:44 300,544 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-02-29 08:50 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-02-29 08:49 570,880 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2008-02-29 08:49 4,217,856 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-02-27 09:54 4,183,040 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2008-02-27 09:54 2,630,144 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2008-02-24 14:59 4,178,944 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2008-02-21 15:09 --------- d-----w C:\Program Files\mIRC
2008-02-20 10:19 2,704,896 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2008-02-18 14:48 --------- d-----w C:\Program Files\Real
2008-02-18 14:48 --------- d-----w C:\Program Files\Common Files\Real
2008-02-18 14:47 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-16 10:21 4,137,472 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2008-02-13 17:09 --------- d-----w C:\Program Files\ffdshow
2008-02-10 13:01 4,070,912 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2008-02-08 09:46 --------- d-----w C:\Documents and Settings\Raza Abbas\Application Data\uTorrent
2008-02-08 09:12 --------- d-----w C:\Program Files\ESET
2008-02-07 09:23 4,058,112 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-02-07 09:23 323,072 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-02-05 15:20 507,392 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-02-05 15:20 4,054,016 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-02-03 12:23 --------- d-----w C:\Program Files\CCleaner
2008-02-03 09:39 812,544 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-02-02 16:04 --------- d-----w C:\Program Files\DC++
2008-02-02 08:46 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-01-31 09:59 4,001,280 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-01-30 10:33 3,999,232 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-01-29 09:14 1,139,200 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-01-27 12:01 3,994,112 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-01-27 10:19 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-01-27 10:19 3,993,600 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-01-27 10:07 3,993,088 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-01-27 10:07 2,467,328 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-01-27 09:15 3,993,088 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-01-24 16:06 --------- d-----w C:\Program Files\USB Disk Tool
2008-01-24 15:10 9,825,484 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-17 11:29 3,961,344 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-01-16 13:07 317,952 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-01-16 13:07 3,959,296 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-01-16 11:20 3,958,784 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-01-16 11:20 2,670,080 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-01-16 11:00 --------- d-----w C:\Program Files\ReflexiveArcade
2008-01-04 06:54 3,902,976 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-01-04 06:54 1,687,040 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-01-03 16:00 3,901,440 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2007-12-26 13:57 904,704 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2007-12-26 13:57 3,862,528 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2007-12-21 09:24 3,841,536 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2007-12-20 15:51 3,838,464 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2007-12-20 15:51 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2007-12-20 15:50 420,352 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2007-12-20 15:50 3,838,464 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2007-12-19 12:50 3,809,792 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2007-12-19 06:31 337,920 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2007-12-18 14:04 357,376 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2007-12-18 14:04 3,804,160 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2007-12-18 13:58 3,804,160 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2007-12-17 06:05 3,795,456 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2007-12-17 06:05 2,043,392 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2007-12-13 06:05 3,787,264 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2007-12-13 06:05 1,420,288 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-12-10 07:12 3,778,560 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2007-12-09 13:45 3,777,536 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-12-08 09:41 3,772,928 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-12-05 12:01 2,770,432 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-11-26 10:34 23,525,793 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_21_11_31_full.dmp.zip
2007-11-11 13:32 3,616,256 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-11-11 13:32 1,612,288 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-11-06 10:11 3,571,200 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-11-06 10:11 1,088,000 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-11-04 14:43 3,553,792 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-11-03 15:34 1,225,216 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2007-11-03 15:33 3,549,696 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-10-28 09:29 3,515,904 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2007-10-28 09:29 2,919,424 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-10-27 12:02 3,514,368 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-10-19 10:56 3,481,600 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-10-13 12:57 3,458,048 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-10-13 12:57 1,289,728 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-10-09 14:15 104,960 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-10-09 08:36 2,992,128 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
.

------- Sigcheck -------

2005-03-02 05:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 14:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 04:05 2067712 a00de33632e519f185dd8f52c2780630 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 05:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 13:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 13:38 2068480 bf7d3b9a67fdabb7ada4df7c0286b382 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 13:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 13:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 06:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 14:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 02:20 2191872 1ee735d90b7511f3ba8ead600df5ed18 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 05:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 14:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 14:10 2191232 cc208534f5463d154da324ae9eceac78 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 14:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 14:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 15:23 1423360 e4368d08c22012b357bef3ba239ac667 C:\WINDOWS\explorer.exe
2007-06-13 16:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 03:56 1422336 4b0011b8e35843966a3ce5685058420f C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{612f38d7-61eb-40a7-bb9d-0a2849e9ea35}]
2007-09-06 12:28 1453080 --a------ C:\Program Files\SlashMySearch.com\tbSlas.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{612F38D7-61EB-40A7-BB9D-0A2849E9EA35}"= "C:\Program Files\SlashMySearch.com\tbSlas.dll" [2007-09-06 12:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{612f38d7-61eb-40a7-bb9d-0a2849e9ea35}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{612F38D7-61EB-40A7-BB9D-0A2849E9EA35}"= C:\Program Files\SlashMySearch.com\tbSlas.dll [2007-09-06 12:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{612f38d7-61eb-40a7-bb9d-0a2849e9ea35}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-07-08 05:05 647168]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-13 18:02 2453551]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-14 15:39 949376]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 06:41 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="J:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
"LanguageShortcut"="J:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 12:56 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 15:39 919016]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 15:00 98304]
"USB Disk Tool"="C:\Program Files\USB Disk Tool\USNDISKT.EXE" [2003-04-02 17:33 122880]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 19:47 185896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-08 13:50:10 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-08 13:47:00 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
J:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-08-15 21:25 176128 J:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"K:\\Program Files\\Valve2\\Valve\\hl.exe"=
"J:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"K:\\Program Files\\Valve2\\Valve\\hlds.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"K:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S3 ddsxeiservice;ddsxeiservice;K:\Program Files\Valve2\Valve\cstrike\sXe Injected\ddsxei.sys [2007-08-12 04:05]
S3 USBSNXSTOR;Mass Storage driver ;C:\WINDOWS\system32\DRIVERS\Usbsnx2k.SYS [2003-04-15 09:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 15:43:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> J:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
-> C:\Program Files\ViStart\MainHook.Dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-03-14 15:51:44 - machine was rebooted [Raza Abbas]
ComboFix-quarantined-files.txt 2008-03-14 10:51:40
.
2008-02-13 17:48:19 --- E O F ---

Edited by pythonet, 14 March 2008 - 06:41 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 AM

Posted 01 April 2008 - 01:51 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them or include them codeboxes going forward.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. It is also possible that you may need to disable your Antivirus or Antimalware programs before this program can run properly A guide on how to temporarily disable many of the common protections programs can be found here.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users