Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Crashes On Loging In... So I Used Combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 alien dorz

alien dorz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2008 - 01:39 PM

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\win22dcd201121.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 21:47 . 2008-03-21 21:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-21 21:47 . 2008-03-21 21:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-20 22:31 . 2008-03-21 10:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-20 16:04 . 2008-03-10 12:32 103,516 -r-hs---- C:\b.com
2008-03-20 16:04 . 2008-03-21 23:22 515 -r-hs---- C:\autorun.inf
2008-03-12 13:08 . 2008-03-12 13:11 <DIR> d-------- C:\Program Files\Winamp
2008-03-12 13:08 . 2008-03-18 23:04 <DIR> d-------- C:\Documents and Settings\User\Application Data\Winamp
2008-03-10 00:37 . 2008-03-10 00:37 <DIR> d-------- C:\Program Files\Magicbit
2008-03-07 20:29 . 2008-03-07 20:29 0 --a------ C:\WINDOWS\PowerReg.dat
2008-03-07 20:26 . 2001-09-06 18:51 4,448 --a------ C:\WINDOWS\system32\drivers\Devx.sys
2008-03-07 20:26 . 2001-10-10 20:40 3,328 --a------ C:\WINDOWS\system32\drivers\VtPr.sys
2008-02-28 21:50 . 2008-02-28 21:50 <DIR> d-------- C:\Program Files\Ligos
2008-02-28 21:50 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-02-28 21:50 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-02-28 21:46 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-28 21:43 . 2008-02-28 21:43 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-02-28 04:48 . 2008-02-28 04:48 <DIR> d-------- C:\Program Files\abrViewer.NET
2008-02-23 17:13 . 2008-02-23 17:14 <DIR> d-------- C:\Program Files\SWiSHmax
2008-02-23 17:13 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 14:40 --------- d-----w C:\Program Files\Yahoo!
2008-03-20 19:04 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-03-20 17:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 05:36 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-03-03 08:23 --------- d-----w C:\Program Files\FlashGet
2008-03-03 07:39 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-25 19:28 --------- d-----w C:\Program Files\LimeWire
2008-02-17 08:29 --------- d-----w C:\Program Files\DivX
2008-02-06 21:03 --------- d-----w C:\Program Files\Recuva
2008-02-06 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-02-05 11:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 11:05 --------- d-----w C:\Program Files\Ulead Systems
2008-02-05 11:05 --------- d-----w C:\Documents and Settings\User\Application Data\Ulead Systems
2008-02-05 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-03 21:31 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-02-03 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-03 19:57 --------- d-----w C:\Program Files\Replay Music 2
2008-02-03 19:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-03 19:55 --------- d-----w C:\Program Files\Replay Music
2008-02-02 19:39 --------- d-----w C:\Program Files\uTorrent
2008-02-01 20:12 --------- d-----w C:\Program Files\Moyea
2008-01-31 15:46 --------- d-----w C:\Program Files\AlienGUIse
2008-01-23 16:59 --------- d-----w C:\Program Files\Eidos
2008-01-23 13:02 --------- d-----w C:\Program Files\Commandos II
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05 212992]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49 1121280]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-17 23:54 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-03-07 20:29:31 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=C:\WINDOWS\pss\Alienware Dock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--------- 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 16:13 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2006-10-05 18:43 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2006-10-05 18:41 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2006-10-05 18:40 94208 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-04-10 12:58 16126464 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2007-04-04 14:52 1822720 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-17 23:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=

R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 18:51]
R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-10 20:40]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 08:14]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da0ebb5-d15e-11dc-996a-001bfcc9dd9f}]
\Shell\AutoRun\command - xn1i9x.com
\Shell\explore\Command - xn1i9x.com
\Shell\open\Command - xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd86a4bc-c402-11dc-8fa3-001bfcc9dd9f}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd86a4bd-c402-11dc-8fa3-001bfcc9dd9f}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 23:26:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-03-21 23:29:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 17:59:34

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:09:59 AM

Posted 21 March 2008 - 10:13 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users