Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

web browsers crashing


  • This topic is locked This topic is locked
1 reply to this topic

#1 shades of eternity

shades of eternity

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 December 2008 - 08:35 AM

basically as of early last week, both opera and foxfire have become rather unstable and now ie won't open.

I think I got a virus

here's what I've done so far.

1. reinstalled foxfire and/or opera - no change.
2. ran avg antiivirus - caused program to go through, but tried to reinstall it and now it won't reinstall.
3. ran autorun and went looking for files that shouldn't be there...didn't see any.
4. ran combofix. here is the log.

ComboFix 08-12-06.06 - chris 2008-12-07 6:24:41.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.101 [GMT -7:00]
Running from: c:\documents and settings\chris\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 08:25 . 2008-12-06 08:25 <DIR> d--hs---- C:\FOUND.006
2008-12-06 08:17 . 2008-12-06 08:17 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-06 08:17 . 2008-12-06 08:17 <DIR> d---s---- c:\documents and settings\chris\UserData
2008-12-06 05:37 . 2008-12-06 05:37 <DIR> d--hs---- C:\FOUND.005
2008-12-06 04:54 . 2008-12-06 04:54 <DIR> d-------- C:\bookmarks
2008-12-05 22:39 . 2008-12-05 22:39 <DIR> d-------- c:\documents and settings\Administrator
2008-12-05 18:44 . 2005-11-09 00:26 38,400 --a------ c:\windows\SYSTEM32\moveex.exe
2008-12-05 05:47 . 2008-12-05 05:47 <DIR> d--hs---- C:\FOUND.004
2008-12-05 05:36 . 2008-12-05 05:36 <DIR> d-------- C:\be1eeddef6643bb26b301d382d821d
2008-12-04 20:22 . 2008-12-04 20:22 <DIR> d-------- c:\program files\BitLord2
2008-12-04 20:13 . 2008-04-14 00:15 10,368 --a------ c:\windows\SYSTEM32\DRIVERS\hidusb.sys
2008-12-04 20:13 . 2008-04-14 00:15 10,368 --a------ c:\windows\SYSTEM32\dllcache\hidusb.sys
2008-12-04 20:12 . 2008-12-04 20:12 <DIR> d--hs---- C:\FOUND.003
2008-12-04 18:55 . 2008-12-04 18:55 <DIR> d--hs---- C:\FOUND.002
2008-12-03 20:23 . 2008-12-03 20:23 <DIR> d--hs---- C:\FOUND.001
2008-12-03 19:25 . 2008-12-03 19:25 <DIR> d--hs---- C:\FOUND.000
2008-11-30 22:34 . 2008-11-30 22:34 <DIR> d-------- C:\NA DR 2nd revisions(2)
2008-11-19 18:32 . 2008-11-19 18:32 <DIR> d-------- c:\program files\Fortinet
2008-11-18 05:24 . 2008-11-18 05:24 22 --a------ c:\windows\SYSTEM32\ati64hlp.stb
2008-11-17 23:23 . 2008-11-19 21:59 151 --a------ c:\windows\PhotoSnapViewer.INI
2008-11-16 19:54 . 2008-10-23 13:32 <DIR> d-------- C:\Neo Geo WinKawaks
2008-11-15 23:08 . 2008-11-15 23:08 <DIR> d-------- c:\windows\Sun
2008-11-14 12:03 . 2008-11-14 12:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-12 18:34 . 2008-09-04 10:15 1,106,944 --------- c:\windows\SYSTEM32\dllcache\msxml3.dll
2008-11-12 18:34 . 2008-10-24 04:21 455,296 --------- c:\windows\SYSTEM32\dllcache\mrxsmb.sys
2008-11-11 18:50 . 2008-11-11 18:50 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-11 18:43 . 2008-11-11 18:43 <DIR> d-------- c:\program files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 01:31 22,176 ----a-w c:\windows\system32\drivers\fortidrv.sys
2008-11-20 01:31 14,496 ----a-w c:\windows\system32\drivers\ftvnic.sys
2008-11-01 05:20 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-28 05:32 --------- d-----w c:\documents and settings\chris\Application Data\U3
2008-10-28 02:12 --------- d-----w c:\documents and settings\chris\Application Data\acccore
2008-10-28 02:11 --------- d-----w c:\program files\Viewpoint
2008-10-28 02:11 --------- d-----w c:\program files\Common Files\AOL
2008-10-28 02:11 --------- d-----w c:\program files\AIM6
2008-10-28 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-28 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-10-28 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-28 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-10-25 18:48 410,976 ----a-w c:\windows\SYSTEM32\deploytk.dll
2008-10-25 18:48 --------- d-----w c:\program files\Sun
2008-10-25 18:48 --------- d-----w c:\program files\Java
2008-10-25 02:43 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 07:58 --------- d-----w c:\documents and settings\chris\Application Data\Microsoft Web Folders
2008-10-24 07:32 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-24 07:10 --------- d-----w c:\program files\Winamp
2008-10-24 07:06 --------- d-----w c:\program files\VideoLAN
2008-10-24 07:06 --------- d-----w c:\documents and settings\chris\Application Data\vlc
2008-10-24 07:02 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-24 07:02 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-24 07:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 07:00 --------- d-----w c:\program files\xnews
2008-10-24 06:58 --------- d-----w c:\program files\Ultra WMV Converter
2008-10-24 06:58 --------- d-----w c:\program files\AVI MPEG RM WMV Joiner
2008-10-24 06:53 --------- d-----w c:\program files\Opera
2008-10-24 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-24 06:49 --------- d-----w c:\program files\VIA
2008-10-24 06:47 --------- d-----w c:\program files\C-Media 3D Audio
2008-10-24 06:42 --------- d-----w c:\program files\Nero
2008-10-24 06:42 --------- d-----w c:\program files\Common Files\Ahead
2008-10-24 06:42 --------- d-----w c:\documents and settings\chris\Application Data\Ahead
2008-10-24 06:41 --------- d-----w c:\program files\Yahoo!
2008-10-24 06:37 --------- d-----w c:\program files\ACD Systems
2008-10-24 06:35 --------- d-----w c:\program files\Corel
2008-10-24 06:35 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 06:34 --------- d-----w c:\documents and settings\chris\Application Data\Share-to-Web Upload Folder
2008-10-24 06:33 --------- d-----w c:\program files\Hewlett-Packard
2008-10-24 06:33 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-10-24 06:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 06:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 06:25 --------- d-----w c:\program files\ATI Technologies
2008-10-24 06:13 152,576 ----a-w c:\windows\SYSTEM32\migicons.exe
2008-10-24 06:13 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 05:46 --------- d-----w c:\program files\DirectX
2008-10-24 05:45 93,271 ----a-w c:\windows\JAVA\Packages\M0H397FT.ZIP
2008-10-24 05:45 558,142 ----a-w c:\windows\JAVA\Packages\IHNBRNTB.ZIP
2008-10-24 05:45 266 --sh--w c:\program files\desktop.ini
2008-10-24 05:45 156,441 ----a-w c:\windows\JAVA\Packages\0O939FJR.ZIP
2008-10-24 05:45 11,079 ---h--w c:\program files\folder.htt
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\SYSTEM32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\SYSTEM32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\SYSTEM32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\SYSTEM32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\SYSTEM32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\SYSTEM32\dllcache\wups.dll
2008-10-15 17:34 337,408 ------w c:\windows\SYSTEM32\dllcache\netapi32.dll
2008-09-15 13:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 13:12 1,846,400 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 ------w c:\windows\SYSTEM32\dllcache\srv.sys
2003-08-27 18:49 3,424 ----a-w c:\windows\inf\OTHER\cmiainfo.sys
2008-04-14 12:42 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
2008-04-14 12:42 84,992 --sha-w c:\windows\SYSTEM32\olepro32.dll
2008-04-14 12:42 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll
2008-04-14 12:42 551,936 --sh--w c:\windows\SYSTEM32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 05:42 8461312 --a------ c:\windows\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2008-10-23 565248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FA_Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=

R1 FortiShield;Fortinet Fortishield;\??\c:\windows\system32\drivers\fortishield.sys [2008-08-07 26144]
R2 Fortips;Fortips;\??\c:\windows\system32\drivers\fortips.sys [2008-08-07 97824]
R2 FortiRdr;FortiRdr;\??\c:\windows\system32\drivers\FortiRdr.sys [2008-08-07 18592]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-27 24652]
R3 Fortidrv2;FortiNet Fortidrv Service;c:\windows\system32\DRIVERS\fortidrv.sys [2008-08-07 22176]
R3 stihp2k;stihp2k;c:\windows\system32\DRIVERS\stihp2k.sys [2001-05-04 95902]
S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [2008-08-07 14496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49c29c01-a4a6-11dd-818f-000b6a971447}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SYSTEM\blank.htm
mStart Page = about:blank

O16 -: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
c:\windows\Downloaded Program Files\Internet Explorer Classes for Java.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\adsdsntw.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 06:25:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-07 6:26:11
ComboFix2.txt 2008-12-06 01:44:06
ComboFix-quarantined-files.txt 2008-12-07 13:26:10

Pre-Run: 435,255,771,136 bytes free
Post-Run: 435,269,173,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

217 --- E O F --- 2008-11-20 01:56:18

open to suggestions at this point.

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:41 AM

Posted 07 December 2008 - 10:27 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users