Jump to content

MalwareBytes Crashes 3 min into scan


Recommended Posts

Hi

I became infected with some malware recently. After some research I believe I managed to remove a chuck of it but I think some of it still remains. I believe its still there because MalwareBytes crashes 3 mins or so after i start a quick scan and i believe the malware is responsible for the crash. I went to the Procedures to help resolve issues preventing MBAM from running thread and I looked for possible solutions there but I couldn't really do much with what was there(I posted the ROOTREPEAL results below) . I also ran ComboFix and SUPERAntiSpyware both of which seemed to find an fix a couple things.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:25:16 AM, on 9/13/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\PADManager2\RSDBServer.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\Program Files\AIM Lite\aimlite.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Remind Mi Calendar\RemindMiCalendar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Documents and Settings\User\Desktop\RootRepeal.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: CToolsMenu Object - {512573A8-5BF7-4464-998E-3D794AF8FEC0} - C:\Program Files\BonfireSoft\SniperFoxPro\SniperFoxCom.dll (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [GEST] m?e|u

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [RemindMiCalendar] C:\Program Files\Remind Mi Calendar\RemindMiCalendar.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CALoadService - Advanced Micro Devices - C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: RoboSoft/PADManager Database Server (RSDBServerService) - Unknown owner - C:\Program Files\PADManager2\RSDBServer.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--

End of file - 10297 bytes

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/13 11:24

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: C:\WINDOWS\temp\ib1.tmp

Status: Locked to the Windows API!

Path: C:\WINDOWS\temp\ib2.tmp

Status: Locked to the Windows API!

Path: C:\WINDOWS\temp\ib3.tmp

Status: Locked to the Windows API!

Path: C:\WINDOWS\temp\ib4.tmp

Status: Locked to the Windows API!

Path: C:\WINDOWS\temp\ib5.tmp

Status: Locked to the Windows API!

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_437.trc

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\user\local settings\application data\thunderbird\profiles\p747qwbt.default\cache\_cache_003_

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\2DF FreePlay Client.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\Damdai.Forms.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\Damdai.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\ICSharpCode.SharpZipLib.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\TelerikCommon.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\Telerik.WinControls.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\User\Local Settings\Apps\2.0\BZ9ZGRYB.YKT\MWTOCKDQ.PON\manifests\Telerik.WinControls.UI.manifest

Status: Locked to the Windows API!

Link to post
Share on other sites

  • Root Admin

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Here is the log for ComboFix

ComboFix 10-09-14.04 - User 5/2010 Wed 11:19:13.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.3070.2232 [GMT -4:00]

Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))

.

2010-09-13 11:45 . 2010-09-13 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-09-13 10:18 . 2010-09-13 10:18 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2010-09-13 10:18 . 2010-09-13 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-13 10:18 . 2010-09-15 15:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-13 01:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-13 01:50 . 2010-09-13 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-13 01:50 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-10 06:27 . 2010-09-13 10:39 0 ----a-w- c:\windows\Otowafah.bin

2010-09-10 06:27 . 2010-09-13 02:34 120 ----a-w- c:\windows\Wduvagayusaq.dat

2010-09-07 01:03 . 2010-08-18 18:18 98304 ----a-w- c:\windows\system32\DVM.dll

2010-09-07 01:03 . 2010-08-18 18:17 53248 ----a-w- c:\windows\system32\RegisterExe.exe

2010-09-07 01:03 . 2010-07-08 14:41 806912 ----a-w- c:\windows\system32\C-XLS.dll

2010-09-07 01:03 . 2010-09-07 01:03 -------- d-----w- c:\windows\system32\Resource

2010-09-07 01:03 . 2010-09-07 01:03 -------- d-----w- c:\program files\Softinterface, Inc

2010-09-07 01:03 . 2010-08-18 18:16 131072 ----a-w- c:\windows\system32\CSVSpecialProcessing.dll

2010-09-07 01:03 . 2010-07-31 14:10 221184 ----a-w- c:\windows\system32\SII_PDF.dll

2010-09-07 01:03 . 2005-06-16 16:18 1409024 ----a-w- c:\windows\system32\Drake.dll

2010-09-07 01:03 . 2005-06-15 17:59 225280 ----a-w- c:\windows\system32\DrakeCom.dll

2010-09-06 23:33 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-09-06 23:33 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll

2010-09-06 23:33 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-09-06 23:32 . 2010-09-06 23:55 -------- d-----w- c:\program files\LabyDemoV1P00B1

2010-09-06 09:17 . 2010-09-06 09:18 -------- d-----w- c:\documents and settings\User\Application Data\Meebo

2010-09-06 09:17 . 2010-09-06 09:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Meebo

2010-08-31 19:31 . 2010-09-01 20:47 -------- d-----w- c:\program files\Purify Puzzle

2010-08-29 09:18 . 2010-08-29 09:18 -------- d-----w- c:\program files\Xvid

2010-08-29 09:18 . 2009-06-07 20:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-08-29 09:18 . 2009-06-07 20:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-08-26 17:17 . 2010-08-26 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon

2010-08-24 13:12 . 2010-08-24 13:12 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP

2010-08-24 13:12 . 2010-08-24 13:12 -------- d-----w- c:\program files\SmartFTP Client

2010-08-24 13:11 . 2010-08-24 13:11 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files

2010-08-24 12:38 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-08-24 12:38 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-08-23 17:06 . 2010-08-23 17:06 -------- d-----w- c:\documents and settings\User\Application Data\ProgSense

2010-08-23 17:05 . 2010-08-23 17:05 -------- d-----w- c:\documents and settings\User\Application Data\GrabPro

2010-08-23 17:05 . 2010-08-24 02:59 -------- d-----w- c:\documents and settings\User\Application Data\Orbit

2010-08-23 06:54 . 2010-08-23 06:54 -------- d-----w- c:\documents and settings\User\Application Data\Apowersoft

2010-08-23 06:53 . 2010-08-23 06:53 -------- d-----w- c:\program files\Apowersoft

2010-08-20 23:02 . 2010-08-20 23:02 -------- d-----w- c:\program files\iPod

2010-08-20 23:02 . 2010-08-20 23:03 -------- d-----w- c:\program files\iTunes

2010-08-20 23:02 . 2010-08-20 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-20 22:58 . 2010-08-20 22:59 -------- d-----w- c:\program files\QuickTime

2010-08-20 22:57 . 2010-08-20 22:57 -------- d-----w- c:\program files\Apple Software Update

2010-08-19 06:04 . 2010-08-19 06:04 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\HandBrake

2010-08-19 06:04 . 2010-08-19 06:04 -------- d-----w- c:\documents and settings\User\Application Data\HandBrake

2010-08-19 06:04 . 2010-08-19 06:04 -------- d-----w- c:\program files\Handbrake

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 15:36 . 2010-06-27 14:10 -------- d-----w- c:\documents and settings\User\Application Data\Skype

2010-09-15 15:33 . 2009-02-07 03:41 -------- d-----w- c:\documents and settings\User\Application Data\WTablet

2010-09-15 15:07 . 2010-06-27 14:11 -------- d-----w- c:\documents and settings\User\Application Data\skypePM

2010-09-15 15:00 . 2009-11-11 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboSoft

2010-09-15 10:20 . 2009-08-19 21:54 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-09-14 10:01 . 2009-03-22 13:08 -------- d-----w- c:\documents and settings\User\Application Data\VisualAssist

2010-09-13 12:57 . 2009-05-06 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2010-09-13 12:38 . 2009-03-22 13:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-13 11:48 . 2010-09-13 11:47 498822 ----a-w- c:\windows\system32\drivers\Cat.DB

2010-09-10 19:54 . 2009-09-27 06:02 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-09-03 07:03 . 2009-11-24 17:24 -------- d-----w- c:\program files\Remind Mi Calendar

2010-09-01 20:38 . 2009-01-04 03:15 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-01 20:38 . 2009-01-04 03:15 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-08-29 04:44 . 2009-08-19 21:54 -------- d-----w- c:\program files\uTorrent

2010-08-24 00:08 . 2010-06-01 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-22 02:24 . 2009-09-27 06:02 -------- d-----w- c:\documents and settings\User\Application Data\Thunderbird

2010-08-20 23:02 . 2009-12-31 00:03 -------- d-----w- c:\program files\Common Files\Apple

2010-08-20 22:54 . 2009-10-27 16:40 -------- d-----w- c:\program files\Bonjour

2010-08-18 21:31 . 2009-12-31 00:07 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer

2010-08-18 21:17 . 2009-12-31 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-14 23:18 . 2010-06-30 00:05 -------- d-----w- c:\program files\Steam Demons

2010-08-14 23:18 . 2010-07-30 21:19 -------- d-----w- c:\program files\Blitz 1UP

2010-08-05 18:31 . 2009-11-15 23:08 -------- d-----w- c:\program files\BayGenie

2010-08-02 19:29 . 2010-05-08 20:02 -------- d-----w- c:\program files\Chameleon Clock

2010-07-27 10:27 . 2010-07-27 10:27 3456 ----a-w- C:\bblog20100727062705.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062415.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062410.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062407.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062403.dat

2010-07-27 10:23 . 2010-07-27 10:23 3456 ----a-w- C:\bblog20100727062351.dat

2010-07-27 10:23 . 2010-07-27 10:23 3456 ----a-w- C:\bblog20100727062348.dat

2010-07-27 10:23 . 2010-07-27 10:23 3456 ----a-w- C:\bblog20100727062316.dat

2010-07-22 22:14 . 2010-07-22 22:14 -------- d-----w- c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers

2010-07-22 22:14 . 2010-02-12 23:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-07-20 22:09 . 2010-07-20 22:09 -------- d-----w- c:\documents and settings\User\Application Data\Pdfsvg

2010-07-20 22:09 . 2010-07-20 22:09 -------- d-----w- c:\program files\PDFsvg

2010-06-27 14:11 . 2010-06-27 14:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-06-19 17:52 . 2008-06-09 02:26 79912 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]

"RemindMiCalendar"="c:\program files\Remind Mi Calendar\RemindMiCalendar.exe" [2009-11-24 176128]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"Meebo Notifier"="c:\documents and settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-15 2424560]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="m

Link to post
Share on other sites

Sorry to taking so long to post. I did the steps and MalwareBytes still crashes.

It seems to crash on a file that starts with ipxprom.

ComboFix 10-09-19.01 - User 9/2010 Sun 19:41:44.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.3070.2342 [GMT -4:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFscript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\ivuvacas.dll

c:\windows\odhter.dll

.

((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))

.

2010-09-18 08:47 . 2010-09-19 23:16 -------- d-----w- c:\documents and settings\User\.gigaflat

2010-09-18 08:47 . 2010-09-18 08:47 -------- d-----w- c:\program files\Gigaflat

2010-09-18 05:37 . 2010-09-18 05:37 -------- d-----w- c:\program files\115

2010-09-17 22:48 . 2010-09-17 23:37 -------- d-----w- c:\program files\Purify Puzzle

2010-09-17 07:36 . 2010-09-17 07:36 -------- d-----w- c:\program files\FlashFXP

2010-09-17 07:36 . 2010-09-17 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\FlashFXP

2010-09-17 07:27 . 2010-09-17 07:29 -------- d-----w- c:\documents and settings\User\Application Data\FileZilla

2010-09-17 07:26 . 2010-09-17 07:26 -------- d-----w- c:\program files\FileZilla FTP Client

2010-09-16 09:35 . 2010-09-16 09:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\{045F9EE7-889E-4DEB-9D24-E338D2EFCD99}

2010-09-16 09:33 . 2010-09-17 15:00 -------- d-----w- c:\windows\system32\msapps

2010-09-16 04:12 . 2010-09-16 04:12 -------- d-----w- c:\documents and settings\User\Application Data\Xbins

2010-09-13 11:45 . 2010-09-13 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-09-13 10:18 . 2010-09-13 10:18 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2010-09-13 10:18 . 2010-09-13 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-13 10:18 . 2010-09-15 15:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-13 02:40 . 2010-09-13 02:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-13 01:51 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-13 01:50 . 2010-09-13 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-13 01:50 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-10 06:27 . 2010-09-19 22:01 120 ----a-w- c:\windows\Wduvagayusaq.dat

2010-09-10 06:27 . 2010-09-19 08:08 0 ----a-w- c:\windows\Otowafah.bin

2010-09-07 01:03 . 2010-08-18 18:18 98304 ----a-w- c:\windows\system32\DVM.dll

2010-09-07 01:03 . 2010-08-18 18:17 53248 ----a-w- c:\windows\system32\RegisterExe.exe

2010-09-07 01:03 . 2010-07-08 14:41 806912 ----a-w- c:\windows\system32\C-XLS.dll

2010-09-07 01:03 . 2010-09-07 01:03 -------- d-----w- c:\windows\system32\Resource

2010-09-07 01:03 . 2010-09-07 01:03 -------- d-----w- c:\program files\Softinterface, Inc

2010-09-07 01:03 . 2010-08-18 18:16 131072 ----a-w- c:\windows\system32\CSVSpecialProcessing.dll

2010-09-07 01:03 . 2010-07-31 14:10 221184 ----a-w- c:\windows\system32\SII_PDF.dll

2010-09-07 01:03 . 2005-06-16 16:18 1409024 ----a-w- c:\windows\system32\Drake.dll

2010-09-07 01:03 . 2005-06-15 17:59 225280 ----a-w- c:\windows\system32\DrakeCom.dll

2010-09-06 23:33 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-09-06 23:33 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll

2010-09-06 23:33 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-09-06 23:33 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-09-06 23:32 . 2010-09-06 23:55 -------- d-----w- c:\program files\LabyDemoV1P00B1

2010-09-06 09:17 . 2010-09-06 09:18 -------- d-----w- c:\documents and settings\User\Application Data\Meebo

2010-09-06 09:17 . 2010-09-06 09:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Meebo

2010-08-29 09:18 . 2010-08-29 09:18 -------- d-----w- c:\program files\Xvid

2010-08-29 09:18 . 2009-06-07 20:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-08-29 09:18 . 2009-06-07 20:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-08-26 17:17 . 2010-08-26 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon

2010-08-24 13:12 . 2010-08-24 13:12 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP

2010-08-24 13:12 . 2010-08-24 13:12 -------- d-----w- c:\program files\SmartFTP Client

2010-08-24 13:11 . 2010-08-24 13:11 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files

2010-08-24 12:38 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-08-24 12:38 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-08-23 17:06 . 2010-08-23 17:06 -------- d-----w- c:\documents and settings\User\Application Data\ProgSense

2010-08-23 17:05 . 2010-08-23 17:05 -------- d-----w- c:\documents and settings\User\Application Data\GrabPro

2010-08-23 17:05 . 2010-08-24 02:59 -------- d-----w- c:\documents and settings\User\Application Data\Orbit

2010-08-23 06:54 . 2010-08-23 06:54 -------- d-----w- c:\documents and settings\User\Application Data\Apowersoft

2010-08-23 06:53 . 2010-08-23 06:53 -------- d-----w- c:\program files\Apowersoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-19 23:58 . 2010-06-27 14:10 -------- d-----w- c:\documents and settings\User\Application Data\Skype

2010-09-19 23:55 . 2009-02-07 03:41 -------- d-----w- c:\documents and settings\User\Application Data\WTablet

2010-09-19 23:09 . 2010-06-27 14:11 -------- d-----w- c:\documents and settings\User\Application Data\skypePM

2010-09-19 08:38 . 2009-11-11 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboSoft

2010-09-19 06:54 . 2009-08-19 21:54 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-09-17 22:48 . 2009-01-04 03:15 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-17 22:48 . 2009-01-04 03:15 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-17 17:07 . 2009-03-22 13:08 -------- d-----w- c:\documents and settings\User\Application Data\VisualAssist

2010-09-17 13:49 . 2009-09-27 06:02 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-09-13 12:57 . 2009-05-06 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2010-09-13 12:38 . 2009-03-22 13:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-13 11:48 . 2010-09-13 11:47 498822 ----a-w- c:\windows\system32\drivers\Cat.DB

2010-09-03 07:03 . 2009-11-24 17:24 -------- d-----w- c:\program files\Remind Mi Calendar

2010-08-29 04:44 . 2009-08-19 21:54 -------- d-----w- c:\program files\uTorrent

2010-08-24 00:08 . 2010-06-01 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-22 02:24 . 2009-09-27 06:02 -------- d-----w- c:\documents and settings\User\Application Data\Thunderbird

2010-08-20 23:03 . 2010-08-20 23:02 -------- d-----w- c:\program files\iTunes

2010-08-20 23:03 . 2010-08-20 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-20 23:02 . 2010-08-20 23:02 -------- d-----w- c:\program files\iPod

2010-08-20 23:02 . 2009-12-31 00:03 -------- d-----w- c:\program files\Common Files\Apple

2010-08-20 22:59 . 2010-08-20 22:58 -------- d-----w- c:\program files\QuickTime

2010-08-20 22:57 . 2010-08-20 22:57 -------- d-----w- c:\program files\Apple Software Update

2010-08-20 22:54 . 2009-10-27 16:40 -------- d-----w- c:\program files\Bonjour

2010-08-19 06:04 . 2010-08-19 06:04 -------- d-----w- c:\documents and settings\User\Application Data\HandBrake

2010-08-19 06:04 . 2010-08-19 06:04 -------- d-----w- c:\program files\Handbrake

2010-08-18 21:31 . 2009-12-31 00:07 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer

2010-08-18 21:17 . 2009-12-31 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-14 23:18 . 2010-06-30 00:05 -------- d-----w- c:\program files\Steam Demons

2010-08-14 23:18 . 2010-07-30 21:19 -------- d-----w- c:\program files\Blitz 1UP

2010-08-05 18:31 . 2009-11-15 23:08 -------- d-----w- c:\program files\BayGenie

2010-08-02 19:29 . 2010-05-08 20:02 -------- d-----w- c:\program files\Chameleon Clock

2010-07-27 10:27 . 2010-07-27 10:27 3456 ----a-w- C:\bblog20100727062705.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062415.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062410.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062407.dat

2010-07-27 10:24 . 2010-07-27 10:24 3456 ----a-w- C:\bblog20100727062403.dat

2010-07-27 10:23 . 2010-07-27 10:23 3456 ----a-w- C:\bblog20100727062351.dat

2010-07-27 10:23 . 2010-07-27 10:23 3456 ----a-w- C:\bblog20100727062348.dat

2010-07-27 10:23 . 2010-07-27 10:23 3456 ----a-w- C:\bblog20100727062316.dat

2010-07-22 22:14 . 2010-07-22 22:14 -------- d-----w- c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers

2010-07-22 22:14 . 2010-02-12 23:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-06-27 14:11 . 2010-06-27 14:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]

"RemindMiCalendar"="c:\program files\Remind Mi Calendar\RemindMiCalendar.exe" [2009-11-24 176128]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"Meebo Notifier"="c:\documents and settings\User\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-15 2424560]

"UDown"="c:\program files\115\UDown\UDown.exe" [2010-09-17 2976736]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="m

Link to post
Share on other sites

  • Root Admin

STEP 01

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

http://forums.malwarebytes.org/index.php?showtopic=62603&view=findpost&p=313210

Collect::

c:\windows\ivuvacas.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"=-

"Jsezegop"=-

DDS::

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local;<local>

RegLock::

[HKEY_USERS\S-1-5-21-1004336348-1958367476-839522115-1003\Software\Microsoft\Internet Explorer]

RegNull::

[HKEY_USERS\S-1-5-21-1004336348-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CROSSNET\?0?0?0 *?0?0?0

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.