Topic:Solved: IE6 crashes when buttons are pressed Remainpoint:0
   
PostTime:12/16/2008 6:22:17 AM FloorTop
Lv is 1
Avatar
Level:
1
Professional point:
61
Experience:
1
Thread:
293
Post:
955
Total online time:
1M
Joined date:
4/28/2007 11:12:00 PM
Last Visit:
12/16/2008 11:25:56 PM
Status:
Offline
when I press some push buttons on sites (like the "send" or "discard" buttons in my account on gmail.com, or some buttons on my bank accout in my bank site) my IE crashes (pictures attached).

Anyone knows what can be the cause?
 
     
   
Gender PostTime:12/16/2008 7:09:48 AM Point:0 | Floor# 1
Lv is 1
portrait
Level:
1
Professional point:
66
Experience:
1
Thread:
278
Post:
1007
Total online time:
1M
Joined date:
4/28/2007 11:31:00 PM
Last Visit:
12/16/2008 11:35:07 PM
Status:
Online
********************************* ROOTCHK-(25-04-07)-LOG, by ejvindh
Mon 04/30/2007 5:32:53.96

Driver nm (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 05:32:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5CWBP5ST\eventreport[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AR0F6TW3\loadad[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AR0F6TW3\loadad[3].htm

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
 
     
   
Gender PostTime:12/16/2008 9:27:11 AM Point:0 | Floor# 2
Lv is 1
portrait
Level:
1
Professional point:
5
Experience:
19
Thread:
290
Post:
993
Total online time:
19M
Joined date:
4/28/2007 11:08:00 PM
Last Visit:
12/17/2008 12:44:18 AM
Status:
Offline
BTW, I still got the same problems...

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-03 05:51:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\System32\DRIVERS\update.sys

---- Threads - GMER 1.0.12 ----

Thread 4:116 81A988E0
Thread 4:120 81A988E0
Thread 4:124 81A708D0
Thread 4:128 81A708D0
Thread 4:132 81A708D0
Thread 4:392 81A988E0
Thread 4:600 81A988E0
---- Processes - GMER 1.0.12 ----

Library c:\program (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3040] 0x01020000

---- EOF - GMER 1.0.12 ----
 
     
   
Gender PostTime:12/16/2008 10:43:45 AM Point:0 | Floor# 3
Lv is 1
portrait
Level:
1
Professional point:
62
Experience:
12
Thread:
287
Post:
938
Total online time:
12M
Joined date:
4/29/2007 2:35:00 AM
Last Visit:
12/17/2008 12:42:43 AM
Status:
Offline
"Administrator" - 07-04-30 19:30:36 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Administrator\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\download plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.inf
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt
C:\Program Files\install.log
C:\Program Files\download plugin
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon
C:\Program Files\Common Files\{2CE8A~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-27 10:21 <DIR> d-------- C:\Program Files\EZShift
2007-04-09 18:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-09 11:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-04-09 11:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-09 11:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-09 11:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-09 11:12 123,972 --a------ C:\WINDOWS\system32\nmahqsfa.dll
2007-04-07 20:06 465,693 ---hs---- C:\WINDOWS\system32\gjkkj.ini2
2007-04-07 19:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-04-07 19:43 4,422,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-07 19:43 107,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-07 19:39 <DIR> d-------- C:\WINDOWS\system32\bak
2007-04-07 19:24 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-07 17:00 0 --a------ C:\AUTOEXEC.BAT
2007-04-07 16:58 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-07 16:58 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-07 16:58 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-07 16:58 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-07 16:58 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-07 16:58 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-07 16:58 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-07 16:58 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-07 16:58 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-07 16:58 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-07 16:58 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-07 16:58 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-07 16:58 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-07 16:58 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-07 16:58 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-07 16:58 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-07 16:58 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-07 16:58 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-07 16:58 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-07 16:58 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-07 16:58 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-07 16:58 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-07 16:58 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-07 16:58 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-07 16:58 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-07 16:58 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-07 16:58 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-07 16:56 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-07 16:56 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-07 16:56 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-07 16:56 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-07 16:56 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-07 16:56 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-07 16:56 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-07 16:56 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-07 16:56 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-07 16:56 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-07 16:56 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-07 16:56 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-07 16:56 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-07 16:56 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-07 16:56 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-07 16:56 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-07 16:56 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-07 16:56 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-07 16:56 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-07 16:56 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-07 16:56 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-07 16:56 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-07 16:56 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-07 16:56 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-07 16:56 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-07 16:56 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-07 16:56 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-07 16:56 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-07 16:56 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-07 16:56 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-07 16:56 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-07 16:56 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-07 16:56 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-07 16:56 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-07 16:56 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-07 16:56 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-07 16:56 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-07 16:56 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-07 16:56 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-07 16:56 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-07 16:56 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-07 16:56 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-07 16:56 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-07 16:56 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-07 16:56 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-07 16:56 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-07 16:56 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-07 16:56 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-07 16:56 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-07 16:44 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-07 16:44 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-07 15:53 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-07 15:29 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-04-07 15:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-07 15:28 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-07 15:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-07 15:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-07 15:24 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-07 15:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-07 15:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-07 15:24 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-07 10:35 461,574 ---hs---- C:\WINDOWS\system32\gjkkj.bak2
2007-04-06 16:43 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-04-06 16:39 <DIR> d-------- C:\KAV
2007-04-06 12:22 460,404 ---hs---- C:\WINDOWS\system32\gjkkj.bak1
2007-04-06 12:22 377 ---hs---- C:\WINDOWS\system32\ayadd.ini2
2007-04-06 12:13 <DIR> d-------- C:\tmp
2007-04-02 14:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Idol file


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-21 22:35 -------- d-------- C:\Program Files\icq
2007-04-17 07:55 -------- d-------- C:\Program Files\emule
2007-04-13 17:49 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\utorrent
2007-04-08 16:52 -------- d-------- C:\Program Files\itunes
2007-04-07 19:39 -------- d-------- C:\Program Files\microsoft activesync
2007-04-07 19:39 -------- d-------- C:\Program Files\ipodhe
2007-04-07 18:42 -------- d-------- C:\Program Files\windows nt
2007-04-07 18:42 -------- d-------- C:\Program Files\movie maker
2007-04-07 16:57 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-07 16:56 -------- d-------- C:\Program Files\online services
2007-04-06 12:32 -------- d-------- C:\Program Files\norton systemworks
2007-04-06 09:40 -------- d-------- C:\Program Files\sony
2007-04-06 09:39 -------- d--h----- C:\Program Files\installshield installation information
2007-04-06 09:36 -------- d-------- C:\Program Files\mirc
2007-04-06 09:34 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\lavasoft
2007-03-24 16:54 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\u3
2007-03-19 22:29 -------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
2007-03-17 15:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-21 17:16 15 --a------ C:\WINDOWS\popcinfo.dat
2007-02-05 22:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Logitech Utility"="Logi_MwX.Exe"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Device Detector"="DevDetect.exe -autorun"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"iPodHE SystemTray"="C:\\Program Files\\iPodHE\\iPodHE.exe /tray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoSMHelp"=hex:01,00,00,00
"NoLogoff"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ecrunXP.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 19:40:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 19:41:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-30 19:41
 
     
   
Gender PostTime:12/16/2008 12:57:02 PM Point:0 | Floor# 4
Lv is 1
portrait
Level:
1
Professional point:
61
Experience:
1
Thread:
293
Post:
955
Total online time:
1M
Joined date:
4/28/2007 11:12:00 PM
Last Visit:
12/16/2008 11:25:56 PM
Status:
Offline
the problem I described in my first message still exist...

Explorer killed successfully
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{24C0D3BD-DA1A-493F-8FF8-C971D0F176D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C0D3BD-DA1A-493F-8FF8-C971D0F176D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\xtmqqqnx deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\afsqhamn.ini moved successfully.
C:\WINDOWS\SYSTEM32\anpllwbb.ini moved successfully.
C:\WINDOWS\SYSTEM32\ayadd.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\ayadd.tmp moved successfully.
C:\WINDOWS\SYSTEM32\gjkkj.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\gjkkj.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\gjkkj.ini moved successfully.
C:\WINDOWS\SYSTEM32\gjkkj.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\gjkkj.tmp moved successfully.
C:\WINDOWS\SYSTEM32\mfrrwvqv.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\nmahqsfa.dll
C:\WINDOWS\SYSTEM32\nmahqsfa.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\nmahqsfa.dll moved successfully.
[File String Scan - Non-Microsoft Only]
DllUnregisterServer procedure not found in C:\WINDOWS\genstg.dll
C:\WINDOWS\genstg.dll NOT unregistered.
C:\WINDOWS\genstg.dll moved successfully.
C:\WINDOWS\setupapi.old moved successfully.
File C:\WINDOWS\SYSTEM32\nmahqsfa.dll not found!
LoadLibrary failed for C:\WINDOWS\SYSTEM32\w293f6c86.dll
C:\WINDOWS\SYSTEM32\w293f6c86.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\w293f6c86.dll moved successfully.
[Empty Temp Folders]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 05/02/2007 00:39:38



Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\IPODHE\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

02/23/2006 03:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MICROS~3\BAK

06/26/2006 04:13 PM 1,207,080 wcescomm.exe
1 File(s) 1,207,080 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 12:56 AM 15,360 ctfmon.exe
07/09/2001 11:50 AM 155,648 NeroCheck.exe
2 File(s) 171,008 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

01/27/2007 12:31 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

278528 23 Feb 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
1207080 26 Jun 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
15360 4 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 4 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
313472 30 Mar 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
52272 27 Jan 2007 "C:\Program Files\Google\googletoolbar3user.exe"
454724 16 Sep 2005 "C:\Program Files\Google\Google Earth\GoogleEarth.exe"
138168 27 Jan 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 27 Jan 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier. exe"


end of report
 
     
   
Gender PostTime:12/16/2008 7:12:29 PM Point:0 | Floor# 5
Lv is 1
portrait
Level:
1
Professional point:
4
Experience:
3
Thread:
263
Post:
954
Total online time:
3M
Joined date:
4/29/2007 2:46:00 AM
Last Visit:
12/16/2008 11:21:46 PM
Status:
Offline
Logfile of HijackThis v1.99.1
Scan saved at 22:04:02, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\iPodHE.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iPodHE SystemTray] C:\Program Files\iPodHE\iPodHE.exe /tray
O4 - Startup: iPodHE.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094899403150
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B1AF17-5D63-41C5-B1E0-2BA397BE9144}: NameServer = 192.114.47.4,192.114.47.52
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 
     
   
Gender PostTime:12/16/2008 11:46:58 PM Point:0 | Floor# 6
Lv is 1
portrait
Level:
1
Professional point:
94
Experience:
11
Thread:
294
Post:
1009
Total online time:
11M
Joined date:
4/29/2007 2:38:00 AM
Last Visit:
12/17/2008 12:46:59 AM
Status:
Offline
attached the log file
 
     
   
Gender PostTime:12/16/2008 11:47:31 PM Point:0 | Floor# 7
Lv is 1
portrait
Level:
1
Professional point:
95
Experience:
1
Thread:
268
Post:
947
Total online time:
1M
Joined date:
4/28/2007 11:29:00 PM
Last Visit:
12/17/2008 12:23:49 AM
Status:
Online
attached the CounterSpy log
 
     
1

Sorry, you are not login, click here to login

 

About us | Advertise | Contact us | Partner | Bug Report|Suggesting box|Donation
Home | Forum | Affiliate program| Remote help | Setting | Search | Document | Help | Download|Message

 

Start new topicAdvanced search