« previous next »
Pages: [1]   Go Down

Author Topic: Avast fallen and it can't get up...  (Read 8142 times)

0 Members and 1 Guest are viewing this topic.

Ima

  • Guest
Avast fallen and it can't get up...
« on: July 30, 2007, 02:52:57 AM »
Hello,

I have a major demon in my machine, when I scan for viruses it gets to a certain point and the system crashes. How do I get around this one?

XP1
600mg RAM
40G HD

Thank you for assistance.

Ima
Logged

mauserme

  • Guest
Re: Avast fallen and it can't get up...
« Reply #1 on: July 30, 2007, 03:22:26 AM »
Hi Ima.  Welcome to the forum.

What symptoms are you experiencing (other than being unable to finish a scan)?
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #2 on: July 30, 2007, 03:32:40 AM »
when I click on a folder of downloaded video clips, the folder won't open, the system just crashes. Though doesn't happen when opening other folders. I then decided to delete that folder to recyle bin to get off system. However, I still want to run a virus scan but system still crashes when it gets to a certain point. Hope this helps.

thx
Logged

mauserme

  • Guest
Re: Avast fallen and it can't get up...
« Reply #3 on: July 30, 2007, 03:35:25 AM »
Let's have a look at your computer.


Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.



After posting the ComboFix log, Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #4 on: July 30, 2007, 04:24:19 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13, on 2007-07-29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Mozy\mozybackup.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://createpdf.adobe.com/?Language=ENU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\Program\Ereg.exe" -r "D:\Program Files\Program\ereg.ini"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [WISE-FTP Task Planner] "C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe" /bg
O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 8276 bytes

combo fix asked for me to type in "1" and then it disappeared. last I saw was that they changed clock time, NO log was rendered, now back to desktop ... thx
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #5 on: July 30, 2007, 05:06:56 AM »
says Comfix report exceeds 10000 character limit, now what?
thanks
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #6 on: July 30, 2007, 05:13:55 AM »
Combo FIx Segmented Part 1:

"Owner" - 2007-07-29 19:40:22 - ComboFix 07-07-23.6 - Service Pack 1  NTFS 


(((((((((((((((((((((((((   Files Created from 2007-06-28 to 2007-07-30  )))))))))))))))))))))))))))))))


2007-07-29 19:12   <DIR>   d--------   C:\Program Files\Trend Micro
2007-07-29 19:10   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-07-26 07:29   3,840   --a------   C:\WINDOWS\system32\drivers\BANTExt.sys
2007-07-26 07:29   <DIR>   d--------   C:\Program Files\Belarc
2007-07-24 18:41   <DIR>   d--------   C:\Program Files\X-Setup Pro
2007-07-24 18:41   <DIR>   d--------   C:\DOCUME~1\Owner\APPLIC~1\X-Setup Pro
2007-07-24 18:41   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\X-Setup Pro
2007-07-24 18:31   266,360   --a------   C:\WINDOWS\system32\TweakUI.exe
2007-07-24 17:38   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2007-07-24 16:21   <DIR>   d--------   C:\Log
2007-07-24 09:47   35,363   --a------   C:\WINDOWS\system32\windrvNT.sys
2007-07-24 09:47   110,592   --a------   C:\WINDOWS\system32\suppdll.dll
2007-07-20 17:26   125,440   ---------   C:\WINDOWS\system32\sx96v32.dll
2007-07-20 17:25   98,304   --a------   C:\WINDOWS\system32\sbe6@rus.dll
2007-07-20 17:25   98,304   --a------   C:\WINDOWS\system32\sbe6@deu.dll
2007-07-20 17:25   94,208   --a------   C:\WINDOWS\system32\sbe6@sve.dll
2007-07-20 17:25   94,208   --a------   C:\WINDOWS\system32\sbe6@nor.dll
2007-07-20 17:25   94,208   --a------   C:\WINDOWS\system32\sbe6@000.dll
2007-07-20 17:25   81,920   --a------   C:\WINDOWS\system32\sbe6@jpn.dll
2007-07-20 17:25   106,496   --a------   C:\WINDOWS\system32\sbe6@ita.dll
2007-07-20 17:25   102,400   --a------   C:\WINDOWS\system32\sbe6@ptb.dll
2007-07-20 17:25   102,400   --a------   C:\WINDOWS\system32\sbe6@fra.dll
2007-07-20 17:25   102,400   --a------   C:\WINDOWS\system32\sbe6@esp.dll
2007-07-20 17:25   1,344,624   --a------   C:\WINDOWS\system32\sbe6_32.dll
2007-07-13 16:10   <DIR>   d--------   C:\Program Files\xbrowser


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 01:20:12   --------   d-----w   C:\Program Files\Common Files\Stardock
2007-07-30 00:08:46   --------   d-----w   C:\Program Files\TheWorld 2.0
2007-07-29 03:21:34   --------   d-----w   C:\Program Files\Eraser
2007-07-27 01:45:12   --------   d-----w   C:\DOCUME~1\Owner\APPLIC~1\dvdcss
2007-07-25 02:31:20   --------   d-----w   C:\Program Files\Western Digital Technologies
2007-07-24 16:47:55   --------   d-----w   C:\Program Files\Folder Lock
2007-07-10 22:28:21   66   ----a-w   C:\Program Files\cPix.ini
2007-06-23 13:36:14   --------   d-----w   C:\Program Files\HD Tune
2007-06-19 20:19:01   --------   d-----w   C:\Program Files\microsoft frontpage
2007-06-18 22:27:45   --------   d-----w   C:\Program Files\Common Files\Roxio Shared
2007-06-18 22:25:52   --------   d-----w   C:\Program Files\Microsoft Plus! Digital Media Edition
2007-06-18 21:51:36   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-06-18 21:50:51   --------   d-----w   C:\Program Files\Easy Internet signup
2007-06-18 21:43:17   --------   d-----w   C:\Program Files\Online Services
2007-06-14 22:52:13   --------   d-----w   C:\Program Files\PageBreeze
2007-06-14 03:49:59   --------   d-----w   C:\Program Files\Nattyware
2007-06-12 21:34:04   --------   d-----w   C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-06-12 21:30:38   --------   d-----w   C:\Program Files\Comodo
2007-06-09 19:12:22   --------   d-----w   C:\Program Files\Mozy
2007-06-06 21:10:47   --------   d-----w   C:\DOCUME~1\Owner\APPLIC~1\Canon
2007-06-06 03:02:25   --------   d-----w   C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-06-05 23:24:22   --------   d-----w   C:\Program Files\Stardock
2007-06-02 15:06:59   --------   d-----w   C:\Program Files\GooDelete
2007-05-29 17:00:28   --------   d-----w   C:\Program Files\Foxit Software
2007-05-28 05:07:19   4,207   ----a-w   C:\WINDOWS\mozver.dat
2007-05-23 23:26:42   31   ---ha-w   C:\WINDOWS\uccspecc.sys
2007-05-23 22:07:26   52,300   ----a-w   C:\Program Files\kk.jpg
2007-05-18 05:56:01   40,230   ----a-w   C:\Program Files\presh.jpg
2007-05-18 05:54:27   37,515   ----a-w   C:\Program Files\pre.jpg
2007-05-18 05:53:45   808,230   ----a-w   C:\Program Files\prescription.bmp
2007-05-04 01:22:00   1,567,325   ----a-w   C:\Program Files\truecrypt-4.3a.zip
2007-04-30 15:46:10   745,600   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28   95,872   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2006-11-30 04:20:17   5,937   ----a-w   C:\Program Files\juno reinstall.txt
2006-09-29 18:45:26   13,982,226   ----a-w   C:\Program Files\Setup.exe
2006-09-15 21:56:33   123   ----a-w   C:\Program Files\sf.txt
2006-07-22 18:31:12   559   ----a-w   C:\Program Files\Shortcut to Foxit Reader.lnk
2006-06-07 15:58:08   107,504   ----a-w   C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2006-04-28 22:08:10   2,895,168   ----a-w   C:\Program Files\Foxit Reader.exe
2005-11-05 21:32:18   611,328   ----a-w   C:\Program Files\ColorPix.exe
2004-01-30 19:57:36   6,364,940   ----a-w   C:\Program Files\camera smartrecovery.exe
2003-08-27 22:19:18   36,963   ----a-r   C:\Program Files\Common Files\SM1updtr.dll
2003-02-07 15:50:28   1,328,640   ----a-w   C:\Program Files\Filerecovery.exe
2002-03-26 01:22:30   209,408   ----a-w   C:\Program Files\Grabzilla10.exe
2006-05-03 10:06:54   163,328   --sh--r   C:\WINDOWS\system32\flvDX.dll
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #7 on: July 30, 2007, 05:15:22 AM »
Combo FIx Segmented Part 2: thank you

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}]
2007-02-01 12:53   513632   --a------   C:\WINDOWS\COUPON~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}"= C:\WINDOWS\CouponBarIE.dll [2007-02-01 12:53 513632]

[HKEY_CLASSES_ROOT\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001.1]
[HKEY_CLASSES_ROOT\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}"= C:\WINDOWS\CouponBarIE.dll [2007-02-01 12:53 513632]

[-HKEY_CLASSES_ROOT\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001.1]
[HKEY_CLASSES_ROOT\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 08:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 02:36]
"nwiz"="nwiz.exe" [2003-05-02 23:19 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-05-01 23:08]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 20:49]
"index"="C:\Program Files\ClearAllHistory\index.bat" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-12 14:30]
"DNS7reminder"="D:\Program Files\Program\Ereg.exe" [2003-02-13 16:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-12-25 17:23]
"WISE-FTP Task Planner"="C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe" [2007-04-20 16:55]
"ClearAllHistory"="C:\Program Files\ClearAllHistory\cah.exe" []

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-13]
Mozy Status.lnk - C:\Program Files\Mozy\mozystat.exe [2006-07-18 19:28:44]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 17:48:42]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2004-03-28 16:07:48]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-13]
PowerReg Scheduler V3.exe [2007-05-16 22:19:28]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-07-26 01:57:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 03:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

R0 fasttx2k;fasttx2k;C:\WINDOWS\System32\DRIVERS\fasttx2k.sys
R0 ifp700;iRiver Internet Audio Player IFP-700;C:\WINDOWS\System32\Drivers\ifp700.sys
R0 Inspect;Comodo Network Engine;C:\WINDOWS\System32\DRIVERS\inspect.sys
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\System32\DRIVERS\sbp2port.sys
R1 BANTExt;Belarc SMBios Access;C:\WINDOWS\System32\Drivers\BANTExt.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\System32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\System32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdudf_xp.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys
R1 CmdMon;Comodo Application Engine;C:\WINDOWS\System32\DRIVERS\cmdmon.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys
R1 mozyFilter;mozyFilter;C:\WINDOWS\System32\DRIVERS\mozy.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\System32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\System32\drivers\UDFReadr.sys
R2 windrvNT;windrvNT;\??\C:\WINDOWS\System32\windrvNT.sys
R3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\System32\DRIVERS\bridge.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.sys
R3 ltmodem5;Lucent Modem Driver;C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\System32\drivers\MxlW2k.sys
R3 Ps2;PS2;C:\WINDOWS\System32\DRIVERS\PS2.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\System32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbuhci.sys
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\System32\DRIVERS\WMP11V27.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\System32\DRIVERS\Dot4.sys
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys
S3 dot4usb;Dot4USB Filter Dot4USB Filter;C:\WINDOWS\System32\DRIVERS\dot4usb.sys
S3 ENUM1394;%1394\031887&040892.DeviceDesc%;C:\WINDOWS\System32\DRIVERS\enum1394.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.sys
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\System32\DRIVERS\usbccgp.sys
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbohci.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 19:46:28
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\Owner\ntuser.dat
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan
**************************************************************************

Completion time: 2007-07-29 19:47:50

   --- E O F ---
Logged

mauserme

  • Guest
Re: Avast fallen and it can't get up...
« Reply #8 on: July 30, 2007, 06:43:15 AM »
You did fine posting everything  :)

There are just a few issues in the HJT log that I don;t believe are the cause of the scanning problem.  But they are adware/spyware and are easily fixed.

Open HijackThis again and click Do a System Scan Only.  When the scan is complete place a check mark next to the lines

O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Startup: PowerReg Scheduler V3.exe

Now close all other windows, including your browser, and click Fix Checked.


I believe the cause of your scanning issue is a program that was installed on 24 July called Folder Lock.  If you uninstall this program does the probelm persist?


Please give that a try after fixing those lines in HJT, then post a fresh HJT log.
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #9 on: July 30, 2007, 07:25:57 PM »
thank you and here is latest hijack log. I ran a standard scan for all hard drives and had a few trojans in system volume restore which were transferred to the chest as directed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:25 AM, on 7/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Mozy\mozybackup.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://createpdf.adobe.com/?Language=ENU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\Program\Ereg.exe" -r "D:\Program Files\Program\ereg.ini"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [WISE-FTP Task Planner] "C:\Program Files\AceBIT\WISE-FTP 5\wf_tp.exe" /bg
O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 7455 bytes
Logged

mauserme

  • Guest
Re: Avast fallen and it can't get up...
« Reply #10 on: July 31, 2007, 05:43:29 AM »
ComboFix very specifically targets many of the trojans that can elude detection by regular antivirus programs.  So the lack of deletions by ComboFix indicates the infections found in your System Restore points were older, previously removed malware.

Just to play it safe,  let's set a new, clean point and delete the old ones.

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialog box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Is there a reason you haven't updated to Service Pack 2?
Logged

Ima

  • Guest
Re: Avast fallen and it can't get up...
« Reply #11 on: July 31, 2007, 07:09:49 AM »
You've heard of the Bud commercial, real men of jeeeenyus?
Thank you for all your help, things are running well again.

No sp2 because I read that it could create issues. Since this is my business computer, I wouldn't have time to mess with it should something go awry.

Thanks again,

Ima Bahliva
Logged

mauserme

  • Guest
Re: Avast fallen and it can't get up...
« Reply #12 on: August 01, 2007, 02:23:23 AM »
You're welcome  :)

And if you change you're mind ...

http://www.microsoft.com/windowsxp/sp2/default.mspx
Logged
Pages: [1]   Go Up
« previous next »