internet explorer wont launch

shaun40400

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 12:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'Explorer.exe'(6096)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
Completion time: 2009-07-08 12:12
ComboFix-quarantined-files.txt 2009-07-08 11:12
ComboFix2.txt 2009-07-02 19:08

Pre-Run: 266,241,273,856 bytes free
Post-Run: 266,208,485,376 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=49 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49
287 --- E O F --- 2009-07-07 07:54

aliEnRIK

Im at a loss why but combofix hasnt removed them (Or if it has theyre not in the log)

Remove them by yourself (Or check first to see if they DO exist) ~
c:\program files\Zumie\zumie.dll
c:\users\USER\APPDATA\LOCALLOW\MYWEBSEARCH\BAR\SET UPS\MWSAUTSP.EXE

shaun40400

ok put both of those into the search bar and done advanced search cant detect them,,,

when i just switched on the computer kaspersky throws up i yellow warning and one red delete now ,,,yet when you press the "press now" button nothing registers on screen...
ive checked quarantine and deleted files in kasper,,,,all are empty
my 1st thought was maybe its keeping a log of events...ie....
ive scaned you at start up 127 times ive found 6 viruses in that time....

the yellow and red flag at start up though??? if it cant handle the virus would it not quarintine them??
detected: riskware Trojan.generic Running process: \TEMP\NSF3306.TMP\ZUMIE.EXE
deleted: adware not-a-virus:AdWare.Win32.OneStep.dmz File: \Temp\nsf3306.tmp\zumie.dll
detected: riskware Trojan.generic Running process: C:\USERS\USER\APPDATA\LOCALLOW\MYWEBSEARCH\BAR\SETUPS\MWSAUTSP.EXE
deleted: adware not-a-virus:AdWare.Win32.OneStep.dmz File: C:\Program Files\Zumie\zumie.dll
not found: virus Heur.Invader (modification) File: c:\downloads\combofix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe
not found: virus Heur.Invader (modification) File: E:\ComboFix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe
this ones from the usb unit??
as drives are c d


edit20.45hrs
keep getting cut off from the inter net and having to restart around 15/20 mins
processor continually running sometimes very loudly even when disconnected from net,,,just done restart...
kasper just popped up a yellow tag.....threats have been detected your are advised to immunise immediately

shaun40400

bump,,,,bump,,,,

aliEnRIK

Ok ~ clearly somethings running thats creating 'something else' that Kaspersky then throws a wobbler
I can attempt to remove said infections but some of this is purely guesswork so your taking it upon yourself if you follow these instructions
bear in mind that having studied the log it seems your REALLY badly infected so this may be entirely futile and its so deeply routed it is possible youll end up with a dead computer (So backup any files you need first)
From personal experience id say youll be fine deleting all this but I have to warn you it can go wrong (In fact when the next log appears there'll probably be even more to remove)

Run CCLEANER again to remove all temp files. Then ~

Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
c:\windows\bthservsdp.dat
c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.e xe
c:\windows\System32\DriverStore\FileRepository\ccd cmbo.inf_0b649316\ccdcmbo.sys
c:\windows\System32\DriverStore\FileRepository\ccd cmb.inf_0c298eaf\nmwcdcls.dll
c:\windows\System32\DriverStore\FileRepository\ccd cmb.inf_0c298eaf\ccdcmb.sys
c:\windows\System32\drivers\ccdcmbo.sys
c:\windows\System32\drivers\ccdcmb.sys
c:\windows\System32\nmwcdcls.dll
c:\windows\System32\DriverStore\FileRepository\ccd cmbm.inf_65311714\usbser_lowerflt.sys
c:\windows\System32\DriverStore\FileRepository\ccd cmbcj.inf_6fbfd776\usbser_lowerfltj.sys
c:\windows\System32\drivers\usbser_lowerfltj.sys
c:\windows\System32\drivers\usbser_lowerflt.sys
c:\windows\System32\nmwcdcocls.dll
c:\windows\Installer\1cb88f.msi
c:\windows\Installer\1cb7dd.msi
c:\windows\Installer\1cb7a7.msi
c:\windows\System32\DriverStore\FileRepository\pcc swpddriver.inf_b43d96b2\PCCSWpdDriver.dll
c:\windows\System32\DriverStore\FileRepository\nmw cdnsu.inf_add8f2b2\nmwcdnsu.sys
c:\windows\System32\DriverStore\FileRepository\ccd cmb.inf_0c298eaf\nmwcdcocls.dll
c:\windows\System32\DriverStore\FileRepository\nmw cdnsuc.inf_545c47c7\nmwcdnsuc.sys
c:\windows\System32\DriverStore\FileRepository\pcc swpddriver.inf_b43d96b2\WUDFUpdate_01007.dll
c:\windows\System32\DriverStore\FileRepository\ccd cmb.inf_0c298eaf\wdfcoinstaller01007.dll
c:\windows\Installer\6b283d.msi
c:\windows\inf\infstrng.dat
c:\windows\System32\WDI\ERCQueuedResolutions.dat


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

shaun40400

will do back up first...any idea where i picked all these up from....
i dont do naughty sites
my inter net is crap so i dont do p2p
and ive always used kaspersky..
5yrs old son does bbc and nic kids ,,,,would have thought they were safe sites
did in early days have demo games from spin and pop gap
and ive always used kaspersky..

but clearly their coming from somewhere??

so basically i will back up photos rest is not important...

also if i copy docs and photo's will i carry the viruses over??
wont copy music as have most on cd or can borrow cds
most software is from free site so wont copy that either
films ive ripped to c drive should be virus free

aliEnRIK

Whatever you intend to copy id scan with kaspersky first (Which doesnt guarantee its not infected but at least youve done what you can)

Is Kaspersky definitely upto date?

Id hazard a guess youve either had a dodgy email and/or youve been on an infected site (Neither of which kaspersky recognised)
Possibly those demos didnt do you any favours (I really dont know anything about them though)
Other classic is clicking dodgy msn links and the like

shaun40400

thanks rik
will take me a few days to copy every thing to DVDs
also off for a holiday next wk
so will probably reappear in about two weeks
thank for all your help
shaun

aliEnRIK

Best of luck