Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

various worms, trojans and malware on my pc!


  • Please log in to reply
10 replies to this topic

#1 tjobbe

tjobbe

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 22 December 2008 - 07:22 AM

I have followed the preparation guide as best as I can, and have attached the rsit log and the kaspersky log to this post.

Please note, I am also unable to change my update settings, i.e, I can not get windows to automatically update.

Thanks so much in advance, I work for myself so this is a big deal to me!

Attached Files



BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:40 AM

Posted 22 December 2008 - 07:49 AM

Hello ,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.




You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm and everything will be just alright.

I will be analyzing your log. I will get back to you with instructions after it is approved.

With Regards,
mas_pogi

#3 tjobbe

tjobbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 22 December 2008 - 09:53 AM

Hi,

Thanks for taking a look at this.

I have not as yet tried to fix anything, as I don't know where to start but all I have done is scanned using nod32, and microsoft's online scanner - nod32 found a few things but I can't remember what they where and the microsoft one found nothing, but I have since then done the kaspersky one.

Other than that I have not done anything.

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:40 AM

Posted 23 December 2008 - 12:06 PM

hi.

Welcome to BC once again.


Please follow my instructions promptly.
  • Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Azureus). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • Please open your Outlook Express. Empty your deleted items. Refer in image below;

    Posted Image

    I'm glad you deleted the malicious email but don't forget to always empty your deleted item.
    Just to protect you from accidentally restoring it.

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please include the C:\ComboFix.txt in your next reply for further review. Also post fresh hijackthis log.
In your reply, please post

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt
Fresh Hijackthis log


Mark

#5 tjobbe

tjobbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 23 December 2008 - 02:08 PM

Here we go!

It seems to have done the trick, but off course you will know more than me but the pc is running so much faster already.

I have attached what you asked for!

Attached Files



#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:40 AM

Posted 24 December 2008 - 05:30 AM

hi.

It seems to have done the trick, but off course you will know more than me but the pc is running so much faster already.

Great :thumbsup: Let finish this one.

Follow my instructions promptly.
  • Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

    Outdated programs
    Opera 9.27
    You have already the latest one.

    Infected program
    ARWizard3 <---Trojan-Dropper.Win32.NeodurkJoiner.h 1
    I think this game is patched or binded with trojans. Uninstall it.

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

  • I believe these are your backups. We will delete that file/folder, they are infected.

    C:\Documents and Settings\Gizmo\Desktop\current projects\backupfarstylew\backup-farstyle.com-5-15-2008.tar.gz Suspicious: Trojan-Spy.HTML.Fraud.gen 1
    C:\xampplite\htdocs\siteCreative\clients\amore\mail\.weddings@amoreweddingsandevents_com\cur\1222856976.H654481P649.ronson.uk-noc.com_2,S Suspicious: Trojan-Spy.HTML.Fraud.gen 1
    C:\xampplite\htdocs\siteCreative\clients\amore\mail\amoreweddingsandevents.com\weddings\cur\1222856976.H654481P649.ronson.uk-noc.com_2,S Suspicious: Trojan-Spy.HTML.Fraud.gen 1
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz Suspicious: Trojan-Spy.HTML.Fraud.gen 3
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz Infected: Trojan-Spy.HTML.Chasfraud.u 2
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz Infected: Email-Worm.Win32.Zhelatin.ct 2
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz Infected: Trojan-Spy.HTML.Citifraud.dm 2


    I will delete them in next step. If you are unsure, please contact me before your proceed on next step.

  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    EXTRA::

    FILE::
    C:\WINDOWS\system32\hcbmcc.dll
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz
    C:\xampplite\htdocs\sites\boxesbagsoctober2007\backup-10.30.2007_09-57-21_bagnbox.tar.gz
    C:\Documents and Settings\Gizmo\Desktop\current projects\backupfarstylew\backup-farstyle.com-5-15-2008.tar.gz
    C:\xampplite\htdocs\siteCreative\clients\amore\mail\.weddings@amoreweddingsandevents_com\cur\1222856976.H654481P649.ronson.uk-noc.com_2,S
    C:\xampplite\htdocs\siteCreative\clients\amore\mail\amoreweddingsandevents.com\weddings\cur\1222856976.H654481P649.ronson.uk-noc.com_2,S

    FOLDER::
    C:\Program Files\ARWizard3
    C:\xampplite\htdocs\siteCreative\clients\amore\mail\.weddings@amoreweddingsandevents_com\cur\1222856976.H654481P649.ronson.uk-noc.com_2,S
    C:\xampplite\htdocs\siteCreative\clients\amore\mail\amoreweddingsandevents.com\weddings\cur\1222856976.H654481P649.ronson.uk-noc.com_2,S

    REGISTRY::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""

    Firefox::
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Please run a BitDefender Online Scan
    • Click I Agree to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click Click here to scan to begin the scan.
    • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
    • When the scan is finished, click on Click here to export the scan results.
    • Save the report to your desktop so you can post it in your next reply.
In your reply, please post (post them, do not attach)

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt
Bitdefender scan result
Hows your computer now?


Mark

Edited by mas_pogi, 24 December 2008 - 05:34 AM.


#7 tjobbe

tjobbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 24 December 2008 - 08:16 AM

Hi Mark,

I couldn't figure out the bitdefender site, it asked me to subscribe to one of their offers and didn't quite go the way you described..

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt

are posted below;

Combofix.txt

ComboFix 08-12-23.01 - Gizmo 2008-12-24 12:52:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1340 [GMT 0:00]
Running from: c:\documents and settings\Gizmo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gizmo\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\hcbmcc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ARWizard3
c:\program files\ARWizard3\ARWizard3.exe~

.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-24 12:46 . 2008-12-24 12:45 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-24 12:46 . 2008-12-24 12:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-23 22:02 . 2008-12-23 22:02 <DIR> d-------- c:\windows\ie8updates
2008-12-22 12:17 . 2008-12-22 12:17 <DIR> d-------- C:\rsit
2008-12-22 11:16 . 2008-12-24 12:12 <DIR> d-------- c:\documents and settings\Gizmo\.SunDownloadManager
2008-12-22 08:56 . 2008-12-22 08:56 4,212 --ah----- c:\windows\system32\zllictbl.dat
2008-12-22 08:55 . 2008-12-22 08:55 <DIR> d-------- c:\program files\Zone Labs
2008-12-22 08:48 . 2008-12-22 08:48 <DIR> d-------- c:\program files\CheckPoint
2008-12-22 08:48 . 2008-12-22 08:48 <DIR> d-------- c:\documents and settings\Gizmo\Application Data\CheckPoint
2008-12-22 08:48 . 2008-12-22 08:48 144 --a------ c:\windows\system32\lkfl.dat
2008-12-22 08:48 . 2008-12-22 08:53 96 --a------ c:\windows\system32\pdfl.dat
2008-12-22 08:48 . 2008-12-22 08:48 80 --a------ c:\windows\system32\ibfl.dat
2008-12-19 12:31 . 2008-12-19 12:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-18 20:47 . 2008-12-18 20:47 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-11 13:35 . 2008-12-11 13:35 <DIR> d-------- c:\program files\twhirl
2008-12-08 12:05 . 2006-10-07 17:43 502,784 --a------ c:\windows\x2.64.exe
2008-12-08 12:05 . 2005-02-28 13:16 240,128 --a------ c:\windows\system32\x.264.exe
2008-12-08 12:05 . 2006-04-12 09:47 217,073 --a------ c:\windows\meta4.exe
2008-12-08 12:05 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll
2008-12-08 12:05 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2008-12-08 12:05 . 2006-04-05 08:09 66,560 --a------ c:\windows\MOTA113.exe
2008-12-08 12:05 . 2005-07-14 12:31 27,648 --a------ c:\windows\system32\AVSredirect.dll
2008-12-08 12:04 . 2005-02-12 22:00 186,880 -rahs---- c:\windows\system32\RLOgg.ax
2008-12-08 12:04 . 2005-01-17 22:26 179,200 -rahs---- c:\windows\system32\DiracSplitter.ax
2008-12-08 12:04 . 2006-08-16 13:53 175,104 -rahs---- c:\windows\system32\CoreAAC.ax
2008-12-08 12:04 . 2005-02-05 22:00 92,672 -rahs---- c:\windows\system32\RLVorbisDec.ax
2008-12-08 12:04 . 2005-02-22 15:55 81,920 -rahs---- c:\windows\system32\aac_parser.ax
2008-12-08 12:04 . 2005-02-12 22:00 67,584 -rahs---- c:\windows\system32\RLTheoraDec.ax
2008-12-08 12:04 . 2005-02-12 22:00 51,712 -rahs---- c:\windows\system32\RLSpeexDec.ax
2008-12-08 12:01 . 2008-12-08 12:01 <DIR> d-------- c:\program files\eRightSoft
2008-12-08 11:00 . 2008-12-08 11:00 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-11-26 14:03 . 2008-11-26 14:03 <DIR> d-------- c:\documents and settings\Gizmo\Application Data\Anonymizer
2008-11-26 14:03 . 2008-11-26 14:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2008-11-24 18:34 . 2008-11-24 18:34 <DIR> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 12:49 --------- d-----w c:\program files\Mozilla Firefox3
2008-12-24 12:45 --------- d-----w c:\program files\Java
2008-12-24 12:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 12:37 --------- d-----w c:\program files\Common Files\Canopus Shared
2008-12-24 12:36 --------- d-----w c:\program files\Common Files\AOL
2008-12-24 12:35 --------- d-----w c:\program files\Common Files\Adobe
2008-12-24 12:19 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-12-24 12:19 --------- d-----w c:\program files\Sony Ericsson
2008-12-24 12:19 --------- d-----w c:\program files\Gabest
2008-12-24 12:19 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-24 12:18 --------- d-----w c:\program files\NCH Software
2008-12-24 12:17 --------- d-----w c:\program files\PhotomatixPro3
2008-12-24 12:17 --------- d-----w c:\program files\Boilsoft MOV Converter
2008-12-24 11:54 --------- d-----w c:\program files\Opera
2008-12-23 20:28 --------- d-----w c:\documents and settings\Gizmo\Application Data\Azureus
2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 09:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 11:00 --------- d-----w c:\program files\Cucusoft
2008-12-01 11:28 --------- d-----w c:\documents and settings\Gizmo\Application Data\OpenOffice.org2
2008-12-01 09:30 --------- d-----w c:\program files\Google
2008-11-27 21:47 --------- d-----w c:\program files\Safari
2008-11-22 12:30 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-21 17:51 --------- d-----w c:\program files\iTunes
2008-11-21 17:51 --------- d-----w c:\program files\iPod
2008-11-21 17:51 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 17:49 --------- d-----w c:\program files\QuickTime
2008-11-21 15:19 --------- d-----w c:\program files\Azureus
2008-11-21 10:55 --------- d-----w c:\documents and settings\Gizmo\Application Data\Apple Computer
2008-11-19 16:19 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-18 09:54 --------- d-----w c:\documents and settings\Gizmo\Application Data\Dropbox
2008-11-13 15:18 1,221,008 ----a-w c:\windows\system32\zpeng25.dll
2008-11-04 10:48 --------- d-----w c:\program files\TechSmith
2008-10-28 12:12 --------- d-----w c:\program files\Adobe Media Player
2008-10-25 21:16 --------- d-----w c:\documents and settings\Gizmo\Application Data\Roxio
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-07-31 12:41 0 -c--a-w c:\documents and settings\Gizmo\Application Data\wklnhst.dat
2008-03-06 12:57 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-03-06 12:57 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-04-17 07:29 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-17 07:29 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-17 07:29 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-17 07:29 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-21 08:35 172,032 ----a-w c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
2008-04-17 07:29 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-27 09:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-23_18.55.42.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-22 02:09:32 5,699,584 -c----w c:\windows\ie8updates\KB960714-IE8\mshtml.dll
+ 2008-07-09 07:38:25 231,288 -c----w c:\windows\ie8updates\KB960714-IE8\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\ie8updates\KB960714-IE8\spuninst\updspapi.dll
- 2008-06-10 00:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-24 12:45:50 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 00:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-24 12:45:50 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 01:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-24 12:45:50 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-22 02:09:32 5,699,584 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-14 13:59:44 5,699,584 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-24 12:46:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_b44.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Google Update"="c:\documents and settings\Gizmo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-10 8429568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-31 949376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-31 151597]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-08 778318]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-26 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-04-30 17:08 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.CDVC"= cdvccodc.dll
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Gizmo^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Gizmo\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 02:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 10:43 57344 c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
"c:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"=
"c:\\Program Files\\Mozilla Firefox3\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-07-31 15424]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-05-18 45848]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-08-13 120472]
S2 gupdate1c8eaa2c8f7cd06;Google Update Service (gupdate1c8eaa2c8f7cd06);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-07-20 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-04-30 13352]
S4 LMIRfsClientNP;LMIRfsClientNP; []

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 10:08]

2008-12-24 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Gizmo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-15 09:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com -
LSP: c:\windows\system32\imon.dll

c:\windows\Downloaded Program Files\GSM_codec.dll - c:\windows\Downloaded Program Files\WebCamPlayerOCX.ocx
O16 -: {66D393D5-4D80-497C-9F4F-F3839E090202}
hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
c:\windows\Downloaded Program Files\WebCamPlayerOCX.inf
FF - ProfilePath - c:\documents and settings\Gizmo\Application Data\Mozilla\Firefox\Profiles\twcppd8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gizmo\Application Data\Mozilla\Firefox\Profiles\twcppd8b.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Gizmo\Application Data\Mozilla\Firefox\Profiles\twcppd8b.default\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}\components\snagitmozextension.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Opera95\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera95\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera95\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera95\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\20-20 Technologies\3D Room Planner\NP2020Player.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 12:55:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-24 12:57:54
ComboFix-quarantined-files.txt 2008-12-24 12:56:37
ComboFix2.txt 2008-12-23 19:03:28

Pre-Run: 202,551,836,672 bytes free
Post-Run: 202,533,392,384 bytes free

310 --- E O F --- 2008-12-23 22:02:56



qoobox

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Reader 8.1.0
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Azureus
Belkin Wireless Utility
Bonjour
CDDRV_Installer
Dell CinePlayer
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Dropbox
DVD Decrypter (Remove Only)
EA SPORTS™ Rugby 08
FileZilla (remove only)
Google Chrome
Google Earth
Google Gears
Google Gmail Notifier
Google Update
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Matrix Storage Manager
Intel® PRO Network Connections
Internet Explorer Developer Toolbar
iTunes
Java™ 6 Update 11
KhalInstallWrapper
Lexmark X1100 Series
Logitech SetPoint
Macromedia Fireworks 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7
neroxml
NOD32 antivirus system
NVIDIA Drivers
OpenOffice.org 2.3
Opera 9.51
PC Connectivity Solution
PDF Settings
QuickTime
RealOne Player
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sky Broadband
Sonic Activation Module
Sony Ericsson Media Manager 1.0
Sony Ericsson PC Suite 3.010.00
Spell Checker For OE 2.1
Total Recorder 7.0
Total Recorder Editor v10.9.8
twhirl
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC 9.0 Runtime
VLC media player 0.9.4
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm



#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:40 AM

Posted 24 December 2008 - 08:23 AM

hi.

We will try other option.

Try this one.

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please do not quote your logs when your reply. Edit your last post and remove quotes. Thanks :thumbsup:

I'll be waiting for your Fsecure scan result.

Mark

#9 tjobbe

tjobbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 24 December 2008 - 10:50 AM

Scanning Report
Wednesday, December 24, 2008 13:48:11 - 15:48:03

Computer name: HOME
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 13 malware found
TrackingCookie.2o7 (spyware)

* System

TrackingCookie.Adform (spyware)

* System

TrackingCookie.Adtech (spyware)

* System

TrackingCookie.Advertising (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Revsci (spyware)

* System

TrackingCookie.Tradedoubler (spyware)

* System

TrackingCookie.Webtrends (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Trojan-Spy.HTML.Fraud (virus)

* System

W32/Packed_Mew.C (virus)

* C:\DOCUMENTS AND SETTINGS\GIZMO\DESKTOP\CURRENT PROJECTS\SEK800\SOFTWARE\SETOOL2LITEV1.11\QAMAKER\QAMAKER.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\GIZMO\DESKTOP\CURRENT PROJECTS\SEK800\SETOOL2LITE_DB2020 & SIMLOCKPATCHGGEN(2)\QAMAKER\QAMAKER.EXE (Submitted)

Statistics
Scanned:

* Files: 137142
* System: 4723
* Not scanned: 7

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 13
* Submitted: 2

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2008-12-24
* F-Secure AVP: 7.0.171, 2008-12-24
* F-Secure Pegasus: 1.20.0, 2008-11-17
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



#10 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:40 AM

Posted 24 December 2008 - 11:20 AM

Hello tjobbe.

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Uninstall ComboFix
    Remove Combofix now that we're done with it.
    • Click on your Start Menu, then Run....
    • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
      Posted Image
    • When shown the disclaimer, Select "2"
    Uninstalling ComboFix will do the following:
    • Delete ComboFix and its components from your computer.
    • Delete other tools commonly used during the malware removal process.
    • Resets clock settings to standard format.
    • Hides file extensions and hidden/system files.
    • Clears System Restore cache and creates new restore point.
  • Please also delete the RSIT.exe located at your desktop. And delete C:\RSIT folder also.
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall

  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.

  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file

  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Maraming salamat.
Mark

#11 tjobbe

tjobbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 24 December 2008 - 11:42 AM

Mark,

Thank you so much for your help with this! It looks like it is all fixed now!

Tjobbe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users