Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on system - unidentified


  • This topic is locked This topic is locked
14 replies to this topic

#1 alextc78

alextc78

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 May 2009 - 11:12 AM

Hi,
I have some form of malware on my system, but i cant seem to identify it or remove it.
The symptoms I'm seeing are that I cannot access Windows Update, either automatically or manually when I go to the website. All attempts are redirected to google. I checked my hosts file and the only uncommented line is the loopback.

apparently malware got much more clever since my college days many, many years ago.
would greatly appreciate any help here, i'd like to try to identify and remove this bugger as opposed to reformatting my drive, partially as learning experience, but also because i'm kind of partial to this install (got things the way i like them).

contents of DDS.txt log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by USER_NAME_EDITED at 9:02:27.75 on Tue 05/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2420 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Juice\Juice.exe
R:\Install\Windows XP\logitech\g15\LCD Miscellany 0.4.3.1\LCDMisc.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\ASUS\AASP\1.00.64\aaCenter.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\mozilla.org\SEAMON~1\SEAMON~1.EXE
C:\Documents and Settings\USER_NAME_EDITED\Desktop\autoruns\autoruns.exe
C:\Documents and Settings\USER_NAME_EDITED\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netflix.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SeaMonkey Quick Launch] "c:\program files\mozilla.org\seamonkey\SeaMonkey.exe" -turbo
uRun: [Aim6]
uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [WUSB54Gv2] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
StartupFolder: c:\docume~1\USER_NAME_EDITED\startm~1\programs\startup\juice.lnk - c:\program files\juice\Juice.exe
StartupFolder: c:\docume~1\USER_NAME_EDITED\startm~1\programs\startup\pcprob~1.lnk - c:\program files\asus\pc probe ii\Probe2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.26,85.255.112.73
TCP: {05F627FD-1F69-4E79-95AF-85B40CC40FCA} = 85.255.112.26,85.255.112.73
TCP: {F89D6152-14A2-4C9B-B1CF-F5EB25CFA001} = 85.255.112.26,85.255.112.73
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexan~1.cho\applic~1\mozilla\firefox\profiles\5edglya9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.princeton.edu
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-13 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-22 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-9 36864]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 uisp;Motorola USB ICP driver;c:\windows\system32\drivers\usbicp.sys --> c:\windows\system32\drivers\usbicp.sys [?]

=============== Created Last 30 ================

2009-05-05 01:08 824 a------- c:\windows\system32\BDUpdateV1.xml
2009-05-04 23:03 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-05-04 19:47 <DIR> --d----- c:\docume~1\alexan~1.cho\applic~1\BitDefender
2009-05-04 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-05-04 19:46 <DIR> --d----- c:\program files\common files\BitDefender
2009-05-04 06:13 850 a------- c:\windows\system32\ProductTweaks.xml
2009-05-04 06:13 385 a------- c:\windows\system32\user_gensett.xml
2009-04-30 01:29 <DIR> --d----- c:\program files\TiVo
2009-04-30 01:29 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-04-30 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TiVo
2009-04-29 16:04 <DIR> --d----- c:\program files\iPod
2009-04-29 16:04 <DIR> --d----- c:\program files\iTunes
2009-04-29 16:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 20:59 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 20:59 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 20:59 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 20:59 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 20:59 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 20:59 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 20:59 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 20:59 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 20:59 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 20:58 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 20:58 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 20:58 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-06 07:53 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-05 17:02 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-05 17:01 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-05 17:01 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-05 17:01 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-05 17:01 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-05 17:01 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-05 17:01 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-05 17:01 575,488 -------- c:\windows\system32\xpsshhdr.dll

==================== Find3M ====================

2009-05-05 00:57 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 04:03 118,784 a------- c:\windows\SeaMonkeyUninstall.exe
2009-04-04 04:03 19,790 a------- c:\windows\mozver.dat
2009-04-04 04:03 118,784 a------- c:\windows\GREUninstall.exe
2009-04-02 22:56 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-24 23:17 69,237 a------- c:\windows\War3Unin.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 01:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2006-06-22 23:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-12-20 11:26 8 ---shr-- c:\windows\system32\BDB262BF73.sys
2008-12-20 11:26 8 ---shr-- c:\windows\system32\D70D0AFFB4.sys
2008-12-07 01:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120720081208\index.dat

============= FINISH: 9:02:39.71 ===============


EDITED: removed my name to make myself slightly more anonymous (changed to USER_NAME_EDITED), i guess this bug's gotten me paranoid about the bad guys out there.

Attached Files


Edited by alextc78, 05 May 2009 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:26 AM

Posted 18 May 2009 - 03:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 alextc78

alextc78
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 18 May 2009 - 10:29 PM

Thanks for getting around to this, no change in my status or description. I have random redirects at certain sites, and cannot access windows update (redirects to google). also, when i try to log into this site, it asks me for my "master software security password" or something like that, which seems to me like a phishing tactic, so i just cancel on those dialog boxes. i haven't used this computer as much (it's been just idling until i get this resolved) so haven't noticed any other strange behavior.

Posting here again with new DDS results:

DDS (Ver_09-05-14.01) - NTFSx86
Run by USER_NAME_EDITED at 20:23:35.68 on Mon 05/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2323 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
R:\Install\Windows XP\logitech\g15\LCD Miscellany 0.4.3.1\LCDMisc.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\AASP\1.00.64\aaCenter.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Games\Warcraft III\downloads\WC3Banlist_3\WC3Banlist\WC3Banlist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Documents and Settings\USER_NAME_EDITED\Desktop\virus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netflix.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SeaMonkey Quick Launch] "c:\program files\mozilla.org\seamonkey\SeaMonkey.exe" -turbo
uRun: [Aim6]
uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [WUSB54Gv2] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\USER_NAME_EDITED\startm~1\programs\startup\juice.lnk - c:\program files\juice\Juice.exe
StartupFolder: c:\docume~1\USER_NAME_EDITED\startm~1\programs\startup\pcprob~1.lnk - c:\program files\asus\pc probe ii\Probe2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.26,85.255.112.73
TCP: {05F627FD-1F69-4E79-95AF-85B40CC40FCA} = 85.255.112.26,85.255.112.73
TCP: {F89D6152-14A2-4C9B-B1CF-F5EB25CFA001} = 85.255.112.26,85.255.112.73
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-13 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-22 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-9 36864]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 uisp;Motorola USB ICP driver;c:\windows\system32\drivers\usbicp.sys --> c:\windows\system32\drivers\usbicp.sys [?]

=============== Created Last 30 ================

2009-05-05 01:08 450 a------- c:\windows\system32\BDUpdateV1.xml
2009-05-04 23:03 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-05-04 19:47 <DIR> --d----- c:\docume~1\USER_NAME_EDITED\applic~1\BitDefender
2009-05-04 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-05-04 19:46 <DIR> --d----- c:\program files\common files\BitDefender
2009-05-04 06:13 850 a------- c:\windows\system32\ProductTweaks.xml
2009-05-04 06:13 385 a------- c:\windows\system32\user_gensett.xml
2009-04-30 01:29 <DIR> --d----- c:\program files\TiVo
2009-04-30 01:29 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-04-30 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TiVo
2009-04-29 16:04 <DIR> --d----- c:\program files\iPod
2009-04-29 16:04 <DIR> --d----- c:\program files\iTunes
2009-04-29 16:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

==================== Find3M ====================

2009-05-07 18:54 81,984 a------- c:\windows\system32\bdod.bin
2009-04-04 04:03 118,784 a------- c:\windows\SeaMonkeyUninstall.exe
2009-04-04 04:03 19,790 a------- c:\windows\mozver.dat
2009-04-04 04:03 118,784 a------- c:\windows\GREUninstall.exe
2009-04-02 22:56 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-24 23:17 69,237 a------- c:\windows\War3Unin.dat
2009-03-13 01:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2006-06-22 23:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-12-20 11:26 8 ---shr-- c:\windows\system32\BDB262BF73.sys
2008-12-20 11:26 8 ---shr-- c:\windows\system32\D70D0AFFB4.sys
2008-12-07 01:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120720081208

\index.dat

============= FINISH: 20:23:48.85 ===============

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 20 May 2009 - 09:09 PM

Hello, alextc78 :thumbup2:
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • GMER's Log
  • OTListIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 alextc78

alextc78
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 23 May 2009 - 06:05 PM

Hi Billy,

thank you very much for your reply, sorry about taking so long to post, but every time i ran GMER it would crash my system. i finally got a successful run. I've attached my 3 logs.

again, thanks so much!

-alex

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 24 May 2009 - 12:51 AM

Hello, alextc78 :thumbup2:
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 alextc78

alextc78
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 26 May 2009 - 10:21 PM

Thanks Billy3,

that appears to have fixed it. attached is the log. anything else i need to do as followup?

Attached Files



#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 26 May 2009 - 11:51 PM

Hello, alextc78 :thumbup2:
Yes, you are not clean yet.

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    driver::
    NPF
    file::
    c:\windows\system32\drivers\npf.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 alextc78

alextc78
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 28 May 2009 - 06:23 PM

Thanks again Billy3.

attached is the log.

Attached Files



#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 29 May 2009 - 03:01 PM

Hello, alextc78 :thumbup2:
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 alextc78

alextc78
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 May 2009 - 03:51 AM

Hi Billy,
Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=967e8790e4195941be86593332d2bb04
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-30 08:07:52
# local_time=2009-05-30 01:07:52 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2050 21 100 100 76293281250
# scanned=305302
# found=1
# cleaned=1
# scan_time=6521
R:\Data\email\99-00 netscape\Trash probably unknown SCRIPT virus (contained infected files) 00000000000000000000000000000000

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 30 May 2009 - 09:08 PM

Hello, alextc78 :step4:
Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 alextc78

alextc78
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 June 2009 - 12:56 AM

Thanks Billy!
i'd like to take one last opportunity to thank you for your help.

a question: i currently have bitdefender as my antivirus program... is that insufficient? do i really need these other programs you suggested if i keep bitdefender updated with the latest virus signatures?

-alex

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 01 June 2009 - 08:53 PM

Hello, alextc78 :thumbup2:

You're welcome :)

a question: i currently have bitdefender as my antivirus program... is that insufficient? do i really need these other programs you suggested if i keep bitdefender updated with the latest virus signatures?

In short, yes.

In long, the reason for the other programs is that they are NOT antivirus programs. They look for different signs/problems. Additionally, Spyware Blaster and the Hosts file provide passive protection -- these do not slow your computer down, nor do they run anything in the background. They are simply ways of configuring your browser to ignore several known malware distribution sites.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:26 PM

Posted 03 June 2009 - 10:00 PM

Hello, alextc78 :thumbup2:
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users