Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with overclick.cn


  • This topic is locked This topic is locked
16 replies to this topic

#1 ketrob

ketrob

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 07 July 2009 - 10:13 PM

Hi, each time I search and click on a google link, I'm redirected to some random page with something called "overclick.cn" I've been trying to get rid of this thing with Webroot AntiVirus with Spyware and Windows Defender without succes, please somebody can help me?

Thank you


DDS (Ver_09-06-26.01) - NTFSx86
Run by Roberto at 22:39:03.68 on Tue 07/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.43 [GMT -4:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Roberto\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [<NO NAME>]
uRun: [Radio365Agent] "c:\progra~1\live365\radio365\Radio365TrayAgent.exe"
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [EPSON Stylus CX4800 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dvd43] "c:\program files\dvd43\dvd43_tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [SpySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246665229375
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\smith micro\stuffit 2009\ArcNameService.exe [2008-12-19 199000]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-5 1205760]

=============== Created Last 30 ================

2009-07-07 14:45 <DIR> --d----- c:\program files\uTorrent
2009-07-07 14:44 <DIR> --d----- c:\docume~1\roberto\applic~1\uTorrent
2009-07-07 13:28 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-07 12:17 3,250 a------- c:\windows\system32\wbem\Outlook_01c9ff1e6140aca0.mof
2009-07-07 11:52 <DIR> --d----- c:\windows\SHELLNEW
2009-07-07 11:02 <DIR> --d----- C:\downloads
2009-07-07 11:02 <DIR> --d----- c:\docume~1\roberto\applic~1\GrabPro
2009-07-07 11:02 <DIR> --d----- c:\program files\Orbitdownloader
2009-07-07 00:02 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-07 00:02 1,409 a------- c:\windows\QTFont.for
2009-07-06 22:07 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-06 22:06 18,816 a------- c:\windows\system32\drivers\dvd43llh.sys
2009-07-06 22:06 <DIR> --d----- c:\program files\dvd43
2009-07-06 22:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Smith Micro
2009-07-06 22:02 <DIR> --d----- c:\program files\Smith Micro
2009-07-06 21:46 <DIR> --d----- c:\program files\LG Software Innovations
2009-07-06 21:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1Click DVD Copy
2009-07-06 21:40 87,608 a------- c:\docume~1\roberto\applic~1\inst.exe
2009-07-06 21:30 81,920 a------- c:\docume~1\roberto\applic~1\ezpinst.exe
2009-07-06 21:30 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-07-06 21:30 47,360 a------- c:\docume~1\roberto\applic~1\pcouffin.sys
2009-07-06 19:10 <DIR> --d----- c:\program files\Adobe CS4
2009-07-06 17:30 <DIR> --d----- c:\windows\Adobe Illustrator CS
2009-07-06 14:15 <DIR> --d----- c:\program files\Macromedia
2009-07-06 13:39 <DIR> --d----- c:\program files\common files\xing shared
2009-07-06 13:39 <DIR> --d----- c:\program files\common files\Real
2009-07-06 12:58 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-06 12:57 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-07-06 01:43 <DIR> --d----- c:\windows\system32\NtmsData
2009-07-05 22:07 7,794 a------- c:\windows\vp171b-2.cat
2009-07-05 22:07 7,786 a------- c:\windows\g90f-3.cat
2009-07-05 22:07 7,782 a------- c:\windows\q51-9.cat
2009-07-05 22:07 1,224 a------- c:\windows\VP171b-2.inf
2009-07-05 22:07 1,204 a------- c:\windows\Q51-9.inf
2009-07-05 22:07 1,164 a------- c:\windows\G90f-3.inf
2009-07-05 22:07 512 a------- c:\windows\VP171b-2.icm
2009-07-05 22:07 512 a------- c:\windows\Q51-9.icm
2009-07-05 22:07 512 a------- c:\windows\G90f-3.icm
2009-07-05 20:33 <DIR> --d----- c:\program files\Western Digital
2009-07-05 20:33 <DIR> --d----- c:\program files\Western Digital Corporation
2009-07-05 20:33 20,992 a------- c:\windows\jestertb.dll
2009-07-05 20:19 79,679 a------- c:\windows\system32\E_FLMADA.DLL
2009-07-05 20:19 64,000 a------- c:\windows\system32\E_FBCBADA.DLL
2009-07-05 20:19 34,304 a------- c:\windows\system32\E_FBCHADA.DLL
2009-07-05 20:19 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-07-05 20:19 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-05 20:19 <DIR> --d----- c:\program files\epson
2009-07-05 20:19 46,080 a------- c:\windows\system32\escimgd.dll
2009-07-05 20:19 29,696 a------- c:\windows\system32\escwiad.dll
2009-07-05 20:19 22,016 a------- c:\windows\system32\esccmd.dll
2009-07-05 20:13 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-07-05 20:13 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-07-05 20:13 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-05 19:58 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-05 19:58 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-05 18:41 495,616 a------- c:\windows\system32\p365vip.dll
2009-07-05 18:41 352,256 a------- c:\windows\system32\Activeskin.ocx
2009-07-05 18:41 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-05 18:41 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-07-05 18:41 503,808 a------- c:\windows\system32\msvcp71.dll
2009-07-05 18:41 <DIR> --d----- c:\program files\Live365
2009-07-05 18:03 28,882 a------- c:\windows\system32\tablet.dat
2009-07-05 18:03 <DIR> --d----- c:\program files\Tablet
2009-07-05 18:03 2,760,704 -------- c:\windows\system32\WacomTablet.cpl
2009-07-05 18:03 1,190,452 -------- c:\windows\system32\WacomTablet.znc
2009-07-05 18:03 <DIR> --d----- c:\windows\system32\WTablet
2009-07-05 18:03 8,138 -------- c:\windows\system32\drivers\PenClass.sys
2009-07-05 18:03 102,400 -------- c:\windows\system32\Wintab32.dll
2009-07-05 18:03 44,544 -------- c:\windows\system32\TabHook.dll
2009-07-05 18:03 15,744 -------- c:\windows\system32\Wintab.dll
2009-07-05 18:03 679,936 -------- c:\windows\system32\Tablet.exe
2009-07-05 17:56 <DIR> --d----- c:\program files\Ask.com
2009-07-05 17:56 <DIR> --d----- c:\program files\MSSOAP
2009-07-05 17:56 1,563,008 a------- c:\windows\WRSetup.dll
2009-07-05 17:56 <DIR> --d----- c:\program files\Webroot
2009-07-05 17:56 <DIR> --d----- c:\docume~1\roberto\applic~1\Webroot
2009-07-05 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-07-05 17:56 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-07-05 17:56 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-07-05 17:56 <DIR> --d----- c:\windows\system32\Lang
2009-07-05 17:51 164 a------- c:\windows\install.dat
2009-07-05 17:30 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-07-05 17:30 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-05 17:30 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-07-05 17:30 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-04 16:02 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-04 16:02 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-04 11:24 <DIR> --d----- C:\backup
2009-07-03 20:52 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-03 20:46 <DIR> --dsh--- c:\documents and settings\roberto\PrivacIE
2009-07-03 20:46 <DIR> --dsh--- c:\documents and settings\roberto\IECompatCache
2009-07-03 20:40 <DIR> --dsh--- c:\documents and settings\roberto\IETldCache
2009-07-03 20:37 0 a------- c:\windows\ativpsrm.bin
2009-07-03 20:33 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-03 20:32 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-03 20:32 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-03 20:32 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-03 20:32 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-03 20:32 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-03 20:32 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-07-03 20:32 <DIR> --d----- C:\50e0177d88d58839ba
2009-07-03 20:32 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-03 20:30 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-03 20:30 <DIR> --d----- c:\windows\ie8updates
2009-07-03 20:30 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-03 20:30 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-03 20:30 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 20:30 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-03 20:30 <DIR> -cd-h--- c:\windows\ie8
2009-07-03 20:25 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-03 20:24 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-03 19:53 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-07-03 19:52 <DIR> --d----- c:\program files\ATI Technologies
2009-07-03 19:52 <DIR> --d----- C:\ATI
2009-07-03 19:41 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-03 19:41 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-07-03 19:38 19,569 a------- c:\windows\002584_.tmp
2009-07-03 19:38 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-07-03 19:37 <DIR> --d----- c:\windows\EHome
2009-07-03 19:30 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-03 19:30 <DIR> --dsh--- c:\documents and settings\roberto\UserData
2009-07-03 19:29 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-03 19:26 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-03 19:26 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-03 19:26 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-03 19:22 159,744 a----r-- c:\windows\system32\drivers\Fasttx2k.sys
2009-07-03 19:22 118,784 a----r-- c:\windows\system32\ptipbmf.dll
2009-07-03 18:54 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-03 18:53 288,896 a----r-- c:\windows\system32\drivers\yk51x86.sys
2009-07-03 18:39 <DIR> --d----- c:\documents and settings\Roberto
2009-07-03 18:38 <DIR> --ds---- c:\windows\system32\Microsoft
2009-07-03 18:38 8,192 a------- c:\windows\REGLOCS.OLD
2009-07-03 18:36 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime
2009-07-03 18:35 838,144 ac------ c:\windows\system32\dllcache\chtbrkr.dll
2009-07-03 18:34 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-07-03 18:34 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-07-03 18:34 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-03 18:33 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-03 18:33 <DIR> --d----- c:\program files\Online Services
2009-07-03 18:33 <DIR> --d----- c:\program files\Messenger
2009-07-03 18:32 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-07-03 18:32 <DIR> --d----- c:\program files\Windows NT
2009-07-03 14:21 <DIR> --d----- c:\program files\common files\ODBC
2009-07-03 14:21 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-07-03 14:21 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-07-07 20:19 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-07-03 19:43 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-03 18:33 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:41:13.64 ===============

Attached Files


Edited by ketrob, 07 July 2009 - 10:44 PM.


BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 09 July 2009 - 06:06 PM

Hello ketrob,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 10 July 2009 - 01:54 AM

Hi, thanks for helping me with this thing.
As requested:

---------------------------------------------

checkup.txt. results:

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
WindowsLiveOneCaresafetyscanner
WebrootAntiViruswithAntiSpyware
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Webroot AntiVirus with AntiSpyware
Spy Sweeper Core
Windows Defender
Malwarebytes' Anti-Malware
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 57 seconds.
`````````End of Log```````````

------------------------------------------------

Malwarebytes log:

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 5.1.2600 Service Pack 3

7/10/2009 2:46:06 AM
mbam-log-2009-07-10 (02-46-06).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 294953
Time elapsed: 39 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:42 AM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Radio365Agent] "C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe"
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1246665229375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 7696 bytes

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 10 July 2009 - 09:59 AM

Hi ketrob,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Webroot AntiVirus with AntiSpyware, SpySweeper and Windows Defender before running ComboFix, as they will prevent it from running.

To disable SpySweeper
Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup".
On the left click "shields" and then uncheck everything there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.

To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 10 July 2009 - 03:44 PM

ComboFix Log:

ComboFix 09-07-09.08 - Roberto 07/10/2009 16:10.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.672 [GMT -4:00]
Running from: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Roberto\Application Data\inst.exe
c:\windows\jestertb.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\drivers\hjgruiwpibdevb.sys
c:\windows\system32\hjgruiixfqhtap.dat
c:\windows\system32\hjgruilngfvpwm.dll
c:\windows\system32\hjgruiqjkrjkoq.dll
c:\windows\system32\hjgruivqflkmlp.dat
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruicpyrbodo


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 06:50 . 2009-07-10 06:50 -------- d-----w- c:\program files\Trend Micro
2009-07-09 22:39 . 2009-07-10 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\16376874
2009-07-08 18:54 . 2009-07-08 18:54 -------- d-----w- c:\documents and settings\Roberto\Application Data\Malwarebytes
2009-07-08 18:54 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 18:54 . 2009-07-08 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 18:54 . 2009-07-08 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-08 18:54 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 15:52 . 2009-07-08 15:52 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-08 15:52 . 2009-07-08 15:52 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Downloaded Installations
2009-07-08 05:05 . 2009-07-08 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-08 00:23 . 2009-07-08 00:23 -------- d-----w- c:\program files\Windows Defender
2009-07-07 23:32 . 2009-07-07 23:44 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-07 17:36 . 2009-07-07 17:36 -------- d-----w- c:\program files\Adobe Media Player
2009-07-07 17:33 . 2009-07-07 17:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-07 17:28 . 2009-07-07 17:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-07 15:55 . 2009-07-08 18:02 -------- d-----w- c:\program files\Microsoft Works
2009-07-07 15:53 . 2009-07-07 15:53 -------- d-----w- c:\program files\Microsoft.NET
2009-07-07 15:52 . 2009-07-07 15:54 -------- d-----w- c:\windows\SHELLNEW
2009-07-07 15:51 . 2009-07-07 15:51 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Microsoft Help
2009-07-07 15:51 . 2009-07-10 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-07 15:50 . 2009-07-07 15:50 -------- d--h--r- C:\MSOCache
2009-07-07 15:02 . 2009-07-08 16:58 -------- d-----w- C:\downloads
2009-07-07 15:02 . 2009-07-07 15:02 -------- d-----w- c:\documents and settings\Roberto\Application Data\GrabPro
2009-07-07 15:02 . 2009-07-08 18:04 -------- d-----w- c:\documents and settings\Roberto\Application Data\Orbit
2009-07-07 04:13 . 2009-07-07 04:14 -------- d-----w- c:\program files\QuickTime
2009-07-07 04:13 . 2009-07-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-07 04:13 . 2009-07-07 04:13 -------- d-----w- c:\program files\Apple Software Update
2009-07-07 04:13 . 2009-07-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-07 02:07 . 2009-07-07 02:07 -------- d-----w- c:\program files\MSXML 4.0
2009-07-07 02:02 . 2009-07-07 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Smith Micro
2009-07-07 02:02 . 2009-07-10 07:39 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\smith micro
2009-07-07 02:02 . 2009-07-07 02:02 -------- d-----w- c:\program files\Smith Micro
2009-07-07 02:00 . 2009-07-07 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-07 01:46 . 2009-07-07 01:46 -------- d-----w- c:\program files\LG Software Innovations
2009-07-07 01:40 . 2009-07-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy
2009-07-07 01:30 . 2009-07-07 01:47 -------- d-----w- c:\documents and settings\Roberto\Application Data\Vso
2009-07-07 01:30 . 2009-07-07 01:47 81920 ----a-w- c:\documents and settings\Roberto\Application Data\ezpinst.exe
2009-07-07 01:30 . 2009-07-07 01:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-07 01:30 . 2009-07-07 01:47 47360 ----a-w- c:\documents and settings\Roberto\Application Data\pcouffin.sys
2009-07-06 23:39 . 2009-07-06 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-06 23:27 . 2009-07-06 23:27 -------- d-----w- c:\documents and settings\Roberto\Application Data\Apple Computer
2009-07-06 23:23 . 2009-07-06 23:23 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Apple
2009-07-06 23:23 . 2009-07-06 23:23 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Apple Computer
2009-07-06 23:10 . 2009-07-06 23:10 -------- d-----w- c:\program files\Adobe CS4
2009-07-06 21:59 . 2009-07-06 23:09 -------- d-----w- c:\documents and settings\Roberto\Application Data\Download Manager
2009-07-06 21:30 . 2009-07-06 21:30 -------- d-----w- c:\windows\Adobe Illustrator CS
2009-07-06 18:15 . 2009-07-06 18:15 -------- d-----w- c:\program files\Macromedia
2009-07-06 17:39 . 2009-07-06 17:39 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-06 17:39 . 2009-07-06 17:39 -------- d-----w- c:\program files\Real
2009-07-06 17:39 . 2009-07-06 17:39 -------- d-----w- c:\program files\Common Files\Real
2009-07-06 17:03 . 2009-07-06 17:03 -------- d-----w- c:\documents and settings\Roberto\Application Data\EPSON
2009-07-06 16:58 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-07-06 16:54 . 2009-07-06 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-06 16:54 . 2009-07-06 16:57 -------- d-----w- c:\program files\Logitech
2009-07-06 05:43 . 2009-07-06 06:12 -------- d-----w- c:\windows\system32\NtmsData
2009-07-06 00:50 . 2008-04-14 09:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-06 00:38 . 2009-07-07 17:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 00:36 . 2009-07-09 02:51 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\Adobe
2009-07-06 00:36 . 2009-07-06 00:36 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-06 00:36 . 2009-07-06 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-06 00:36 . 2009-07-06 16:50 -------- d-----w- c:\program files\NOS
2009-07-06 00:33 . 2009-07-06 00:33 -------- d-----w- c:\program files\Western Digital
2009-07-06 00:33 . 2009-07-06 00:33 -------- d-----w- c:\program files\Western Digital Corporation
2009-07-06 00:19 . 2004-11-25 09:07 79679 ----a-w- c:\windows\system32\E_FLMADA.DLL
2009-07-06 00:19 . 2003-05-21 06:27 64000 ----a-w- c:\windows\system32\E_FBCBADA.DLL
2009-07-06 00:19 . 2000-06-07 05:01 34304 ----a-w- c:\windows\system32\E_FBCHADA.DLL
2009-07-06 00:19 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-06 00:19 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-06 00:19 . 2009-07-06 00:19 -------- d-----w- c:\program files\epson
2009-07-06 00:19 . 2005-02-25 04:00 46080 ----a-w- c:\windows\system32\escimgd.dll
2009-07-06 00:19 . 2005-02-25 04:00 29696 ----a-w- c:\windows\system32\escwiad.dll
2009-07-06 00:19 . 2005-02-25 04:00 22016 ----a-w- c:\windows\system32\esccmd.dll
2009-07-06 00:13 . 2008-04-14 04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-07-06 00:13 . 2008-04-14 04:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-06 00:13 . 2008-04-14 04:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-05 23:58 . 2008-04-14 04:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-05 23:58 . 2008-04-14 04:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-05 23:00 . 2009-07-05 23:00 1915520 ----a-w- c:\documents and settings\Roberto\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-05 22:41 . 2009-07-06 17:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-05 22:41 . 2008-04-17 17:38 495616 ----a-w- c:\windows\system32\p365vip.dll
2009-07-05 22:41 . 2006-01-19 16:05 503808 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-05 22:41 . 2003-03-19 02:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-07-05 22:41 . 2009-07-05 22:41 -------- d-----w- c:\program files\Live365
2009-07-05 22:03 . 2009-07-10 20:10 28882 ----a-w- c:\windows\system32\tablet.dat
2009-07-05 22:03 . 2009-07-05 22:03 -------- d-----w- c:\program files\Tablet
2009-07-05 22:03 . 2009-07-05 22:03 -------- d-----w- c:\windows\system32\WTablet
2009-07-05 22:03 . 2001-04-09 20:45 8138 ------w- c:\windows\system32\drivers\PenClass.sys
2009-07-05 22:03 . 2004-07-13 21:50 102400 ------w- c:\windows\system32\Wintab32.dll
2009-07-05 22:03 . 2004-07-13 21:40 44544 ------w- c:\windows\system32\TabHook.dll
2009-07-05 22:03 . 1999-05-07 16:12 15744 ------w- c:\windows\system32\Wintab.dll
2009-07-05 22:03 . 2004-07-13 21:51 679936 ------w- c:\windows\system32\Tablet.exe
2009-07-05 21:58 . 2009-07-06 00:28 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\AskToolbar
2009-07-05 21:57 . 2009-07-05 21:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-05 21:56 . 2009-07-05 21:56 -------- d-----w- c:\program files\Ask.com
2009-07-05 21:56 . 2009-07-05 21:56 -------- d-----w- c:\program files\MSSOAP
2009-07-05 21:56 . 2009-07-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-05 21:56 . 2009-07-05 21:56 -------- d-----w- c:\program files\Webroot
2009-07-05 21:56 . 2009-07-05 21:56 -------- d-----w- c:\documents and settings\Roberto\Application Data\Webroot
2009-07-05 21:56 . 2009-05-13 19:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-07-05 21:56 . 2009-07-05 21:56 -------- d-----w- c:\windows\system32\Lang
2009-07-05 21:51 . 2009-07-05 21:51 164 ----a-w- c:\windows\install.dat
2009-07-05 21:30 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-05 21:30 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-05 21:30 . 2008-04-14 04:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-07-05 21:30 . 2008-04-14 04:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-04 20:02 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-04 15:24 . 2009-07-04 15:26 -------- d-----w- C:\backup
2009-07-04 00:54 . 2009-07-04 00:54 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\ApplicationHistory
2009-07-04 00:46 . 2009-07-04 00:46 -------- d-sh--w- c:\documents and settings\Roberto\PrivacIE
2009-07-04 00:46 . 2009-07-04 00:46 -------- d-sh--w- c:\documents and settings\Roberto\IECompatCache
2009-07-04 00:46 . 2009-07-08 18:09 69232 ----a-w- c:\documents and settings\Roberto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 00:45 . 2009-07-04 00:45 -------- d-----w- c:\documents and settings\Roberto\Local Settings\Application Data\ATI
2009-07-04 00:45 . 2009-07-04 00:45 -------- d-----w- c:\documents and settings\Roberto\Application Data\ATI
2009-07-04 00:45 . 2009-07-04 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-04 00:40 . 2009-07-04 00:40 -------- d-sh--w- c:\documents and settings\Roberto\IETldCache
2009-07-04 00:37 . 2009-07-04 00:37 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-04 00:33 . 2009-07-04 00:33 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-04 00:33 . 2009-07-04 00:33 -------- d-----w- c:\program files\MSBuild
2009-07-04 00:33 . 2009-07-04 00:33 -------- d-----w- c:\program files\Reference Assemblies
2009-07-04 00:32 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-04 00:32 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-04 00:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-04 00:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-04 00:32 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-04 00:32 . 2009-07-04 00:33 -------- d-----w- C:\50e0177d88d58839ba

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 20:10 . 2009-07-06 16:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-10 20:10 . 2009-07-06 16:58 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-08 00:21 . 2009-07-06 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-07-06 16:58 . 2009-07-06 16:54 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-07-06 16:57 . 2009-07-06 16:57 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-07-06 16:55 . 2009-07-06 16:55 -------- d-----w- c:\documents and settings\Roberto\Application Data\Leadertech
2009-07-06 00:20 . 2009-07-06 00:20 -------- d-----w- c:\documents and settings\Roberto\Application Data\InstallShield
2009-07-04 00:26 . 2009-07-04 00:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 23:43 . 2009-07-03 22:35 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 22:35 . 2009-07-03 22:35 -------- d-----w- c:\program files\microsoft frontpage
2009-07-03 22:33 . 2009-07-03 22:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2009-04-29 04:46 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-21 22:27 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 22:27 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 22:27 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 19:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Radio365Agent"="c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe" [2009-03-04 884736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-06 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2006-02-26 118784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-7-6 66864]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-7-5 77824]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 394856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Macromedia\\FreeHand MX\\FreeHand MX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 11:49 AM 77312]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe [12/19/2008 9:28 AM 199000]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [7/5/2009 5:56 PM 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 19:06]

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{F9F92858-543A-4538-B6BF-965FC9791557}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

2009-07-10 c:\windows\Tasks\wrSpySweeper_LCA81EF76CCFB4A6D9B10353534A8242B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-07-05 19:40]

2009-07-10 c:\windows\Tasks\wrSpySweeper_LCA81EF76CCFB4A6D9B10353534A8242B.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-07-05 19:40]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 16:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-10 16:38
ComboFix-quarantined-files.txt 2009-07-10 20:38

Pre-Run: 397,338,427,392 bytes free
Post-Run: 397,527,199,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

272 --- E O F --- 2009-07-10 07:01

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 10 July 2009 - 04:37 PM

Hi ketrob,

Looks good. :thumbup2:

Now lets look for stragglers.

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post even if it finds nothing.
You can refer to this animation by sundavis if needed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 10 July 2009 - 10:47 PM

Kaspersky online report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 10, 2009 23:22:42
Records in database: 2457893
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan statistics:
Files scanned: 185551
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 05:02:30


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruiqjkrjkoq.dll.vir Infected: Trojan.Win32.Monder.cqbi 1

The selected area was scanned.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 10 July 2009 - 10:58 PM

Hi ketrob,


Looks good. :thumbup2: That file was previously quarantined, so not a problem. We will be getting rid of it shortly.

Please tell me how your computer is running.

We still need to do the program clean up.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 10 July 2009 - 11:14 PM

Hi SifuMike

The computer is runnig fine now, there is no more redirecting in explorer, so far...

Thanks

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 10 July 2009 - 11:56 PM

Hi ketrob,

OK then its time to do the program clean up. :)

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTM3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read and follow

Simple and easy ways to keep your computer safe and secure on the Internet
as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.


Now your good to go. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 11 July 2009 - 12:15 AM

Hi Sifumike

Thank you very,very,very much for helping me...

A question if I may, I have been reviewing the Kaspersky Anti-Virus 2009, bitdefender and Vipre and frankly all of them sound very good, can you point me in the right direction about one of them? or suggest me another good antivirus software?

Thank you very much again...

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 11 July 2009 - 12:27 AM

Hi,

Do you want free or commercial antivirus? If commercial AV then I assume you want a suite.

Personally, I recommend Avira Antiv if you want a free antivirus. A leading Consumer magizine gave it top reviews (for free antivirus).

Edited by SifuMike, 11 July 2009 - 12:36 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 11 July 2009 - 01:42 AM

Hi,

I would like a comercial antivirus and yes, I would like the widest protection available...

Thanks again

Edited by ketrob, 11 July 2009 - 01:44 AM.


#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 11 July 2009 - 10:41 AM

Hi ketrob,

Any of these should do. They have all the bells and whistles, but have all annual renewal fees which are almost as much as the software.
Eset Smart Security
McAfee Internet Security
Norton Internet Security
Kaspersky Internet Security


Remember that only one antivirus should be installed on you computer, as two running will cause major problems.

Edited by SifuMike, 11 July 2009 - 10:45 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 ketrob

ketrob
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 13 July 2009 - 06:21 PM

Hi Sifumike

Thanks for the recommendation, I'll be checking those, and again, thank you very much for helping me :thumbup2: ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users