Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE auto launching and links redirecting in google to ad sites.


  • This topic is locked This topic is locked
15 replies to this topic

#1 scubasteve78

scubasteve78

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 13 July 2009 - 10:34 PM

Hi,

I've been trying to nail this virus for over a week now.

http://www.bleepingcomputer.com/forums/t/240081/links-redirecting-ie-auto-launching-adds/

This is the first thread i had going for it an I have been refered here.

I have two computers with it but i am focusing on fixing my laptop as it is used for uni work and has alot of programs set up that i don't want to lose. I have tried formating my desktop but the virus came back, I have a feeling that it may have been on my flash drive that was not showing up as a drive properly. I have since formated the drive and will try reformating my desktop and reinstalling windows.

My laptop is an Asus Eeepc 906HA (160gb hdd 2gbram) if that helps at all.

Here is the DDS log.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Scuba at 13:22:34.87 on Tue 14/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1418 [GMT 10:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\eclipse\jre\bin\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\eclipse\jre\bin\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Scuba\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\eclipse\jre\bin\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\eclipse\jre\bin\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\eclipse\jre\bin\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\scuba\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\scuba\desktop\CONTACT DETAILS - CONTACT IF FOUND.txt
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scuba\applic~1\mozilla\firefox\profiles\r894iuly.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-8 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-8 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-8 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-8 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-8 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-8 298776]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-9-11 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-9-12 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2002-1-3 36864]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-12 625024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-13 21:43 --d----- c:\documents and settings\scuba\DoctorWeb
2009-07-12 19:54 93 a------- c:\windows\system32\hjgruiphegblid.dat
2009-07-12 19:22 13,408 a------- c:\windows\system32\hjgruimlltpuya.dat
2009-07-12 17:42 --d----- C:\RootRepeal
2009-07-10 18:38 --d----- c:\docume~1\scuba\applic~1\Malwarebytes
2009-07-10 18:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 18:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-10 18:38 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 18:38 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-09 11:15 --d----- c:\program files\Cobian Backup 9
2009-07-08 17:22 --d-h--- C:\$AVG8.VAULT$
2009-07-08 14:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-08 14:42 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-08 14:42 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 14:42 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-08 14:41 --d----- c:\windows\system32\drivers\Avg
2009-07-08 14:41 --d----- c:\program files\AVG
2009-07-08 14:41 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-08 14:23 --d----- c:\docume~1\scuba\applic~1\AVG8
2009-07-08 14:18 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-08 14:17 --d----- c:\program files\SUPERAntiSpyware
2009-07-08 14:17 --d----- c:\docume~1\scuba\applic~1\SUPERAntiSpyware.com
2009-07-08 09:07 --dsh--- c:\documents and settings\scuba\PrivacIE
2009-07-08 03:32 --d----- c:\program files\Spybot - Search & Destroy
2009-07-08 03:32 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-08 02:30 --d----- C:\Drivers for Balthezar
2009-07-07 21:00 93 a------- c:\windows\system32\hjgruikddubrsc.dat
2009-07-07 20:53 84,752 a------- c:\windows\system32\hjgruixhkltfml.dat
2009-07-05 03:00 --d----- c:\windows\ie8updates
2009-07-04 07:06 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-04 07:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-04 07:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-04 07:06 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-03 14:55 --dsh--- c:\documents and settings\scuba\IETldCache
2009-07-03 11:05 -cd-h--- c:\windows\ie8
2009-07-03 02:41 --d----- C:\Games
2009-06-29 01:43 --d----- C:\Movies
2009-06-28 23:03 --d----- c:\program files\PFPortChecker
2009-06-28 22:48 --d----- c:\docume~1\scuba\applic~1\uTorrent

==================== Find3M ====================

2009-06-16 18:28 2,154 a------- c:\docume~1\scuba\applic~1\wklnhst.dat
2009-05-28 18:54 14,925 a------- C:\src.zip
2009-05-19 01:03 33,631 a------- C:\sadiGUI.zip
2009-05-13 15:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-11 00:47 3,563 a------- C:\ChatSystem.zip
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-24 14:04 104,310 a------- C:\Ass1-docs.zip
2009-04-17 22:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 00:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-01 11:58 70 a------- c:\program files\Start WoW Tunnels.bat
2009-03-19 22:10 454,656 a------- c:\program files\putty.exe
2008-05-08 09:34 15,523,560 a------- c:\program files\Install AiGuruU1 Skype Phone.exe

============= FINISH: 13:23:13.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 24 July 2009 - 06:23 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 26 July 2009 - 10:07 AM

Thanks for the help with this. My computer has very much quietened down. I worked out that the source of the infection was my usb drive, it was not showing up as a drive and had a contaminated autorun.ini and some other hiden files on it.


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

27/07/2009 12:58:14 AM
mbam-log-2009-07-27 (00-58-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 228194
Time elapsed: 1 hour(s), 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The other 2 are attachments, Hope thats ok.

Attached Files

  • Attached File  info.txt   17.04KB   1 downloads
  • Attached File  log.txt   25KB   1 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 27 July 2009 - 08:54 AM

Hello scubasteve78,

Can you please post any logs in future instead of attaching them, it's just the way I like to work, thanks. You are right
that there is an infection on your USB drive and it is still there, so we need to clean that up, and I could see in you AII
thread that you also have a rootkit.

While that is running I'd like to start on my desktop, Should i start a new thread or keep using this one ?

My plan was to try to follow similar steps, i think i was following most of the procedures you were getting me to do.


You said this in the AII thread, If you have another computer that is infected you should start a new topic for it rather than follow
the steps for this machine as the instruction will be specifically for this machine, running scans like MBAM and SAS is fine on any
machine but when using tools with custom script they are only for this machine.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Next

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


Then Please post back with Combofix.txt.

Thanks

unite.jpg


#5 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 27 July 2009 - 09:55 AM

Once i discovered that my usb was infected i formated it and the SD card that i had been using in a card reader. I have also since formated my desktop computer. Im still not confident that it is clean though. It has 2 physical disks one partitioned into OS and data the other is straight data.

Sorry about the attachments, trying to be as helpful as possible, I very much apretiate the amount of dedication that a service like this takes and i highly respect it.

ComboFix 09-07-26.01 - Scuba 28/07/2009 0:38.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1465 [GMT 10:00]
Running from: c:\documents and settings\Scuba\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2297251999-738724385-1645878046-1003
c:\recycler\S-1-5-21-3656538656-7917066064-626764627-5315
c:\recycler\S-1-5-21-504221711-2657588388-2843214241-1003
c:\recycler\S-1-5-21-861567501-1202660629-1935655697-1003
c:\windows\system32\hjgruikddubrsc.dat
c:\windows\system32\hjgruimlltpuya.dat
c:\windows\system32\hjgruiphegblid.dat
c:\windows\system32\hjgruixhkltfml.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruietillngs
-------\Service_hjgruisivbqied


((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-26 15:02 . 2009-07-26 15:02 -------- d-----w- c:\program files\trend micro
2009-07-26 15:02 . 2009-07-26 15:02 -------- d-----w- C:\rsit
2009-07-26 13:47 . 2009-07-26 13:47 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-21 12:11 . 2009-07-21 12:11 -------- d-----w- C:\wiiback
2009-07-21 04:09 . 2009-07-21 04:09 -------- d-----w- C:\SSTimetable.jsp_files
2009-07-21 03:19 . 2009-07-24 18:44 -------- d-----w- C:\Uni
2009-07-17 04:11 . 2009-07-17 05:06 -------- d-----w- C:\17-7-09
2009-07-16 22:56 . 2009-07-08 04:41 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-16 22:56 . 2009-07-08 04:41 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-16 22:56 . 2009-07-08 04:41 1107224 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-14 11:24 . 2009-07-24 09:52 -------- d-----w- C:\xbox
2009-07-13 11:43 . 2009-07-13 11:43 -------- d-----w- c:\documents and settings\Scuba\DoctorWeb
2009-07-12 07:42 . 2009-07-12 08:55 -------- d-----w- C:\RootRepeal
2009-07-10 08:38 . 2009-07-10 08:38 -------- d-----w- c:\documents and settings\Scuba\Application Data\Malwarebytes
2009-07-10 08:38 . 2009-07-13 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 08:38 . 2009-07-26 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 08:38 . 2009-07-13 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 08:38 . 2009-07-10 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 01:15 . 2009-07-09 01:16 -------- d-----w- c:\program files\Cobian Backup 9
2009-07-09 01:04 . 2009-07-08 04:41 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-08 07:22 . 2009-07-21 21:11 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-08 05:06 . 2009-07-08 05:07 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 05:05 . 2009-07-08 05:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-08 05:04 . 2009-07-08 05:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-08 04:53 . 2009-07-08 04:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-08 04:42 . 2009-07-08 04:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-08 04:42 . 2009-07-08 04:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 04:42 . 2009-07-08 04:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-08 04:42 . 2009-07-08 04:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-08 04:42 . 2009-07-08 04:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-08 04:41 . 2009-07-27 04:07 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-08 04:41 . 2009-07-08 04:41 -------- d-----w- c:\program files\AVG
2009-07-08 04:41 . 2009-07-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-08 04:23 . 2009-07-08 04:23 -------- d-----w- c:\documents and settings\Scuba\Application Data\AVG8
2009-07-08 04:19 . 2009-07-13 06:32 117760 ----a-w- c:\documents and settings\Scuba\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 04:18 . 2009-07-08 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-08 04:17 . 2009-07-12 08:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 04:17 . 2009-07-08 04:17 -------- d-----w- c:\documents and settings\Scuba\Application Data\SUPERAntiSpyware.com
2009-07-07 23:07 . 2009-07-07 23:07 -------- d-sh--w- c:\documents and settings\Scuba\PrivacIE
2009-07-07 17:32 . 2009-07-07 20:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 17:32 . 2009-07-07 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 16:30 . 2009-07-07 16:49 -------- d-----w- C:\Drivers for Balthezar
2009-07-07 10:59 . 2009-07-07 10:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-04 17:00 . 2009-07-04 17:00 -------- d-----w- c:\windows\ie8updates
2009-07-03 21:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 21:06 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 21:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 21:06 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-03 04:55 . 2009-07-03 04:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-03 04:55 . 2009-07-03 04:55 -------- d-sh--w- c:\documents and settings\Scuba\IETldCache
2009-07-03 01:05 . 2009-07-03 01:06 -------- dc-h--w- c:\windows\ie8
2009-07-02 16:41 . 2009-07-18 07:15 -------- d-----w- C:\Games
2009-06-30 11:38 . 2009-07-23 00:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-28 15:43 . 2009-06-28 15:43 -------- d-----w- C:\Movies
2009-06-28 13:03 . 2009-06-28 13:03 -------- d-----w- c:\program files\PFPortChecker
2009-06-28 12:48 . 2009-07-25 17:05 -------- d-----w- c:\documents and settings\Scuba\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 11:07 . 2009-05-19 12:25 -------- d-----w- c:\documents and settings\Scuba\Application Data\Azureus
2009-07-11 11:23 . 2009-03-19 21:22 -------- d-----w- c:\documents and settings\Scuba\Application Data\Skype
2009-07-08 05:03 . 2009-07-08 05:03 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-08 04:16 . 2009-06-05 11:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 14:36 . 2008-08-09 14:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-08-09 14:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 08:28 . 2009-03-19 23:10 2154 ----a-w- c:\documents and settings\Scuba\Application Data\wklnhst.dat
2009-06-10 17:03 . 2008-09-11 11:50 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 11:48 . 2009-06-05 11:46 -------- d-----w- c:\documents and settings\Scuba\Application Data\Ventrilo
2009-06-05 11:45 . 2009-06-05 11:45 -------- d-----w- c:\program files\Ventrilo
2009-06-03 19:09 . 2008-08-09 14:32 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 11:30 . 2009-04-06 05:35 -------- d-----w- c:\program files\eclipse
2009-05-29 09:18 . 2009-05-29 09:18 -------- d-----w- c:\program files\Notepad++Portable
2009-05-13 05:15 . 2008-08-09 14:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-08-09 14:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-01 01:58 . 2008-03-24 17:11 70 ----a-w- c:\program files\Start WoW Tunnels.bat
2009-03-19 12:10 . 2009-03-19 12:10 454656 ----a-w- c:\program files\putty.exe
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-06-16 16:03 . 2009-03-19 11:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\eclipse\jre\bin\bin\jusched.exe" [2009-04-06 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-08 1948440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-31 16806912]

c:\documents and settings\Scuba\Start Menu\Programs\Startup\
Shortcut to CONTACT DETAILS - CONTACT IF FOUND.sta.lnk - c:\documents and settings\Scuba\Desktop\CONTACT DETAILS - CONTACT IF FOUND.sta [2009-4-26 112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-08 04:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\DeviceDeveloper\\eclipse\\jre\\bin\\java.exe"=
"c:\\WTK2.5.2_01\\bin\\emulator.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_13\\jre\\bin\\java.exe"=
"c:\\Program Files\\eclipse\\jre\\bin\\bin\\javaw.exe"=
"c:\\Program Files\\eclipse\\jre\\bin\\bin\\rmiregistry.exe"=
"c:\\Program Files\\eclipse\\jre\\bin\\bin\\java.exe"=
"c:\\Program Files\\eclipse\\eclipsec.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58981:UDP"= 58981:UDP:58981
"58981:TCP"= 58981:TCP:Azurse2

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/07/2009 2:42 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/07/2009 2:42 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/07/2009 2:42 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/07/2009 2:41 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/07/2009 2:41 PM 298776]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [11/09/2008 9:17 PM 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [12/09/2008 8:18 AM 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [3/01/2002 5:51 AM 36864]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/09/2008 12:42 PM 625024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Scuba\Application Data\Mozilla\Firefox\Profiles\r894iuly.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 00:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\msxml71.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ProgID]
@DACL=(02 0000)
@="XML.XML.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\TypeLib]
@DACL=(02 0000)
@="{40196867-19F8-7157-C097-ECAFF653C9AD}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\VersionIndependentProgID]
@DACL=(02 0000)
@="XML.XML"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{40196867-19F8-7157-C097-ECAFF653C9AD}\.0]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\msxml71.dll"

[HKEY_LOCAL_MACHINE\software\Classes\XML.XML\CLSID]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"

[HKEY_LOCAL_MACHINE\software\Classes\XML.XML\CurVer]
@DACL=(02 0000)
@="XML.XML.1"

[HKEY_LOCAL_MACHINE\software\Classes\XML.XML.1\CLSID]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\windows\system32\ieframe.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\eclipse\jre\bin\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\notepad.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-07-27 0:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-27 14:46

Pre-Run: 10,945,441,792 bytes free
Post-Run: 11,321,315,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

268 --- E O F --- 2009-07-22 07:11

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 27 July 2009 - 04:52 PM

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Azureus and uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\msxml71.dll
RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{40196867-19F8-7157-C097-ECAFF653C9AD}]
[HKEY_LOCAL_MACHINE\software\Classes\XML.XML]
[HKEY_LOCAL_MACHINE\software\Classes\XML.XML.1]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#7 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 27 July 2009 - 10:57 PM

Thanks for the infomation about torrenting, im quite familiar with most of it. I will stop using them untill we are done here.

ComboFix 09-07-26.01 - Scuba 28/07/2009 13:48.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1562 [GMT 10:00]
Running from: c:\documents and settings\Scuba\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scuba\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\msxml71.dll"
.

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-26 15:02 . 2009-07-26 15:02 -------- d-----w- c:\program files\trend micro
2009-07-26 15:02 . 2009-07-26 15:02 -------- d-----w- C:\rsit
2009-07-26 13:47 . 2009-07-26 13:47 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-21 12:11 . 2009-07-21 12:11 -------- d-----w- C:\wiiback
2009-07-21 04:09 . 2009-07-21 04:09 -------- d-----w- C:\SSTimetable.jsp_files
2009-07-21 03:19 . 2009-07-24 18:44 -------- d-----w- C:\Uni
2009-07-17 04:11 . 2009-07-17 05:06 -------- d-----w- C:\17-7-09
2009-07-16 22:56 . 2009-07-08 04:41 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-16 22:56 . 2009-07-08 04:41 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-16 22:56 . 2009-07-08 04:41 1107224 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-14 11:24 . 2009-07-24 09:52 -------- d-----w- C:\xbox
2009-07-13 11:43 . 2009-07-13 11:43 -------- d-----w- c:\documents and settings\Scuba\DoctorWeb
2009-07-12 07:42 . 2009-07-12 08:55 -------- d-----w- C:\RootRepeal
2009-07-10 08:38 . 2009-07-10 08:38 -------- d-----w- c:\documents and settings\Scuba\Application Data\Malwarebytes
2009-07-10 08:38 . 2009-07-13 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 08:38 . 2009-07-26 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 08:38 . 2009-07-13 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 08:38 . 2009-07-10 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 01:15 . 2009-07-09 01:16 -------- d-----w- c:\program files\Cobian Backup 9
2009-07-09 01:04 . 2009-07-08 04:41 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-08 07:22 . 2009-07-21 21:11 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-08 05:06 . 2009-07-08 05:07 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 05:05 . 2009-07-08 05:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-08 05:04 . 2009-07-08 05:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-08 04:53 . 2009-07-08 04:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-08 04:42 . 2009-07-08 04:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-08 04:42 . 2009-07-08 04:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 04:42 . 2009-07-08 04:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-08 04:42 . 2009-07-08 04:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-08 04:42 . 2009-07-08 04:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-08 04:41 . 2009-07-27 04:07 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-08 04:41 . 2009-07-08 04:41 -------- d-----w- c:\program files\AVG
2009-07-08 04:41 . 2009-07-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-08 04:23 . 2009-07-08 04:23 -------- d-----w- c:\documents and settings\Scuba\Application Data\AVG8
2009-07-08 04:19 . 2009-07-13 06:32 117760 ----a-w- c:\documents and settings\Scuba\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 04:18 . 2009-07-08 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-08 04:17 . 2009-07-12 08:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 04:17 . 2009-07-08 04:17 -------- d-----w- c:\documents and settings\Scuba\Application Data\SUPERAntiSpyware.com
2009-07-07 23:07 . 2009-07-07 23:07 -------- d-sh--w- c:\documents and settings\Scuba\PrivacIE
2009-07-07 17:32 . 2009-07-07 20:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 17:32 . 2009-07-07 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 16:30 . 2009-07-07 16:49 -------- d-----w- C:\Drivers for Balthezar
2009-07-07 10:59 . 2009-07-07 10:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-04 17:00 . 2009-07-04 17:00 -------- d-----w- c:\windows\ie8updates
2009-07-03 21:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 21:06 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 21:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 21:06 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-03 04:55 . 2009-07-03 04:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-03 04:55 . 2009-07-03 04:55 -------- d-sh--w- c:\documents and settings\Scuba\IETldCache
2009-07-03 01:05 . 2009-07-03 01:06 -------- dc-h--w- c:\windows\ie8
2009-07-02 16:41 . 2009-07-18 07:15 -------- d-----w- C:\Games
2009-06-30 11:38 . 2009-07-23 00:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-28 15:43 . 2009-06-28 15:43 -------- d-----w- C:\Movies
2009-06-28 13:03 . 2009-06-28 13:03 -------- d-----w- c:\program files\PFPortChecker
2009-06-28 12:48 . 2009-07-27 17:03 -------- d-----w- c:\documents and settings\Scuba\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 11:07 . 2009-05-19 12:25 -------- d-----w- c:\documents and settings\Scuba\Application Data\Azureus
2009-07-11 11:23 . 2009-03-19 21:22 -------- d-----w- c:\documents and settings\Scuba\Application Data\Skype
2009-07-08 05:03 . 2009-07-08 05:03 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-08 04:16 . 2009-06-05 11:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 14:36 . 2008-08-09 14:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-08-09 14:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 08:28 . 2009-03-19 23:10 2154 ----a-w- c:\documents and settings\Scuba\Application Data\wklnhst.dat
2009-06-10 17:03 . 2008-09-11 11:50 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 11:48 . 2009-06-05 11:46 -------- d-----w- c:\documents and settings\Scuba\Application Data\Ventrilo
2009-06-05 11:45 . 2009-06-05 11:45 -------- d-----w- c:\program files\Ventrilo
2009-06-03 19:09 . 2008-08-09 14:32 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 11:30 . 2009-04-06 05:35 -------- d-----w- c:\program files\eclipse
2009-05-29 09:18 . 2009-05-29 09:18 -------- d-----w- c:\program files\Notepad++Portable
2009-05-13 05:15 . 2008-08-09 14:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-08-09 14:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-01 01:58 . 2008-03-24 17:11 70 ----a-w- c:\program files\Start WoW Tunnels.bat
2009-03-19 12:10 . 2009-03-19 12:10 454656 ----a-w- c:\program files\putty.exe
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-06-16 16:03 . 2009-03-19 11:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-27_14.43.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 03:00 . 2009-07-28 03:00 16384 c:\windows\Temp\Perflib_Perfdata_650.dat
+ 2008-08-09 14:32 . 2009-07-28 03:04 62746 c:\windows\system32\perfc009.dat
- 2008-08-09 14:32 . 2009-07-27 14:26 62746 c:\windows\system32\perfc009.dat
+ 2008-08-09 14:32 . 2009-07-28 03:04 401632 c:\windows\system32\perfh009.dat
- 2008-08-09 14:32 . 2009-07-27 14:26 401632 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\eclipse\jre\bin\bin\jusched.exe" [2009-04-06 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-08 1948440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-07-31 16806912]

c:\documents and settings\Scuba\Start Menu\Programs\Startup\
Shortcut to CONTACT DETAILS - CONTACT IF FOUND.sta.lnk - c:\documents and settings\Scuba\Desktop\CONTACT DETAILS - CONTACT IF FOUND.sta [2009-4-26 112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-08 04:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\DeviceDeveloper\\eclipse\\jre\\bin\\java.exe"=
"c:\\WTK2.5.2_01\\bin\\emulator.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_13\\jre\\bin\\java.exe"=
"c:\\Program Files\\eclipse\\jre\\bin\\bin\\javaw.exe"=
"c:\\Program Files\\eclipse\\jre\\bin\\bin\\rmiregistry.exe"=
"c:\\Program Files\\eclipse\\jre\\bin\\bin\\java.exe"=
"c:\\Program Files\\eclipse\\eclipsec.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58981:UDP"= 58981:UDP:58981
"58981:TCP"= 58981:TCP:Azurse2

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/07/2009 2:42 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/07/2009 2:42 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/07/2009 2:42 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/07/2009 2:41 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/07/2009 2:41 PM 298776]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [11/09/2008 9:17 PM 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [12/09/2008 8:18 AM 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [3/01/2002 5:51 AM 36864]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/09/2008 12:42 PM 625024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Scuba\Application Data\Mozilla\Firefox\Profiles\r894iuly.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 13:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WININET.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\windows\system32\ieframe.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-28 13:54
ComboFix-quarantined-files.txt 2009-07-28 03:54
ComboFix2.txt 2009-07-27 14:46

Pre-Run: 11,384,999,936 bytes free
Post-Run: 11,345,494,016 bytes free

215 --- E O F --- 2009-07-22 07:11

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 28 July 2009 - 12:26 PM

Hi scubasteve78,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back here with the following:
  • Kaspersky report
  • New DDS log
Thanks

unite.jpg


#9 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 28 July 2009 - 01:33 PM

I use my laptop for java programing. Do you also need me to uninstall the development kits or just the runtime stuff ? I have Java SE Development kit 6 Update 13.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 28 July 2009 - 01:44 PM

I am not familiar with the development kits but it looks like the latest JDK is 6 update 14 so you should proberbly update
that aswell altough it is up to you.

unite.jpg


#11 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 29 July 2009 - 11:21 AM

After almost 12 horus its done. Apparently this application has troubles with rar files that are split into segments. Had a few 6 gb files split into 90~ mb chunks that took about 2 minuntes per chunk. Says its clean, i hope that is a "yay" moment!

KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 29, 2009 04:00:41
Records in database: 2559909
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 120139
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 11:36:24

No malware has been detected. The scan area is clean.
The selected area was scanned.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 29 July 2009 - 07:24 PM

After almost 12 horus its done.


Ouch, Well thats the longest scan time iv seen for Kaspersky, anyway it says your clean, can you post a new DDS log for
one last check and let me no if their are anymore issues.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image

Next

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

unite.jpg


#13 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 29 July 2009 - 08:33 PM

Oh sorry! Totally forgot about the DDS.

Appart from the obvious, running avg and spybot's passive protections, keeping windows up to date and avoid using p2p sharing software, is there anything I should do to keep my computer clean?



DDS (Ver_09-06-26.01) - NTFSx86
Run by Scuba at 11:23:59.32 on Thu 30/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1496 [GMT 10:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scuba\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\scuba\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\scuba\desktop\CONTACT DETAILS - CONTACT IF FOUND.sta
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scuba\applic~1\mozilla\firefox\profiles\r894iuly.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\eclipse\jre\bin\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-8 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-8 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-8 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-8 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-8 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-8 297752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-9-11 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-9-12 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2002-1-3 36864]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-12 625024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-29 17:19 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 17:19 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 04:56 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-29 04:22 <DIR> --d----- c:\documents and settings\scuba\.SunDownloadManager
2009-07-29 02:49 <DIR> --d----- C:\Georgie Drivers
2009-07-28 00:51 <DIR> a-dshr-- C:\autorun.inf
2009-07-28 00:45 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-28 00:36 <DIR> a-dshr-- C:\cmdcons
2009-07-28 00:34 219,648 a------- c:\windows\PEV.exe
2009-07-28 00:34 161,792 a------- c:\windows\SWREG.exe
2009-07-28 00:34 98,816 a------- c:\windows\sed.exe
2009-07-27 01:02 <DIR> --d----- c:\program files\trend micro
2009-07-21 22:11 <DIR> --d----- C:\wiiback
2009-07-21 14:09 16,050 a------- C:\SSTimetable.jsp.htm
2009-07-21 14:09 <DIR> --d----- C:\SSTimetable.jsp_files
2009-07-21 13:19 <DIR> --d----- C:\Uni
2009-07-21 10:59 231,042,548 a------- C:\hubblecast29a.m4v
2009-07-17 14:11 <DIR> --d----- C:\17-7-09
2009-07-14 21:24 <DIR> --d----- C:\xbox
2009-07-13 21:43 <DIR> --d----- c:\documents and settings\scuba\DoctorWeb
2009-07-12 17:42 <DIR> --d----- C:\RootRepeal
2009-07-10 18:38 <DIR> --d----- c:\docume~1\scuba\applic~1\Malwarebytes
2009-07-10 18:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 18:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-10 18:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 18:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-09 11:15 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-08 17:22 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-08 14:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-08 14:42 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-08 14:42 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-08 14:42 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-08 14:41 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-08 14:41 <DIR> --d----- c:\program files\AVG
2009-07-08 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-08 14:23 <DIR> --d----- c:\docume~1\scuba\applic~1\AVG8
2009-07-08 14:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-08 14:17 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-08 14:17 <DIR> --d----- c:\docume~1\scuba\applic~1\SUPERAntiSpyware.com
2009-07-08 09:07 <DIR> --dsh--- c:\documents and settings\scuba\PrivacIE
2009-07-08 03:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-08 03:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-08 02:30 <DIR> --d----- C:\Drivers for Balthezar
2009-07-05 03:00 <DIR> --d----- c:\windows\ie8updates
2009-07-04 07:06 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-04 07:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-04 07:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-04 07:06 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-03 14:55 <DIR> --dsh--- c:\documents and settings\scuba\IETldCache
2009-07-03 11:05 <DIR> -cd-h--- c:\windows\ie8
2009-07-03 02:41 <DIR> --d----- C:\Games

==================== Find3M ====================

2009-07-29 04:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-17 00:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 18:28 2,154 a------- c:\docume~1\scuba\applic~1\wklnhst.dat
2009-06-04 05:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-01 11:58 70 a------- c:\program files\Start WoW Tunnels.bat
2009-03-19 22:10 454,656 a------- c:\program files\putty.exe
2008-05-08 09:34 15,523,560 a------- c:\program files\Install AiGuruU1 Skype Phone.exe

============= FINISH: 11:25:06.85 ===============

Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:55 PM

Posted 30 July 2009 - 10:50 AM

Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#15 scubasteve78

scubasteve78
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 31 July 2009 - 12:33 AM

Thank you very much for all your help. Do any of the third party firewalls provide a funnction like the Windows firewall where they give you a pop up asking if you want to keep blocking that program?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users