Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange music in background/ Trojan Dropper


  • This topic is locked This topic is locked
12 replies to this topic

#1 kirakun03

kirakun03

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 08 August 2010 - 08:07 PM

Hello.
A few days ago I got an email from Blizzard saying my account's password has been changed. (I didn't change it and no one should no my password). I went away for the weekend and started using my laptop again today. Out of nowhere, music would start playing and last about 15 seconds or so. The same song plays every once in awhile. It could be once an hour, or nothing for about 3 hours. There is no real set schedule for when the song starts. Although it is always the same song/length. It reminds me of a game flash ad you would see on the site of lots of sites. I then went to scan my pc with ad aware, and as soon as I hit update, the program freaked out and 50windows popped up and the program closed, and then I got the blue screen of death. (the physical memory dump or something like that) I restarted my pc and got the blue screen again. I restarted a 3rd time, and I was able to see in the task manager that ad aware was running something in the processes and the memory usage kept going up until the blue screen of death came. I was able to stop it and I tried uninstalling it in safe mode. i wasn't able to uninstall it in regular mode. I then used malewarebyte and did a scan and removed 4 files. Those files were: (Files Infected:
C:\Users\Erick\AppData\Local\Temp\smss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Erick\AppData\Local\Temp\loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Erick\AppData\Local\Temp\334263903.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Erick\AppData\Local\Temp\B4BC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. )
About one hour later the music came on again, and I came to this site and started the process to get to where I am now. While I was starting a scan with GMER my PC froze and the blue screen of death appeared again. I tried to scan again in normal mode and samething, blue screen. I did a successful scan in safe mode. I go back into normal mode and get online and when I got back to this site, a windows error message popped up saying "Host Process for windows services stopped working and was closed." And a windows "Problem reports and Solutions" window popped up after that. It is saying my pc might be missing things and an update might help.

Here is the DDS text info:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Erick at 7:58:40.22 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.954 [GMT 9:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
svchost.exe 4
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe 4
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Sony Shared\AVLib\LPStation\LPStation.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Sony\LISMO Port\LismoPimSrv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\npkcmsvc.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\EzDetector\EzDetector.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Erick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Erick\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\erick\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PlayNC Launcher]
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [NeroRebootSetup] "c:\users\erick\appdata\local\temp\nro.tmp\SetupX.exe" SC -Reboot PIINSTALLTYPE="0"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LPStation] c:\program files\common files\sony shared\avlib\lpstation\LPStation.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3A90D051-E921-4741-8288-D1B6747A8A51} - hxxp://www.giro.or.kr/html/yessign/cab/yessign5.0.2.9.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} - hxxp://support.kornet.net/sw5/order/Speed/cab/KTSpeedNewCtrl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} - hxxps://pgdownload.dacom.net/common/js/crossdomain/DacomCrossDomain.cab
DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/AhnASP_vista.cab
DPF: {83682BF2-2351-45C1-963C-9BB635A05178} - hxxp://pgdownload.dacom.net/dacom/IssacWebProCMS_4_2_6_8_DACOM.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} - hxxp://file.naver.com/activex/NaverFile.cab
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/kftc/npkcx_vista.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\erick\appdata\roaming\mozilla\firefox\profiles\48nuc440.default\
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\erick\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\erick\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\erick\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\erick\appdata\roaming\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\erick\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-5-7 20352]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-26 40960]
R2 LISMO PIM Service;LISMO PIM Service;c:\program files\sony\lismo port\LismoPimSrv.exe [2009-7-1 32248]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R3 EzDetector;EzDetector;c:\program files\common files\sony shared\avlib\ezdetector\EzDetector.exe [2009-9-24 263528]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2006-9-30 29312]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S2 gupdate1ca2ba1f6348b33;Google Update Service (gupdate1ca2ba1f6348b33);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-11-6 1527900]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-5-7 937984]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2006-9-30 472832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SonicStage Back-End Service2;SonicStage Back-End Service2;c:\program files\common files\sony shared\avlib\SsBeService2.exe [2009-12-4 124264]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

=============== Created Last 30 ================

2010-08-08 22:50:46 0 d-----w- c:\programdata\TEMP
2010-08-08 22:44:01 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-08 22:44:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-08 22:44:01 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-08 22:44:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-08 22:44:00 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-08 22:43:39 0 d-----w- c:\users\erick\appdata\roaming\Simply Super Software
2010-08-08 22:43:39 0 d-----w- c:\programdata\Simply Super Software
2010-08-08 22:43:39 0 d-----w- c:\program files\Trojan Remover
2010-08-08 20:18:12 0 d-----w- c:\users\erick\appdata\roaming\Malwarebytes
2010-08-08 20:17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 20:17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:17:51 0 d-----w- c:\programdata\Malwarebytes
2010-08-08 20:17:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 18:36:05 0 d-----w- c:\users\erick\appdata\roaming\SUPERAntiSpyware.com
2010-08-08 18:36:05 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-08 18:35:49 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-08 13:38:23 0 d-----w- c:\program files\common files\DVDVideoSoft
2010-08-05 16:14:47 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-07-29 21:09:02 0 d-----w- C:\Fraps
2010-07-27 09:23:11 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 09:23:11 0 d-----w- c:\program files\StarCraft II
2010-07-27 06:31:17 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-07-22 08:17:45 209602 ----a-w- c:\users\erick\jappics.rar
2010-07-22 07:52:37 52984 ----a-w- c:\users\erick\81006249.jpg
2010-07-22 07:24:02 65225 ----a-w- c:\users\erick\80922822.jpg
2010-07-22 07:00:25 29947 ----a-w- c:\users\erick\80908323.jpg
2010-07-21 12:25:39 0 d-----w- c:\program files\Microsoft WSE
2010-07-20 13:06:29 0 d-----w- c:\program files\SEGA
2010-07-16 15:55:33 5153061 ----a-w- c:\users\erick\Kallie.rar

==================== Find3M ====================

2010-06-26 05:00:47 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-06-15 02:16:24 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-22 11:46:42 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-22 11:46:42 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-22 11:46:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-06-13 18:12:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2005-06-30 01:02:24 36864 ----a-w- c:\program files\KvpIspCtlD.ocx
2009-07-27 16:51:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-27 16:51:34 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-27 16:51:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 20:23:52 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 07:20:21 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 07:20:21 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-06-13 07:20:21 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-06-13 07:20:21 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-06-12 20:23:52 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 20:23:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-05-24 03:39:05 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2008-05-24 03:39:04 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 8:00:26.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 08 August 2010 - 10:28 PM

Hi, kirakun03 smile.gif

welcome.gif

Please download and run Rkill by Grinler from any of the following locations (Vista and Win7: to run the application, right click on Rkill and choose Run as an Administrator):
  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 kirakun03

kirakun03
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 09 August 2010 - 08:18 AM

Hello, thank you for your help.

I ran into one small probelm with ComboFix. I started to run it and it detected that NOD32 was running, and I thought I uninstalled it awhile ago. (Maybe a month ago or so). I wasnt able to disable it and I accidently ran combofix (the X at the top didnt close the program) so I just went ahead and did the entire scan with combofix. I am wondering if its a big problem and I should do this again?
Here are the logs:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4407

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

8/9/2010 9:07:20 PM
mbam-log-2010-08-09 (21-07-20).txt

Scan type: Quick scan
Objects scanned: 146411
Time elapsed: 16 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ComboFix 10-08-08.02 - Erick 08/09/2010 21:25:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.872 [GMT 9:00]
Running from: c:\users\Erick\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Erick\NESten061B1.exe
c:\users\Erick\PerfectWorld_Downloader_v3.exe
c:\windows\system32\%appdata%
c:\windows\system32\msvcsv60.dll
c:\windows\system32\npkpdb.dll
c:\windows\system32\sss.exe

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-09 12:44 . 2010-08-09 12:46 -------- d-----w- c:\users\Erick\AppData\Local\temp
2010-08-09 12:44 . 2010-08-09 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-08 22:44 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-08 22:44 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-08 22:44 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-08 22:44 . 2003-02-02 11:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-08 22:44 . 2002-03-05 16:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-08 22:43 . 2010-08-08 22:44 -------- d-----w- c:\program files\Trojan Remover
2010-08-08 22:43 . 2010-08-08 22:43 -------- d-----w- c:\users\Erick\AppData\Roaming\Simply Super Software
2010-08-08 22:43 . 2010-08-08 22:43 -------- d-----w- c:\programdata\Simply Super Software
2010-08-08 20:18 . 2010-08-08 20:18 -------- d-----w- c:\users\Erick\AppData\Roaming\Malwarebytes
2010-08-08 20:17 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 20:17 . 2010-08-08 20:17 -------- d-----w- c:\programdata\Malwarebytes
2010-08-08 20:17 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:17 . 2010-08-08 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 19:56 . 2010-08-08 20:01 680 ----a-w- c:\users\Erick\AppData\Local\d3d9caps.dat
2010-08-08 18:36 . 2010-08-08 18:36 -------- d-----w- c:\users\Erick\AppData\Roaming\SUPERAntiSpyware.com
2010-08-08 18:36 . 2010-08-08 18:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-08 18:35 . 2010-08-08 18:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-08 13:38 . 2010-08-08 19:59 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-29 21:09 . 2010-07-30 09:09 -------- d-----w- C:\Fraps
2010-07-27 09:23 . 2010-08-08 15:14 -------- d-----w- c:\program files\StarCraft II
2010-07-27 09:23 . 2010-07-27 10:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 06:31 . 2010-08-08 15:03 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-21 12:25 . 2010-07-21 12:25 -------- d-----w- c:\program files\Microsoft WSE
2010-07-20 13:06 . 2010-07-20 13:06 -------- d-----w- c:\program files\SEGA
2010-07-12 07:15 . 2010-07-12 07:15 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 12:13 . 2008-09-28 12:00 -------- d-----w- c:\program files\ESET
2010-08-09 12:05 . 2008-06-04 03:19 -------- d-----w- c:\users\Erick\AppData\Roaming\Skype
2010-08-08 22:52 . 2008-09-13 09:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-08 20:08 . 2008-09-28 16:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-08 20:08 . 2008-09-28 16:08 -------- d-----w- c:\programdata\Lavasoft
2010-08-08 14:11 . 2008-05-28 04:24 -------- d-----w- c:\users\Erick\AppData\Roaming\uTorrent
2010-07-27 06:17 . 2008-02-21 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-27 06:17 . 2008-09-13 11:58 -------- d-----w- c:\program files\Electronic Arts
2010-07-22 10:55 . 2010-07-06 09:50 -------- d-----w- c:\users\Erick\AppData\Roaming\Command and Conquer 4
2010-07-14 07:50 . 2008-08-10 09:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-12 07:16 . 2008-06-03 08:45 -------- d-----r- c:\program files\Skype
2010-07-12 07:15 . 2008-06-03 08:45 -------- d-----w- c:\programdata\Skype
2010-07-05 08:51 . 2010-07-05 08:51 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-05 08:50 . 2010-07-05 08:50 -------- d-----w- c:\users\Erick\AppData\Roaming\SystemRequirementsLab
2010-06-26 05:15 . 2010-05-30 04:39 -------- d-----w- c:\programdata\BioWare
2010-06-26 05:13 . 2010-05-30 04:32 -------- d-----w- c:\programdata\Media Center Programs
2010-06-26 05:00 . 2010-06-26 05:00 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-06-19 13:53 . 2008-09-28 11:12 16 ----a-w- c:\windows\msocreg32.dat
2010-06-19 13:52 . 2010-06-19 13:52 -------- d-----w- c:\users\Erick\AppData\Roaming\Acoustica
2010-06-19 13:52 . 2010-06-19 13:33 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2010-06-19 13:52 . 2010-06-19 13:52 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-06-19 13:33 . 2010-06-19 13:33 -------- d-----w- c:\programdata\Acoustica
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-01 17:37 . 2009-10-05 21:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2005-06-30 01:02 . 2008-07-21 12:47 36864 ----a-w- c:\program files\KvpIspCtlD.ocx
2008-05-24 03:39 . 2008-05-24 03:39 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-05-24 03:39 . 2008-05-24 03:39 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-28 68856]
"Google Update"="c:\users\Erick\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-07 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-21 1862144]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 185896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LPStation"="c:\program files\Common Files\Sony Shared\AVLib\LPStation\LPStation.exe" [2009-12-04 1320296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-06 149280]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-20 1093208]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca2ba1f6348b33;Google Update Service (gupdate1ca2ba1f6348b33);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys [2006-09-29 472832]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-30 3407412]
R3 SonicStage Back-End Service2;SonicStage Back-End Service2;c:\program files\Common Files\Sony Shared\AVLib\SsBeService2.exe [2009-12-04 124264]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-09-13 717296]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 LISMO PIM Service;LISMO PIM Service;c:\program files\Sony\LISMO Port\LismoPimSrv.exe [2009-07-01 32248]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EzDetector;EzDetector;c:\program files\Common Files\Sony Shared\AVLib\EzDetector\EzDetector.exe [2009-09-24 263528]
S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2006-09-29 29312]

.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-21 07:48]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 07:49]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 07:49]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-760591241-3459098013-316428093-1000Core.job
- c:\users\Erick\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-07 11:47]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-760591241-3459098013-316428093-1000UA.job
- c:\users\Erick\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-07 11:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: line6.net
DPF: {3A90D051-E921-4741-8288-D1B6747A8A51} - hxxp://www.giro.or.kr/html/yessign/cab/yessign5.0.2.9.cab
DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} - hxxp://support.kornet.net/sw5/order/Speed/cab/KTSpeedNewCtrl.cab
DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} - hxxps://pgdownload.dacom.net/common/js/crossdomain/DacomCrossDomain.cab
DPF: {83682BF2-2351-45C1-963C-9BB635A05178} - hxxp://pgdownload.dacom.net/dacom/IssacWebProCMS_4_2_6_8_DACOM.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} - hxxp://file.naver.com/activex/NaverFile.cab
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
FF - ProfilePath - c:\users\Erick\AppData\Roaming\Mozilla\Firefox\Profiles\48nuc440.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Erick\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Erick\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Erick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Erick\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\Erick\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
AddRemove-au SH004 - c:\program files\SHARP\au SH004\SH14Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 21:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????c??]???h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,65,18,08,1e,45,28,41,88,a3,0d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,65,18,08,1e,45,28,41,88,a3,0d,\

[HKEY_USERS\S-1-5-21-760591241-3459098013-316428093-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,3b,9b,c2,e6,5b,48,5e,69,86,db,d7,65,4f,70,3c,17,b0,76,96,61,55,c5,
48,b6,72,ba,cd,01,fe,14,c1,28,d0,2a,ff,16,20,8c,79,dc,f5,9e,fc,4b,59,53,72,\
"??"=hex:05,e1,d0,b0,7d,7c,3c,f4,54,4e,04,22,77,1e,21,5f

[HKEY_USERS\S-1-5-21-760591241-3459098013-316428093-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,68,86,81,09,8e,6e,8f,2f,ee,61,ca,20,0f,8d,46,40,08,65,3f,ae,
8d,25,cd,92,7f,2a,70,01,05,19,2f,1d,3c,fb,e8,0c,ba,31,a1,00,86,a0,62,80,79,\
"rkeysecu"=hex:3e,9f,c5,27,73,68,70,54,a5,e5,f6,02,14,6d,29,51

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\osk.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\npkcmsvc.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-09 22:04:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 13:04

Pre-Run: 1,832,345,600 bytes free
Post-Run: 30,039,601,152 bytes free

- - End Of File - - 24F3D5559CA3527856C62133D3C3FE94


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 09 August 2010 - 11:40 AM

1. Click on the Start menu (Vista Orb).
3. Type wbemtest and on the seach box and press Ctrl+Shift+Enter.
4. Click on Connect
5. Under NameSpace type in or copy/paste root\SecurityCenter
6. Click on Connect
5. Click on Query
6. Type in or copy/paste SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

Please run the F-Secure Online Scanner
  • For information click Here.
  • Allow the installation of the Add-ons and Accept the License Agreement.
  • Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 kirakun03

kirakun03
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 09 August 2010 - 05:09 PM

Hello
The F-Secure scan wont finish, it gets to around 99% and I get an error message saying Insufficient user right to scan all targets for malware and spyware. (Error ID 65) I am trying to find help on their site, but cant seem to find anything. Ive tried 4 different times so far.

Any suggestions?

Edited by kirakun03, 09 August 2010 - 05:10 PM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 09 August 2010 - 06:06 PM

Lets try another application. Has the background music stopped?

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following are checked
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 kirakun03

kirakun03
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2010 - 03:52 PM

Ok this one worked. And yes the strange music has stopped and I havnt heard it since using combofix. ALthough I did notice when i used F-Secure it found 12 spyware (when it was at 99%, dont know what it found though) and Kaspersky only found 3 things.
And does Kaspersky remove these files, or just tells you what is infected?

Here are the results:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 11, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 09, 2010 18:33:07
Records in database: 4130570
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 277681
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 07:39:35


File name / Threat / Threats count
C:\Program Files\Acoustica Mixcraft 5\VST\3rdParty\Messiah\CK_MIDI_NOTE_DELAY.SEP Infected: Trojan-PSW.Win32.QQPass.vgu 1
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1
C:\Users\Erick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4a172cca-34842f7e Infected: Trojan-Clicker.Win32.Cycler.gen 1

Selected area has been scanned.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 10 August 2010 - 04:14 PM

Do yo recognize this program?

Acoustica Mixcraft 5

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 kirakun03

kirakun03
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2010 - 04:15 PM

Yeah a music mixing program I used to use awhile ago.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 10 August 2010 - 04:27 PM

If it is a paid version, then I would say the finding are a false positive. If the program was downloaded for free throughout a torrent, then I would recommend its removal.

The rest looks clear. Lets do some housekeeping.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.


Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Manually remove any tool left. How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 kirakun03

kirakun03
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 10 August 2010 - 05:08 PM

Ok I ran TFC. The computer is doing good I think, no more music, and no more crashes or anything weird.
As for the Mixcraft 5 program, I want to remove it. Should I just do a normal uninstall?

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 10 August 2010 - 05:31 PM

QUOTE(kirakun03 @ Aug 10 2010, 06:08 PM) View Post
As for the Mixcraft 5 program, I want to remove it. Should I just do a normal uninstall?

Yes. It should be removable throughout the Control Panel

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  4. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  5. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  6. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:22 PM

Posted 12 August 2010 - 11:14 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users