1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active application/octet-stream file

Discussion in 'Malware and Virus Removal Archive' started by alistair, 2009/06/13.

  1. 2009/06/13
    alistair

    alistair Well-Known Member Thread Starter

    Joined:
    2002/02/03
    Messages:
    112
    Likes Received:
    0
    [Active] application/octet-stream file

    I have been running Firefox for over a year and have been happy with it. In the last few days, when I click on anything on my home page, I get a message from Firefox that I have chosen to open a file called "st" which is an application/octet-stream from http://ad dot yieldmanager dot com and asks what I want Firefox to do with it. I have never knowingly wanted to open such a file, and I have never heard of that website, so I suspect that it is some form of malware that wants to run. I just click "Cancel" to get rid of the message, but it pops up next time. I have scanned with Spybot but it found nothing. Can anyone tell me how I can get rid of this very annoying message?

    Alistair
     
    Last edited by a moderator: 2009/06/13
    alistair,
    #1
  2. 2009/06/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #2


  3. to hide this advert.

  4. 2009/06/13
    alistair

    alistair Well-Known Member Thread Starter

    Joined:
    2002/02/03
    Messages:
    112
    Likes Received:
    0
    Is this what I was supposed to do?

    Attach log:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/12/2006 5:34:18 p.m.
    System Uptime: 13/06/2009 4:53:30 p.m. (2 hours ago)

    Motherboard: TOSHIBA | | EAT10/EAT20
    Processor: Intel(R) Pentium(R) M processor 1.86GHz | U1 | 1861/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 53 GiB total, 19.148 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia 6021
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6021
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP664: 9/03/2009 12:01:41 a.m. - System Checkpoint
    RP665: 10/03/2009 1:49:31 a.m. - System Checkpoint
    RP666: 11/03/2009 1:50:56 a.m. - System Checkpoint
    RP667: 12/03/2009 5:31:23 a.m. - System Checkpoint
    RP668: 12/03/2009 7:12:07 p.m. - Software Distribution Service 3.0
    RP669: 13/03/2009 9:14:51 p.m. - System Checkpoint
    RP670: 14/03/2009 9:26:24 p.m. - Software Distribution Service 3.0
    RP671: 15/03/2009 9:58:48 p.m. - System Checkpoint
    RP672: 16/03/2009 11:28:01 p.m. - System Checkpoint
    RP673: 17/03/2009 11:48:53 p.m. - System Checkpoint
    RP674: 18/03/2009 11:56:32 p.m. - System Checkpoint
    RP675: 20/03/2009 8:31:02 p.m. - System Checkpoint
    RP676: 21/03/2009 8:32:41 p.m. - System Checkpoint
    RP677: 21/03/2009 9:21:01 p.m. - March 22
    RP678: 23/03/2009 1:14:32 a.m. - System Checkpoint
    RP679: 24/03/2009 1:30:55 a.m. - System Checkpoint
    RP680: 25/03/2009 1:34:12 a.m. - System Checkpoint
    RP681: 26/03/2009 3:39:16 a.m. - System Checkpoint
    RP682: 27/03/2009 4:22:04 a.m. - System Checkpoint
    RP683: 28/03/2009 4:44:55 a.m. - System Checkpoint
    RP684: 29/03/2009 6:18:35 a.m. - System Checkpoint
    RP685: 30/03/2009 6:31:57 a.m. - System Checkpoint
    RP686: 31/03/2009 8:06:29 a.m. - System Checkpoint
    RP687: 1/04/2009 9:22:03 a.m. - System Checkpoint
    RP688: 2/04/2009 9:37:22 a.m. - System Checkpoint
    RP689: 3/04/2009 9:58:19 a.m. - System Checkpoint
    RP690: 4/04/2009 1:16:39 p.m. - System Checkpoint
    RP691: 5/04/2009 10:21:12 p.m. - System Checkpoint
    RP692: 7/04/2009 12:16:11 a.m. - System Checkpoint
    RP693: 8/04/2009 1:45:11 a.m. - System Checkpoint
    RP694: 9/04/2009 1:57:35 a.m. - System Checkpoint
    RP695: 9/04/2009 10:55:30 p.m. - Software Distribution Service 3.0
    RP696: 11/04/2009 2:11:03 a.m. - System Checkpoint
    RP697: 12/04/2009 2:11:53 a.m. - System Checkpoint
    RP698: 13/04/2009 8:20:30 a.m. - System Checkpoint
    RP699: 14/04/2009 9:38:35 p.m. - System Checkpoint
    RP700: 15/04/2009 11:01:07 a.m. - Installed Delete lower & upper filters for CD devices
    RP701: 16/04/2009 1:55:08 a.m. - Installed DirectX
    RP702: 16/04/2009 1:59:12 a.m. - Installed Nero 7 Essentials
    RP703: 16/04/2009 10:16:57 p.m. - Removed Sonic RecordNow!
    RP704: 16/04/2009 11:33:48 p.m. - Installed Windows XP WgaNotify.
    RP705: 17/04/2009 10:08:36 p.m. - Software Distribution Service 3.0
    RP706: 18/04/2009 10:19:32 p.m. - System Checkpoint
    RP707: 20/04/2009 1:39:40 a.m. - System Checkpoint
    RP708: 21/04/2009 2:52:55 a.m. - System Checkpoint
    RP709: 22/04/2009 5:27:00 a.m. - System Checkpoint
    RP710: 23/04/2009 5:48:46 a.m. - System Checkpoint
    RP711: 24/04/2009 11:19:59 p.m. - System Checkpoint
    RP712: 25/04/2009 11:17:04 p.m. - Installed Solution Disk
    RP713: 25/04/2009 11:21:22 p.m. - Removed Camera Window MC
    RP714: 25/04/2009 11:22:51 p.m. - Removed Camera Window DVC
    RP715: 25/04/2009 11:24:28 p.m. - Removed Camera Window DVC
    RP716: 25/04/2009 11:27:29 p.m. - Removed Camera Window DS
    RP717: 25/04/2009 11:38:49 p.m. - Removed Canon PhotoRecord
    RP718: 25/04/2009 11:39:26 p.m. - Removed Canon PhotoRecord
    RP719: 25/04/2009 11:40:01 p.m. - Configured RAW Image Task 2.2
    RP720: 25/04/2009 11:43:05 p.m. - Removed CD/DVD Drive Acoustic Silencer
    RP721: 27/04/2009 6:49:18 a.m. - System Checkpoint
    RP722: 29/04/2009 2:28:57 a.m. - System Checkpoint
    RP723: 29/04/2009 8:58:02 p.m. - Software Distribution Service 3.0
    RP724: 30/04/2009 10:57:07 p.m. - System Checkpoint
    RP725: 1/05/2009 11:22:59 p.m. - System Checkpoint
    RP726: 3/05/2009 4:42:12 a.m. - System Checkpoint
    RP727: 4/05/2009 5:14:10 a.m. - System Checkpoint
    RP728: 5/05/2009 6:23:31 a.m. - System Checkpoint
    RP729: 6/05/2009 7:07:35 a.m. - System Checkpoint
    RP730: 11/05/2009 11:37:47 p.m. - System Checkpoint
    RP731: 13/05/2009 12:04:40 a.m. - System Checkpoint
    RP732: 13/05/2009 9:30:39 p.m. - Software Distribution Service 3.0
    RP733: 14/05/2009 9:46:03 p.m. - System Checkpoint
    RP734: 16/05/2009 3:23:48 a.m. - System Checkpoint
    RP735: 17/05/2009 5:46:11 a.m. - System Checkpoint
    RP736: 18/05/2009 6:11:04 a.m. - System Checkpoint
    RP737: 19/05/2009 12:40:34 a.m. - Installed Windows Media Player 11
    RP738: 19/05/2009 12:46:33 a.m. - Installed Windows XP MSCompPackV1.
    RP739: 20/05/2009 2:50:54 a.m. - System Checkpoint
    RP740: 21/05/2009 5:14:22 a.m. - System Checkpoint
    RP741: 22/05/2009 10:38:18 p.m. - System Checkpoint
    RP742: 24/05/2009 1:57:09 a.m. - System Checkpoint
    RP743: 25/05/2009 3:00:19 a.m. - System Checkpoint
    RP744: 26/05/2009 9:49:39 p.m. - System Checkpoint
    RP745: 27/05/2009 10:04:05 p.m. - System Checkpoint
    RP746: 30/05/2009 2:14:47 a.m. - System Checkpoint
    RP747: 3/06/2009 9:17:53 p.m. - Installed Vodafone Mobile Connect Lite.
    RP748: 11/06/2009 9:47:19 p.m. - System Checkpoint
    RP749: 12/06/2009 8:29:45 p.m. - 12 june

    ==== Installed Programs ======================

    1-abc.net Folder-To-TXT (Remove only)
    ACDSee 6.0 Standard
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    ALPS Touch Pad Driver
    Apple Software Update
    ArcSoft PhotoImpression
    ASUS Wireless Router WL-520GU Utilities
    Bluetooth Stack for Windows by Toshiba
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CD/DVD Drive Acoustic Silencer
    Clean Disk Security 7.78
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DVD-RAM Driver
    ESET NOD32 Antivirus
    Flickr Uploadr 2.5.0.15
    Google Earth
    HP Photo Printing Software
    HP Precisionscan Pro 3.1
    HP Share-to-Web
    HPV Solo
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Karen's Directory Printer
    Legacy 5.0
    LiveUpdate 3.0 (Symantec Corporation)
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 Redistributable
    mIWA
    mLogView
    mMHouse
    Moffsoft FreeCalc
    Mozilla Firefox (3.0.11)
    mPfMgr
    mPfWiz
    mProSafe
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    mWlsSafe
    mXML
    mZConfig
    Nero 7 Essentials
    New Zealand Burial Locator
    New Zealand Marriages 1836-1956
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Drivers
    OGA Notifier 1.7.0105.35.0
    PC Connectivity Solution
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Registry First Aid
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    SkypeMate
    Skypeâ„¢ 4.0
    SMSC IrCC V5.1.3600.5 SP2
    Sonic DLA
    Spybot - Search & Destroy
    Symantec KB-DocID:2003093015493306
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21/x515
    TOSHIBA Accessibility
    TOSHIBA Assist
    TOSHIBA Bay Service
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Dual Pointing Device Utility
    TOSHIBA Fn-esse
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA Mobile Extension3 for Windows XP V3.69.00.XP.C
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Zooming Utility
    Try Corel Snapfire muvee autoProducer add on
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Vodafone Mobile Connect Lite
    WebFldrs XP
    Window Washer
    Windows Driver Package - Nokia Modem (10/27/2008 3.9)
    Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Resource Kit Tools - SubInAcl.exe
    Windows XP Service Pack 3
    Xtra Help Assistant
    Xvid 1.1.3 final uninstall
    Yahoo! Toolbar
    Yahoo!Xtra Applications

    ==== Event Viewer Messages From Past Week ========

    8/06/2009 9:39:18 p.m., error: RemoteAccess [20106] - Unable to add the interface {14543BD0-6902-446D-B5FB-E5463D82F7AF} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
    8/06/2009 10:11:24 a.m., error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    7/06/2009 2:18:06 p.m., error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    7/06/2009 2:18:06 p.m., error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/06/2009 6:44:11 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.231 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/06/2009 6:38:04 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.42 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/06/2009 6:31:04 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.104 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/06/2009 6:24:57 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.43 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/06/2009 5:55:03 p.m., error: Dhcp [1002] - The IP address lease 192.168.0.180 for the Network Card with network address 0013CE30D09D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/06/2009 5:07:11 p.m., error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE30D09D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    ==== End Of File ===========================
    DDS Log:


    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Alistair at 18:46:08.28 on Sat 13/06/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.451 [GMT 1:00]

    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alistair\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
    uStart Page = hxxp://xtra.co.nz/
    mLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    mRun: [<NO NAME>]
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165439748250
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225233946203
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli scecli scecli scecli scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\alistair\applic~1\mozilla\firefox\profiles\o4kgwuii.default\
    FF - prefs.js: browser.startup.homepage - hxxp://nz.yahoo.com/
    FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
    FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll

    ============= SERVICES / DRIVERS ===============

    R1 DualPointDev;DualPointDev;c:\program files\toshiba\dualpointutility\DualPointDev.sys [2004-12-10 6144]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2005-1-27 5888]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
    R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2005-1-26 14336]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
    S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-9-18 16269]
    S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-2 1174152]
    S4 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2005-1-27 126976]

    =============== Created Last 30 ================

    2009-06-03 21:20 101,120 a----r-- c:\windows\system32\drivers\ewusbmdm.sys
    2009-06-03 21:19 <DIR> --d----- c:\docume~1\alistair\applic~1\Vodafone
    2009-06-03 21:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Vodafone
    2009-06-03 21:18 <DIR> --d----- c:\program files\Vodafone

    ==================== Find3M ====================

    2008-03-17 21:59 140,880 a------- c:\docume~1\alluse~1\applic~1\pswi_pcuui.exe
    2007-02-26 02:10 4,608 a------- c:\docume~1\alluse~1\applic~1\PMPCUNLR.dll
    2007-02-26 02:10 4,096 a------- c:\docume~1\alluse~1\applic~1\SPPCUNLR.dll
    2004-08-04 13:00 94,784 a--sh--- c:\windows\twain.dll
    2007-12-26 05:38 8 a--shr-- c:\windows\system32\F3B97F7FAA.sys
    2008-03-17 21:58 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2008-04-13 17:42 551,936 a--sh--- c:\windows\system32\oleaut32.dll
    2008-10-30 05:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat

    ============= FINISH: 18:47:01.20 ===============
     
    alistair,
    #3
  5. 2009/06/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes. Thank you :)

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...