1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Blocking of Signing into everything.

Discussion in 'Malware and Virus Removal Archive' started by Takamachi, 2010/06/08.

Page 1 of 4
  1. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    [Resolved] Blocking of Signing into everything.

    I cannot tell you how long ago this started, but my grandfather had complained about not being able to access his email for quite some time now and i was finally able to make it down here to look at it. After messing around, looking threw Task manager looking for weird processes (which is how i can normally get rid of viruses) i realized that not only does the virus/malware (not too sure) block his comcast email, but blocks yahoo, aol, msn, gmail, even stops me from signing into Skype and Trillian. I decided to install Microsoft Security Essentials (yea its not the best) but this thing even blocked it from updating. I booted up in safe mode and it lets me log into everything, and let me update MSE and scan (scanning for the 2nd time now). i had gotten a Java exploit and Pdfjsc.J but both have been removed, problem still not resolved.

    When attempting to goto the sign in page for any of the things i listed above (possibly more) the browser just says that i've lost internet connection. Same with starting up trillian and skype, just acts like i have no internet connection, yet i'm allowed to browse around the web normally before and after attempting to log into stuff.

    Thanks for any information that can help me kill this thing :mad:
    ~Taka~​

    [Edit] i believe i posted the DDS, the attach is far to big, if need be i can attach it upon request. (it'd take 5 or 6 posts to get it all in)

    [Edit 18:46 6/8] Finished posting the attach file. I've been asking friends about the problem and a few have said firewalls, but none are up, so as far as i know that's out of the question.
     
    Last edited: 2010/06/08
    Takamachi,
    #1
  2. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Compaq_Owner at 13:56:29.70 on Tue 06/08/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.265 [GMT -4:00]

    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.comcast.net/
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: D: {d0a19fba-c9a9-3c7c-bfd7-788b747c4075} - c:\windows\system32\za81809.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    Trusted Zone: comcast.net\www
    Trusted Zone: netzero.net\www
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxsrvc.dll
    IFEO: ctfmon.exe - c:\windows\system32\ctfmonxno.exe

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\hw11uj8w.default\
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-13 197752]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2003-12-9 218232]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-13 164984]
    S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys --> c:\windows\system32\drivers\bckd.sys [?]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-13 78968]
    S4 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-11 1078632]

    =============== Created Last 30 ================

    2010-06-08 02:37:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-06-08 02:35:34 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-08 02:07:34 0 d-----w- c:\program files\Microsoft Security Essentials
    2010-06-08 02:05:50 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-06-08 02:05:50 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-06-08 02:05:50 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-06-08 01:36:04 0 d-----r- c:\program files\Skype
    2010-06-08 01:30:27 0 d-----w- c:\docume~1\compaq~1\applic~1\Trillian
    2010-05-18 23:32:53 229376 ----a-w- c:\windows\system32\za81809.dll
    2010-05-10 23:39:08 54156 ---ha-w- c:\windows\QTFont.qfn
    2010-05-10 23:39:08 1409 ----a-w- c:\windows\QTFont.for
    2010-05-09 20:13:12 0 d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================

    2010-04-30 16:50:31 34816 ----a-w- c:\windows\system32\noraunanoranorae.dll
    2009-09-29 12:36:09 18136 ----a-w- c:\program files\common files\ilowuh.dl
    1999-07-07 00:00:00 6 --sh--r- c:\windows\@desktop@.dat

    ============= FINISH: 13:57:35.85 ===============
     
    Takamachi,
    #2


  3. to hide this advert.

  4. 2010/06/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Please post the contents of Attach.txt as well.

    Please note .....

    As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.
     
    PeteC,
    #3
  5. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    Attach Part 1

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/7/2010 11:45:09 PM
    System Uptime: 6/8/2010 12:10:58 PM (1 hours ago)

    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Sempron(tm) 3000+ | Socket A | 1999/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 32 GiB total, 13.583 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 0.908 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\C97054E01800
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\C97054E01800
    Service: NIC1394

    ==== System Restore Points ===================

    RP44: 3/11/2010 11:49:27 AM - System Checkpoint
    RP45: 3/12/2010 7:55:10 AM - Spyware Doctor: Cleaning Threats
    RP46: 3/13/2010 1:20:52 PM - System Checkpoint
    RP47: 3/14/2010 2:39:29 PM - System Checkpoint
    RP48: 3/15/2010 5:07:16 PM - System Checkpoint
    RP49: 3/17/2010 12:32:49 PM - System Checkpoint
    RP50: 3/19/2010 7:05:45 PM - System Checkpoint
    RP51: 3/21/2010 8:12:59 PM - System Checkpoint
    RP52: 3/23/2010 4:29:53 PM - System Checkpoint
    RP53: 3/30/2010 3:57:33 PM - System Checkpoint
    RP54: 3/31/2010 10:38:59 PM - System Checkpoint
    RP55: 4/2/2010 1:21:06 AM - System Checkpoint
    RP56: 4/3/2010 2:30:25 AM - System Checkpoint
    RP57: 4/4/2010 3:21:37 AM - System Checkpoint
    RP58: 4/5/2010 3:46:19 AM - System Checkpoint
    RP59: 4/6/2010 4:20:00 AM - System Checkpoint
    RP60: 4/7/2010 5:04:36 AM - System Checkpoint
    RP61: 4/8/2010 5:29:41 AM - System Checkpoint
    RP62: 4/9/2010 7:37:55 AM - System Checkpoint
    RP63: 4/9/2010 3:14:37 PM - Spyware Doctor: Cleaning Threats
    RP64: 4/10/2010 3:22:01 PM - System Checkpoint
    RP65: 4/12/2010 9:59:33 PM - System Checkpoint
    RP66: 4/16/2010 3:00:26 PM - System Checkpoint
    RP67: 4/17/2010 7:14:52 PM - System Checkpoint
    RP68: 4/19/2010 11:24:43 AM - System Checkpoint
    RP69: 4/20/2010 12:22:40 PM - System Checkpoint
    RP70: 4/21/2010 5:02:59 PM - System Checkpoint
    RP71: 4/23/2010 12:25:15 PM - System Checkpoint
    RP72: 4/24/2010 1:36:32 PM - System Checkpoint
    RP73: 4/25/2010 2:09:12 PM - System Checkpoint
    RP74: 4/26/2010 7:56:33 PM - System Checkpoint
    RP75: 4/27/2010 8:42:16 PM - System Checkpoint
    RP76: 4/29/2010 11:37:15 AM - System Checkpoint
    RP77: 4/30/2010 8:34:07 PM - System Checkpoint
    RP78: 5/2/2010 8:42:06 AM - System Checkpoint
    RP79: 5/3/2010 12:26:12 PM - Spyware Doctor: Cleaning Threats
    RP80: 5/4/2010 12:53:06 PM - System Checkpoint
    RP81: 5/4/2010 4:46:51 PM - may 1,2010
    RP82: 5/4/2010 4:49:12 PM - Restore Operation
    RP83: 5/4/2010 8:45:40 PM - Restore Operation
    RP84: 5/5/2010 7:23:13 AM - Restore Operation
    RP85: 5/6/2010 6:13:28 PM - System Checkpoint
    RP86: 5/8/2010 9:59:43 AM - System Checkpoint
    RP87: 5/9/2010 9:43:38 AM - Restore Operation
    RP88: 5/9/2010 9:59:00 AM - Restore Operation
    RP89: 5/9/2010 10:30:46 AM - Restore Operation
    RP90: 5/9/2010 1:11:13 PM - Restore Operation
    RP91: 5/9/2010 1:25:52 PM - 3-1-10
    RP92: 5/9/2010 1:28:14 PM - february 20,2010
    RP93: 5/9/2010 3:27:04 PM - Restore Operation
    RP94: 5/9/2010 3:50:54 PM - Restore Operation
    RP95: 5/9/2010 4:02:16 PM - Restore Operation
    RP96: 5/9/2010 4:09:28 PM - ruanne
    RP97: 5/9/2010 4:10:55 PM - Restore Operation
    RP98: 5/9/2010 4:22:46 PM - ruanne
    RP99: 5/9/2010 8:46:09 PM - Restore Operation
    RP100: 5/11/2010 9:25:56 AM - System Checkpoint
    RP101: 5/12/2010 6:10:58 PM - System Checkpoint
    RP102: 5/13/2010 10:38:19 PM - Restore Operation
    RP103: 5/14/2010 7:56:43 AM - Spyware Doctor: Cleaning Threats
    RP104: 5/14/2010 11:48:25 AM - Restore Operation
    RP105: 5/14/2010 12:37:18 PM - Restore Operation
    RP106: 5/15/2010 4:28:46 AM - Restore Operation
    RP107: 5/15/2010 10:45:05 PM - Spyware Doctor: Cleaning Threats
    RP108: 5/17/2010 2:41:15 PM - System Checkpoint
    RP109: 5/20/2010 5:18:29 PM - System Checkpoint
    RP110: 5/21/2010 8:28:58 PM - System Checkpoint
    RP111: 5/23/2010 6:15:34 AM - Spyware Doctor: Cleaning Threats
    RP112: 5/24/2010 8:56:56 AM - System Checkpoint
    RP113: 5/27/2010 3:18:57 PM - Spyware Doctor: Cleaning Threats
    RP114: 5/28/2010 3:58:21 PM - System Checkpoint
    RP115: 5/30/2010 12:10:48 PM - System Checkpoint
    RP116: 5/30/2010 7:39:40 PM - Spyware Doctor: Cleaning Threats
    RP117: 5/31/2010 10:07:16 AM - Restore Operation
    RP118: 6/2/2010 4:07:55 PM - System Checkpoint
    RP119: 6/4/2010 2:30:27 PM - System Checkpoint
    RP120: 6/5/2010 2:38:08 PM - System Checkpoint
    RP121: 6/6/2010 5:00:15 PM - System Checkpoint
    RP122: 6/7/2010 6:29:59 PM - Removed DeleteHistoryFree
    RP123: 6/7/2010 10:07:17 PM - Installed Windows XP KB914882.

    ==== Installed Programs ======================


    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1
    Agere Systems PCI Soft Modem
    Blue Coat® K9 Web Protection 4.0.296
    Canon MP Navigator EX 1.2
    Canon MP190 series MP Drivers
    Canon MP190 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    CC_ccProxyMSI
    CC_ccStart
    ccCommon
    Compaq Connections
    Compaq Organize
    Easy Internet Sign-up
    Google Updater
    Help and Support Additions
    High Definition Audio Driver Package - KB835221
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976098-v2)
    HpSdpAppCoreApp
    InterVideo WinDVD Player
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    KBD
    LiveReg (Symantec Corporation)
    LiveUpdate 2.5 (Symantec Corporation)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Security Essentials
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.3)
    MSRedist
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    Norton Personal Firewall
    Norton Personal Firewall (Symantec Corporation)
    OpenOffice.org 3.1
    Picasa 3
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QuickTime
    RealPlayer
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Skype Toolbars
    Skype™ 4.2
    Sonic RecordNow!
    Sonic Update Manager
    Trillian
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    VIA/S3G Display Driver
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB883667
     
    Takamachi,
    #4
  6. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    ...
    "The text that you have entered is too long (398597 characters). Please shorten it to 55000 characters long. "

    seriously? I'll post the rest when i get back but i have to run for now. sorry for not getting it all up.

    Here's a bit more, the rest of the document looks a lot like this:

    ==== Event Viewer Messages From Past Week ========

    6/8/2010 12:59:36 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:59:36 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:59:03 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:59:03 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
     
    Last edited: 2010/06/08
    Takamachi,
    #5
  7. 2010/06/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Yes - there is a software controlled limit on the no. of characters permitted in a single post.
     
    PeteC,
    #6
  8. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    lol i know, but the size of the document vs the limit is insane :/ i understand the limit completely tho :p
     
    Takamachi,
    #7
  9. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    Anyway:

    ==== Event Viewer Messages From Past Week ========

    6/8/2010 12:59:36 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:59:36 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:59:03 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:59:03 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:58:35 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:58:35 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:58:25 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:58:25 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:58:14 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:58:14 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:57:51 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:57:51 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:57:18 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:57:18 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:56:47 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:56:47 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:56:16 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:56:16 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:55:52 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:55:52 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2008-5353.G&threatid=2147632498 User: NT AUTHORITY\SYSTEM Name: Exploit:Java/CVE-2008-5353.G ID: 2147632498 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
    6/8/2010 12:55:40 PM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Win32/Pdfjsc.J&threatid=2147616214 User: NT AUTHORITY\SYSTEM Name: Exploit:Win32/Pdfjsc.J ID: 2147616214 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x800703e4 Error description: Overlapped I/O event is not in a signaled state. Status: Signature Version: AV: 1.83.1291.0, AS: 1.83.1291.0 Engine Version: 1.1.5802.0
     
    Takamachi,
    #8
  10. 2010/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER

    STEP 3. Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    userinit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    Printed and starting the process ^_~ i hope this works
     
    Takamachi,
    #10
  12. 2010/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #11
  13. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    lol, blocked download from main page so i went to cnet. now the updater's blocked by this thing, switching over to safe mode :/
     
    Takamachi,
    #12
  14. 2010/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let me know.
     
    broni,
    #13
  15. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    Scanning with MWB at the moment, 8 files detected so far. After i run this and it deletes stuff and -points to instructions- i restart, should i load up normally and see if this got rid of it? or reload in safe mode (to make sure i can download and update) and keep following instructions?
     
    Takamachi,
    #14
  16. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4182

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    6/8/2010 9:13:52 PM
    mbam-log-2010-06-08 (21-13-52).txt

    Scan type: Quick scan
    Objects scanned: 146449
    Time elapsed: 8 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 0
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{f1442791-1c0e-3712-99ac-0ccfc0f0e330} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0e915422-b1f1-310e-bdec-3514f2e9e7ab} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d0a19fba-c9a9-3c7c-bfd7-788b747c4075} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\{d0a19fba-c9a9-3c7c-bfd7-788b747c4075} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d0a19fba-c9a9-3c7c-bfd7-788b747c4075} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0a19fba-c9a9-3c7c-bfd7-788b747c4075} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0a19fba-c9a9-3c7c-bfd7-788b747c4075} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\(default) (Backdoor.Bot) -> Bad: (C:\WINDOWS\system32\norananoraeote.dll) Good: (webcheck.dll) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\za81809.dll (Trojan.BHO) -> Quarantined and deleted successfully.
     
    Takamachi,
    #15
  17. 2010/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Since you downloaded it successfully, restart in normal mode and re-run quick scan.
     
    broni,
    #16
  18. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4182

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    6/8/2010 9:41:04 PM
    mbam-log-2010-06-08 (21-41-04).txt

    Scan type: Quick scan
    Objects scanned: 147202
    Time elapsed: 18 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Tried logging into yahoo, no luck. heading off to step 2.
     
    Takamachi,
    #17
  19. 2010/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Cool :)
     
    broni,
    #18
  20. 2010/06/08
    Takamachi

    Takamachi Inactive Thread Starter

    Joined:
    2010/06/08
    Messages:
    34
    Likes Received:
    0
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-08 23:57:32
    Windows 5.1.2600 Service Pack 2
    Running: bjm97udk.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\axlcaaod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 826D10E0 ZwConnectPort

    ---- Kernel code sections - GMER 1.0.15 ----

    ? icxwt.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x4a9b560 size 0x1b0
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

    ---- EOF - GMER 1.0.15 ----

    OMG that took forever x. x;
     
    Takamachi,
    #19
  21. 2010/06/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Sometimes, it may take even longer, so stay positive :)
     
    broni,
    #20
Page 1 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...