Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

STEELWERX

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: STEELWERX

Unread postby Elrond » July 31st, 2008, 3:51 pm

silverdel
I can see that you did not follow my instructions and if you do not follow them exactly it will nort work. There are good reasons why I do things the way I do them and I put a lot of work into those instructions.
Please do exactly what I asked you to do in my last post. The only thing that you do not need to do again is the submission to Jotti/VirusTotal. If you have done the Add/Remove you can skip that as well. However if you did not do it the last time it is important that you do it now.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Re: STEELWERX

Unread postby silverdel » July 31st, 2008, 4:26 pm

I am sorry that you think I did not do as you ask, but I do not have a Windows CD to load from and this means I am unable to dowload the console you require, if that means the end of assistance from you, then I thank you for the help you have given to me thus far.
Thanks
Derek
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby Elrond » August 1st, 2008, 2:47 am

Derek

1) If you had read the the topic at Bleeping Computer you would have seen that there is a way to install the Recovery Console without using a Windows CD.

2) When I asked you to use OTMoveIt2 to delete certain files you post another Combofix log.

3) Earlier on you did Combofix scans that I had not requested.

4) In my next tolast post I asked you to use Combofix in a way which is not just scanning but also removing, submitting and doing things needed to clean up the computer. Instead of following the instructions you did a regular Combofix scan which had no positive effect whatsoever.

Combofix is a very complex and dangerous tool and you need to do exactly what I am telling you or you are taking risks that I can not control. It is not a one fit all tool and it is not automaticly removing what needs to be removed by itself. It is like a scalpell in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough. Combofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing.

Just so that you understand what it takes to train a helper. It takes about a year on average to train a helper to the point where s/he can work on their own.

Decide if you want my help. If so please read my instructions and follow them or tell me that I should close this topic.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: STEELWERX

Unread postby silverdel » August 1st, 2008, 3:19 pm

C:\WINDOWS\SysF7.exe
C:\WINDOWS\SysF6.exe
C:\WINDOWS\SysF5.exe
C:\WINDOWS\SysF4.exe
C:\WINDOWS\SysF3.exe
C:\WINDOWS\system32\mpt.exe

File/Folder C:\WINDOWS\SysF7.exe not found.
File/Folder C:\WINDOWS\SysF6.exe not found.
File/Folder C:\WINDOWS\SysF5.exe not found.
File/Folder C:\WINDOWS\SysF4.exe not found.
File/Folder C:\WINDOWS\SysF3.exe not found.
File/Folder C:\WINDOWS\system32\mpt.exe not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_221956
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby silverdel » August 1st, 2008, 3:21 pm

ComboFix 08-07-23.5 - User 2008-08-01 22:09:04.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.659 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 10:02 . 2008-08-01 10:02 <DIR> d-------- C:\Program Files\Uniblue
2008-07-30 20:06 . 2008-07-30 20:06 244 --ah----- C:\sqmnoopt00.sqm
2008-07-30 20:06 . 2008-07-30 20:06 232 --ah----- C:\sqmdata00.sqm
2008-07-30 12:41 . 2008-07-31 09:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-30 09:22 . 2008-07-30 09:22 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-08-01 09:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:03 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-31 20:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 18:25 . 2008-07-29 18:25 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 18:25 . 2008-08-01 22:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-07-29 16:02 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-25 18:50 . 2008-07-25 18:50 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-08-01 18:26 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-08-01 10:04 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-08-01 18:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-08-01 22:12 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-08-01 22:07 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 16:35 . 2002-03-04 13:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-07-16 16:35 . 2001-07-28 13:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-07-16 16:35 . 2001-04-20 02:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-07-16 16:35 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\Printparade
2008-07-12 12:06 . 2003-06-25 11:17 374,272 --a------ C:\WINDOWS\system32\Dav3_32.dll
2008-07-12 12:06 . 2003-06-24 13:35 143,360 --a------ C:\WINDOWS\system32\leon3_32.dll
2008-07-11 11:20 . 2008-07-11 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-10 17:40 . 2008-07-15 11:48 <DIR> d-------- C:\Downloads
2008-07-10 13:13 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Mario Worlds
2008-07-06 13:15 . 2008-07-06 13:15 <DIR> d-------- C:\Documents and Settings\User\Application Data\PlanetPlayMore
2008-07-06 13:14 . 2008-07-07 18:35 <DIR> d-------- C:\Program Files\Tropicabana
2008-07-04 12:11 . 2008-07-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-04 12:07 . 2008-07-22 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 12:53 0 ----a-w C:\Program Files\temp01
2008-07-28 07:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-28 07:38 --------- d-----w C:\Program Files\Java
2008-07-24 18:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 13:12 --------- d-----w C:\Program Files\Build in Time
2008-07-23 10:39 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-07-23 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-22 15:19 --------- d-----w C:\Program Files\Nero
2008-07-22 15:10 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-21 13:18 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-18 09:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-16 15:49 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-07-16 15:49 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-16 15:49 --------- d-----w C:\Program Files\Bejeweled
2008-07-16 15:49 --------- d-----w C:\Program Files\Alchemy
2008-07-09 12:41 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 12:41 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-09 12:41 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-04 11:28 --------- d-----w C:\Program Files\Tradewinds Full Game
2008-07-04 08:07 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-07-03 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-30 11:35 --------- d-----w C:\Program Files\Bonjour
2008-06-27 14:00 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\iolo
2008-06-27 12:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-27 12:48 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-06-27 09:25 --------- d-----w C:\Program Files\Apple Software Update
2008-06-27 09:18 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-06-27 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-27 09:16 --------- d-----w C:\Program Files\iTunes
2008-06-27 09:16 --------- d-----w C:\Program Files\iPod
2008-06-27 09:15 --------- d-----w C:\Program Files\QuickTime
2008-06-27 09:14 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-27 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 17:54 --------- d-----w C:\Program Files\Kontiki
2008-06-26 15:23 --------- d-----w C:\Program Files\Windows Live
2008-06-26 15:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-25 13:42 --------- d-----w C:\Program Files\Webshots
2008-06-25 13:42 --------- d-----w C:\Documents and Settings\User\Application Data\Webshots
2008-06-25 13:19 --------- d-----w C:\Program Files\IObit
2008-06-25 13:19 --------- d-----w C:\Documents and Settings\User\Application Data\IObit
2008-06-25 13:04 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-25 13:03 --------- d-----w C:\Program Files\Common Files\Real
2008-06-25 12:51 --------- d-----w C:\Program Files\Real
2008-06-25 12:07 --------- d-----w C:\Program Files\Cake Mania
2008-06-25 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-25 11:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-25 11:56 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-06-25 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 11:02 --------- d-----w C:\Program Files\ToniArts
2008-06-25 11:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 11:01 --------- d-----w C:\Program Files\ReflexiveArcade
2008-06-25 09:59 --------- d-----w C:\Program Files\Thomson
2008-06-25 09:55 --------- d-----w C:\Program Files\Canon
2008-06-25 09:52 --------- d-----w C:\Program Files\hp deskjet 845c series
2008-06-25 09:51 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-24 15:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-24 13:54 --------- d-----w C:\Program Files\MSBuild
2008-06-24 13:54 --------- d-----w C:\Program Files\Microsoft Works
2008-06-24 13:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-24 13:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-24 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-24 12:26 --------- d-----w C:\Program Files\CyberLink
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 11:23 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 08:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 08:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 13:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 13:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.

------- Sigcheck -------

2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13549:TCP"= 13549:TCP:ut1
"13549:UDP"= 13549:UDP:ut1

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-21 14:18]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-08-01 21:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-31 16:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-08-01 20:29:31 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{AE8A24C4-ABAA-4C16-8F79-EFF6A64CC5BE}: NameServer = 212.139.132.38 212.139.132.39


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 22:11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-01 22:14:46
ComboFix-quarantined-files.txt 2008-08-01 21:13:42

Pre-Run: 45,703,507,968 bytes free
Post-Run: 45,678,051,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

312 --- E O F --- 2008-07-28 07:47:30
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby silverdel » August 1st, 2008, 3:23 pm

I hope this is now correct, you should understand I am in no way computer litterate and some of the tasks you ask of me are quite hard to comprehend, if this is the wrong things done then sorry.
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby Elrond » August 2nd, 2008, 3:28 pm

I understand. You got at some of the pieces but far from all.
I will do my best to explain exactly what you must do in each step and do it very slow and in smaller steps. We will see if we can not beat those infections. :)
I will have to wait until my morning before I start putting together the next post for you as it is getting late and it will take me some time to try to give you simple instructions.

Hang in there and we will do the best we can together. :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: STEELWERX

Unread postby Elrond » August 3rd, 2008, 2:05 pm

OK let us see if we can get this to work the way it needs to be done. If there is anything you do not understand please ask me and I will do my best to explain it better. :) Do not feel that you are dumb or anything like that. It is not simple. Follow the points exactly and in the order they are numbered.


  1. I know that you know what the icon for Combofix looks like but here it is Image. Delete it by right clicking on it and selecting Delete
    That should remove the old version of Combofix.
  2. Download the latest Combofix from one of those sites and save it on your desktop. If your computer has not been changed it should happen automatically.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.forospyware.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe


    Good luck with all those instructions. :)
    If anything is unclear please ask me and do not break your head trying to guess what I mean. :D
  3. It is a good idea if you can read this. http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    It will tell you a lot about how Combofix is used. Do not worry if you do not understand it as I will try to tell you what to do at each step. :)
  4. Now we get to one of the steps that was problematic for you. Let us see if wecan get the Recovery Console installed even though you do not have the Windows CD.
    1. Click on the following link to go to Microsoft's Web site:

      http://support.microsoft.com/kb/310994
    2. At that page, scroll down and click on the appropriate download for your version of Windows XP and the service pack level that you have installed. You should choose Microsoft Windows XP Home Edition whit Service Pack 2 (SP2).
    3. When you click on the link to download the file, make sure you save it directly to your desktop.
    4. Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image. Image
      You do that by clicking on the icon that belongs to the file that you just downloaded and keeping the left button on the mouse pressed while you drag it to the Combofix icon.
    5. ComboFix will now automatically install the Windows Recovery Console onto your computer. It will show up as a new option when booting up your computer but it should have no other effect that it showing up for a moment and then the booting continues in the normal way.
    6. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a last resort that a helper can use if things go seriously wrong. It should not be necesssary but better prepared than sorry.
  5. Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. Press the No button as we need to do a few other things.
  6. Next this needs to be done if it is not done before because the program is a rouge AntiSpyware program.
    1. go to Start and find the Control Panel. Open it and click Add/Remove Programs.
    2. Select ScanSpyware v3.8.0.4 if you find it.
    3. Click on the "Add/Remove" button.
    4. If it asks if you really want to remove the program please click Yes
    5. If it gives you more than one option about what to do please chose Remove
    6. Once the program/s are uninstalled, click on the "OK" button.
    7. Reboot the computer.
  7. Once the computer is back up we need to get rid of the stuff that is infecting the computer:
    1. The first step is to the following:
      • Go to Start
      • In the right hand columne towards the bottom you will find Run. Click it.
      • Type Notepad In the area where you can type.
      • Click OK
      • Notepad should open.
    2. Copy the text that you see in the code box below. Do as follows:
      1. Highlight all the text in the Code box.
      2. Right click on the highlighted text and click Copy
      3. Go to the open window of Notepad and place the cursor somewhere in the empty text area and right click.
      4. Click on Paste. The text should be copied to the NotePad.
      5. Click on File in Notepad and click on Save As.
      6. There should be a light frame around the icon for the Desktop on the left side of the screen.
      7. Copy the following into the File Name field:
        CFScript.txt
      8. Click the down arrow next to the {b]Save as type[/b] field.
      9. Choose All files.
      10. Click [b]Save[/]
      11. There should be an icon for the file you just made on the desktop.
      Code: Select all
      Collect::
      C:\WINDOWS\SysF7.exe
      C:\WINDOWS\SysF6.exe
      C:\WINDOWS\SysF5.exe
      C:\WINDOWS\SysF4.exe
      C:\WINDOWS\SysF3.exe
      C:\WINDOWS\system32\mpt.exe
      C:\WINDOWS\system32\windrv.sys
      C:\WINDOWS\system32\IGUltraGrid20.ocx
      C:\WINDOWS\system32\AS-Exp2.ocx
      C:\WINDOWS\system32\systray.ocx
      C:\WINDOWS\system32\md5.dll
      C:\WINDOWS\system32\FreezeScreenSaver.exe
      
      Folder::
      C:\Program Files\uTorrent
      C:\Documents and Settings\User\Application Data\uTorrent
      
      Suspect::
      C:\Program Files\bcd_installed.exe
      
      Registry::
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=-
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "13549:TCP"=-
      "13549:UDP"=-
      
      
      Driver::
      FreezeScreenSaver
      
      

    3. Now you need to drag the icon for the file that you just made to the Combofix icon. Do not click the Combofix icon.
      This is what it looks like. Image
    4. This will start the ComboFix scan but it will also remove a lot of things related to malware.
      It may reboot your system when it finishes. This is normal.
    5. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

  8. Please post the latest Combofix log in your reply. Also please tell me how your computer is running now.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: STEELWERX

Unread postby silverdel » August 3rd, 2008, 3:37 pm

C:\Documents and Settings\User\Desktop.\[4]-Submit_2008-08-03@20.18.zip, the file was sent to bleeping computer, I managed to complete all that you asked and shall post the combo fix file next, I did download the recovery program too.
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby silverdel » August 3rd, 2008, 3:55 pm

Hi, My Pc is no longer crashing, the desktop is stable although the memory used at idle process is420mb, I only have1 gb so it appears high to me but at the same time cpu usage is only 2%, the combofix file is ennclosed, all other tasks were completed as asked.
ComboFix 08-07-23.5 - User 2008-08-03 20:18:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.614 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\Shortcuts\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\Cfscript.text
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\uTorrent
C:\Documents and Settings\User\Application Data\uTorrent\Bananarama - The Very Best Of [2002][CD+4Vids+Covers].torrent
C:\Documents and Settings\User\Application Data\uTorrent\Basshunter-The Album (2008) [320 kb] [misterorange].torrent
C:\Documents and Settings\User\Application Data\uTorrent\Buddy Holly - The Ultimate Collection.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Clubland 13 - [2 CDs] - [With Covers].rar.torrent
C:\Documents and Settings\User\Application Data\uTorrent\CLUBLAND 13.torrent
C:\Documents and Settings\User\Application Data\uTorrent\dht.dat
C:\Documents and Settings\User\Application Data\uTorrent\Dr.Jekyll.and.Mr.Hyde[2008][TV]DvDrip-aXXo.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Felon.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Felon[2008]DvDrip-aXXo.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Kid Rock - All Summer Long (TorrentServer).zip.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Life[1999]DivX[WS]DVDrip[Eng]-Atlas47.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Malwarebytes Anti-Malware 1.12.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Massive Reggae.torrent
C:\Documents and Settings\User\Application Data\uTorrent\R&B Love Collection 2008.torrent
C:\Documents and Settings\User\Application Data\uTorrent\resume.dat
C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
C:\Documents and Settings\User\Application Data\uTorrent\SDAsav.torrent
C:\Documents and Settings\User\Application Data\uTorrent\settings.dat
C:\Documents and Settings\User\Application Data\uTorrent\settings.dat.new
C:\Documents and Settings\User\Application Data\uTorrent\settings.dat.old
C:\Documents and Settings\User\Application Data\uTorrent\setup Spyware Doctor 6.0.0.362 + Antivirus (silent).torrent
C:\Documents and Settings\User\Application Data\uTorrent\SimCity Classic.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Vantage Point .[2008].DVDRIP.XVID.[Eng]-nat_2_good.avi.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Vantage Point [2008-DVDRip-H.264-x264]-WOLViSH.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Vantage Point[2008]DvDrip[Eng].torrent
C:\Program Files\uTorrent
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\AS-Exp2.ocx
C:\WINDOWS\system32\IGUltraGrid20.ocx
C:\WINDOWS\system32\md5.dll
C:\WINDOWS\system32\systray.ocx
C:\WINDOWS\system32\windrv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FREEZESCREENSAVER
-------\Service_FreezeScreenSaver


((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-03 20:17 . 2008-08-03 20:17 <DIR> d-------- C:\327882R2FWJFW
2008-08-03 15:00 . 2008-08-03 15:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-08-03 13:40 . 2008-08-03 20:08 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-08-02 19:00 . 2008-08-03 19:06 <DIR> d-------- C:\Program Files\The Mystery Of The Crystal Portal
2008-08-01 10:02 . 2008-08-01 10:02 <DIR> d-------- C:\Program Files\Uniblue
2008-07-30 20:06 . 2008-07-30 20:06 244 --ah----- C:\sqmnoopt00.sqm
2008-07-30 20:06 . 2008-07-30 20:06 232 --ah----- C:\sqmdata00.sqm
2008-07-30 12:41 . 2008-07-31 09:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-08-02 15:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:03 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-31 20:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-08-02 12:12 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-08-02 19:01 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-08-03 13:40 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-08-02 12:25 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-08-01 18:26 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-08-01 10:04 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-08-03 20:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-08-03 20:22 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-08-03 20:21 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\Printparade
2008-07-12 12:06 . 2003-06-25 11:17 374,272 --a------ C:\WINDOWS\system32\Dav3_32.dll
2008-07-12 12:06 . 2003-06-24 13:35 143,360 --a------ C:\WINDOWS\system32\leon3_32.dll
2008-07-11 11:20 . 2008-07-11 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-10 17:40 . 2008-07-15 11:48 <DIR> d-------- C:\Downloads
2008-07-10 13:13 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Mario Worlds
2008-07-06 13:15 . 2008-07-06 13:15 <DIR> d-------- C:\Documents and Settings\User\Application Data\PlanetPlayMore
2008-07-06 13:14 . 2008-07-07 18:35 <DIR> d-------- C:\Program Files\Tropicabana
2008-07-04 12:11 . 2008-07-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-04 12:07 . 2008-07-22 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 08:48 . 2008-07-04 12:28 <DIR> d-------- C:\Program Files\Flash Slideshow Maker Professional
2008-07-03 09:47 . 2008-07-03 09:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\TuxPaint
2008-07-03 09:45 . 2008-07-03 09:45 1,409 --a------ C:\WINDOWS\system32\tmp15C91.FOT
2008-07-03 09:21 . 2008-07-24 18:57 51,355 --a------ C:\WINDOWS\system32\muzika.xm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-03 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-08-02 11:37 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-31 12:53 0 ----a-w C:\Program Files\temp01
2008-07-28 07:38 --------- d-----w C:\Program Files\Java
2008-07-24 18:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 13:12 --------- d-----w C:\Program Files\Build in Time
2008-07-23 10:39 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-07-23 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-22 15:19 --------- d-----w C:\Program Files\Nero
2008-07-22 15:10 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-18 09:34 --------- d-----w C:\Program Files\Microsoft Plus!
2008-07-18 09:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-16 15:49 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-07-16 15:49 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-16 15:49 --------- d-----w C:\Program Files\Bejeweled
2008-07-16 15:49 --------- d-----w C:\Program Files\Alchemy
2008-07-09 12:41 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 12:41 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-09 12:41 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-04 11:28 --------- d-----w C:\Program Files\Tradewinds Full Game
2008-07-04 08:07 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-07-01 10:33 --------- d-----w C:\Documents and Settings\User\Application Data\TuneUp Software
2008-07-01 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-30 11:35 --------- d-----w C:\Program Files\Bonjour
2008-06-27 14:00 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\iolo
2008-06-27 12:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-27 12:48 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-06-27 09:25 --------- d-----w C:\Program Files\Apple Software Update
2008-06-27 09:18 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-06-27 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-27 09:16 --------- d-----w C:\Program Files\iTunes
2008-06-27 09:16 --------- d-----w C:\Program Files\iPod
2008-06-27 09:15 --------- d-----w C:\Program Files\QuickTime
2008-06-27 09:14 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-27 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 17:54 --------- d-----w C:\Program Files\Kontiki
2008-06-26 15:23 --------- d-----w C:\Program Files\Windows Live
2008-06-26 15:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-25 13:42 --------- d-----w C:\Program Files\Webshots
2008-06-25 13:42 --------- d-----w C:\Documents and Settings\User\Application Data\Webshots
2008-06-25 13:19 --------- d-----w C:\Program Files\IObit
2008-06-25 13:19 --------- d-----w C:\Documents and Settings\User\Application Data\IObit
2008-06-25 13:04 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-25 13:03 --------- d-----w C:\Program Files\Common Files\Real
2008-06-25 12:51 --------- d-----w C:\Program Files\Real
2008-06-25 12:07 --------- d-----w C:\Program Files\Cake Mania
2008-06-25 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-25 11:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-25 11:56 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-06-25 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 11:02 --------- d-----w C:\Program Files\ToniArts
2008-06-25 11:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 11:01 --------- d-----w C:\Program Files\ReflexiveArcade
2008-06-25 09:59 --------- d-----w C:\Program Files\Thomson
2008-06-25 09:55 --------- d-----w C:\Program Files\Canon
2008-06-25 09:52 --------- d-----w C:\Program Files\hp deskjet 845c series
2008-06-25 09:51 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-24 15:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-24 13:54 --------- d-----w C:\Program Files\MSBuild
2008-06-24 13:54 --------- d-----w C:\Program Files\Microsoft Works
2008-06-24 13:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-24 13:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-24 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-24 12:26 --------- d-----w C:\Program Files\CyberLink
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 11:23 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 08:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 08:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 13:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 13:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-29 08:28 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.

------- Sigcheck -------

2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"BitDefender Agent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-08-02 12:36 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-02 12:37]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-08-03 19:22:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-31 16:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-08-03 19:22:51 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 20:23:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-08-03 20:29:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 19:29:20

Pre-Run: 42,832,977,920 bytes free
Post-Run: 42,736,328,704 bytes free

357 --- E O F --- 2008-07-28 07:47:30
You do not have the required permissions to view the files attached to this post.
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby Elrond » August 5th, 2008, 8:22 am

Well done. I think we got most if not all of the stuff this time. :)

As long as CPU shows very low when you are not doing anything that should make it go high it is OK. Memory will allways show high because the computer will keep as much of the lately used stuff as possible in memory in case you will need it again. It is a way of saving time and increase speed.

To be sure that nothing is lurking around I think we should do the following. I will give you the standard instructions for this scanner. If you are the least unsure about how to do it do not hesitate to ask. It is much better that you ask and then do it right than that you try to guess and then we both do not understand why it did not work.

You need to use Internet Explorer for this scan and not any other browser. There are technical reasons for this.
The reason you are telling the scanner not to remove anything it finds is that I need to see what it is before anything is removed.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Good luck. :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: STEELWERX

Unread postby silverdel » August 5th, 2008, 10:11 am

Hello again!, And again thanks for your help, below is the file you requested;
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3328 (20080805)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=7f5ac1c3ce87e54b87fb3a9ad3b48ea3
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-08-05 02:11:29
# local_time=2008-08-05 03:11:29 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=280393
# found=1
# scan_time=4970
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby Elrond » August 5th, 2008, 3:11 pm

Your computer looks clean to me. Well done.

We will do the next step in two parts although I often do it in one go.
The first part is removing all the tools that we have downloaded to clean up the computer.

  1. Go to Start
  2. Click on run Run
  3. Type in ComboFix /u in the field where you can enter text. Note that there is a space between the x and the /. There is no space between the / and the u.
  4. Click OK

Next do the following:
Please download OTCleanIt from http://download.bleepingcomputer.com/ol ... leanIt.exe
Click the OTCleanIt icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt

Let me know when you have done this and I will post some good advice for you to help you avoid getting infected again.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: STEELWERX

Unread postby silverdel » August 5th, 2008, 3:54 pm

Hello, All of the last tasks that you asked to be done have been completed, I can only thankyou for your help in ridding my pc of the aweful malware.
Thanks again for your help

Derek
silverdel
Regular Member
 
Posts: 32
Joined: July 24th, 2008, 4:18 pm

Re: STEELWERX

Unread postby Elrond » August 6th, 2008, 2:28 am

I am happy if I could help you. :)


I left MalwareBytesAntiMalware on your computer. It is a good program to have and to run every few weeks just to be sure that you are still clean.


Your computer now seems to be clean. Therefore please

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

    ----------------------------------------------------------------------------------------------------
  2. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    ----------------------------------------------------------------------------------------------------
  3. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

    ----------------------------------------------------------------------------------------------------
  4. If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

    ----------------------------------------------------------------------------------------------------
  5. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    ----------------------------------------------------------------------------------------------------
  6. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

    ----------------------------------------------------------------------------------------------------
  7. Use a Firewall (Hardware or Software) - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

    ----------------------------------------------------------------------------------------------------
  8. Never run two Antivirus programs or two Software Firewalls at the same time. They can interfere with each other and cause problems.

    ----------------------------------------------------------------------------------------------------
  9. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

    ----------------------------------------------------------------------------------------------------
  10. Update all programs regularly - Make sure you update all programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. The best way to keep updated is to download PSI Secunia from https://psi.secunia.com. It will help you keep your programs updated. Keep it updated. It is free for personal use.

    ----------------------------------------------------------------------------------------------------
  11. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.


    ----------------------------------------------------------------------------------------------------
  12. Use your best judgment when opening E-mails, following links, downloading programs, or surfing the web. If there is the slightest thing odd about something connected with any of those do not open, follow or download even if the sender is a friend. If it is a friend then ask if they really sent the information. They could be infected.
    Follow this list and your potential for being infected again will reduce dramatically.

----------------------------------------------------------------------------------------------------

Stand up and be Counted.
[quote]NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain - that forum has a topic for your infection which is Fake Alert and at least one other infection. Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to government or government agencies that something will get done.

----------------------------------------------------------------------------------------------------

If you have any questions about any of this please ask and I will try to answer.

Good luck and safe surfing

E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware