Can't access microsoft or any antivirus sites

[Kyokushin-Kai]

I rarely post because I like to try and figure things out for myself, but I'm at a loss and this forum is alwyas so helpful. Anyway, I am not able to access any site that has anything remotely to do with antivirus, even microsoft update.

I am living in Japan and bought a used (from a reliable nationwide shop) NEC Lavie running XP Home addition version 2002 SP2. Intel Pentium M Processor 2.0GHz. 2.00GHz, 1.25 GB RAM. It came with McAfee AV and some other random programs I haven't figured out yet.

I have followed the First Steps post and here are my logs, some of it is in Japanese so I can provide translation if needed (on a side note, my USB ports are not detecting anything i.e. iPod, external HD):


DDS (Ver_09-07-30.01) - NTFSx86
Run by USER at 23:59:07.32 on 2009/07/31
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1041.18.1279.808 [GMT 9:00]

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\acs.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\NPSpeed\NPSpeed.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\wlman\wlman.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETSW\NETICON.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\NTMETER.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\USER\デスクトップ\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.ntt-east.co.jp/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NECMFK] c:\program files\necmfk\necmfk.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [NPSpeed] c:\program files\npspeed\NPSpeed.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [NTTE_OSA_AUS] "c:\program files\ntte\osa_aus\acs.exe" -silent
mRun: [wlman] "c:\program files\wlman\wlman.exe" -nogui
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
dRun: [ctfmon.exe] ctfmon.exe
uExplorerRun: [{DA0369E8-283A-420f-B2B7-45007AAE2D8A}] c:\progra~1\ntte\fletsc~1\fct.exe
mExplorerRun: [FCTLoginWatcher] c:\progra~1\ntte\fletsc~1\FCToolW.exe -init -run
StartupFolder: c:\docume~1\alluse~1\ベター~1\プロバ~1\ベター~1\ipv6ヂ~1.lnk - c:\program files\ntte\ipv6renew\ipv6renew.exe
StartupFolder: c:\docume~1\alluse~1\ベター~1\プロバ~1\ベター~1\mobile~1.lnk - c:\program files\netsw\NETICON.EXE
StartupFolder: c:\docume~1\alluse~1\ベター~1\プロバ~1\ベター~1\ツンタ~1.lnk - c:\program files\softnavi\SNWebStart.exe
StartupFolder: c:\docume~1\alluse~1\ベター~1\プロバ~1\ベター~1\ソフト~1.lnk - c:\program files\softnavi\SNaviBTN.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {1FD57EF1-C2AA-4434-A9E5-A57C5A0AEB48} = 202.238.95.24 202.238.95.26
Notify: fwMDialer - MultiDialerMain.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2006-3-8 4512]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [2004-6-9 50688]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2004-6-9 18560]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2004-6-9 5376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2006-3-8 102400]
R2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2006-3-8 65536]
R3 AL_WLAN;UGJZ Network Adapter Service;c:\windows\system32\drivers\AL_WLAN.sys [2009-5-30 391232]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-3-8 225401]
R3 NaiFiltr;NaiFiltr;c:\program files\mcafee.com\vso\naifiltr.sys [2006-3-8 23888]
R3 optmirr;optmirr;c:\windows\system32\drivers\optmirr.sys [2009-7-13 3840]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2004-6-9 8448]
S2 ezmxmtq;Update Server;c:\windows\system32\svchost.exe -k netsvcs [2006-3-8 14336]
S2 proytpahh;Time Center;c:\windows\system32\svchost.exe -k netsvcs [2006-3-8 14336]
S3 hpuqakbak;hpuqakbak;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 jcklgsvb;jcklgsvb;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 keqrxdgcb;keqrxdgcb;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-3-8 245760]
S3 oishh;oishh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 olajbkqvj;olajbkqvj;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 pmoqqz;pmoqqz;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 pzbilkndu;pzbilkndu;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S3 sfeodoipy;sfeodoipy;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]

=============== Created Last 30 ================

2009-07-30 00:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-30 00:37 219,648 a------- c:\windows\PEV.exe
2009-07-30 00:37 161,792 a------- c:\windows\SWREG.exe
2009-07-30 00:37 98,816 a------- c:\windows\sed.exe
2009-07-30 00:37 <DIR> --ds---- C:\ComboFix
2009-07-30 00:22 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-07-30 00:22 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 00:22 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-30 00:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 00:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-30 00:18 157,074 a--shr-- c:\windows\system32\cfgnm.dll
2009-07-29 23:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-29 23:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-29 23:53 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-07-29 23:52 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-29 23:51 1,343,372 a------- C:\MGtools.exe
2009-07-29 23:06 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-29 23:06 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-25 12:53 1,197,294 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-25 12:53 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-07-25 12:53 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-07-25 12:53 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-25 12:51 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-25 11:11 <DIR> --d----- c:\program files\Trend Micro
2009-07-24 17:17 <DIR> --d----- c:\program files\IrfanView
2009-07-20 21:55 <DIR> --d----- c:\windows\Drivers
2009-07-20 01:17 <DIR> --d----- c:\windows\pss
2009-07-19 23:45 94,208 a------- c:\windows\system32\MultiDialerMain.dll
2009-07-19 23:45 86,082 a------- c:\windows\system32\ror.exe
2009-07-19 23:45 2,470 a------- c:\windows\MultiDialer.ini
2009-07-18 00:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-18 00:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-17 00:02 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-16 23:55 <DIR> --d--r-- c:\program files\Skype
2009-07-16 23:16 <DIR> --dsh--- c:\documents and settings\user\IECompatCache
2009-07-16 23:14 <DIR> --dsh--- c:\documents and settings\user\PrivacIE
2009-07-16 23:12 <DIR> --dsh--- c:\documents and settings\user\IETldCache
2009-07-16 23:10 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-16 23:09 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 08:30 57,056 a------- c:\windows\system32\optmirr.dll
2009-07-13 08:30 3,840 a------- c:\windows\system32\drivers\optmirr.sys
2009-07-12 10:09 <DIR> --d----- c:\program files\SopCast
2009-07-11 23:57 <DIR> --d----- c:\program files\CCleaner
2009-07-11 22:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-07-11 22:25 <DIR> --d----- c:\documents and settings\user\LocalLow
2009-07-11 22:25 <DIR> --d----- c:\program files\TVUPlayer
2009-07-11 18:58 <DIR> --d----- c:\program files\VideoLAN
2009-07-11 18:39 <DIR> --d----- c:\program files\uTorrent
2009-07-11 18:38 <DIR> --d----- c:\docume~1\user\applic~1\uTorrent
2009-07-11 17:40 <DIR> --dsh--- c:\documents and settings\user\UserData
2009-07-11 17:23 <DIR> --d----- c:\program files\NTTE
2009-07-11 17:17 <DIR> --d----- c:\docume~1\user\applic~1\NTTE
2009-07-11 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NTTE

==================== Find3M ====================

2009-07-21 22:07 198,820 a------- c:\windows\system32\perfh011.dat
2009-07-21 22:07 62,672 a------- c:\windows\system32\perfc011.dat

============= FINISH: 23:59:25.43 ===============

Thank you for taking the time out to help me. Looking forward to hearing from you.

Kyokushin-Kai

[mas_pogi]

hi.

You seemed to run Combofix.exe on your own.

Quote:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

Kindly post C:\Combofix.txt in your reply for review.

Are you having a problem with your mcafee? Let me know in your next reply.

Mark

[Kyokushin-Kai]

Hi Mark. Thank you for your reply. Sorry about running combofix. I actually ran it before I came to this forum. I realized I was WAY out of my league so I came here and noticed the "first steps" order. I ran a new combofix:

ComboFix 09-07-31.04 - USER 2009/08/01 11:09.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1041.18.1279.925 [GMT 9:00]
Running from: c:\documents and settings\USER\デスクトップ\ComboFix.exe
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-07-31 15:29 . 2009-07-31 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-29 15:22 . 2009-07-29 15:22 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
2009-07-29 15:22 . 2009-07-13 04:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 15:22 . 2009-07-29 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 15:22 . 2009-07-29 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 15:22 . 2009-07-13 04:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 15:18 . 2009-07-29 15:18 157074 --sha-r- c:\windows\system32\cfgnm.dll
2009-07-29 14:53 . 2009-07-29 15:15 117760 ----a-w- c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 14:53 . 2009-07-29 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-29 14:53 . 2009-07-29 14:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 14:53 . 2009-07-29 14:53 -------- d-----w- c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2009-07-29 14:52 . 2009-07-29 14:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 14:51 . 2009-07-29 14:51 1343372 ----a-w- C:\MGtools.exe
2009-07-29 14:06 . 2009-07-29 14:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 14:06 . 2009-07-29 14:06 -------- d-----w- c:\program files\Java
2009-07-26 16:10 . 2009-07-26 16:10 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Identities
2009-07-25 03:55 . 2004-08-05 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-25 03:53 . 2009-07-25 03:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-25 03:51 . 2009-07-25 03:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-25 03:51 . 2009-07-25 03:51 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 02:11 . 2009-07-25 02:11 -------- d-----w- c:\program files\Trend Micro
2009-07-24 15:15 . 2009-07-24 15:15 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Adobe
2009-07-24 15:15 . 2009-07-24 15:15 -------- d-----w- c:\documents and settings\USER\Application Data\AdobeUM
2009-07-24 15:15 . 2009-07-24 15:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 08:17 . 2009-07-24 08:17 -------- d-----w- c:\program files\IrfanView
2009-07-20 12:55 . 2009-07-20 12:55 -------- d-----w- c:\windows\Drivers
2009-07-20 07:22 . 2009-07-20 07:22 -------- d-----w- c:\documents and settings\USER\Application Data\dvdcss
2009-07-20 05:36 . 2009-07-20 05:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-19 16:39 . 2009-07-19 16:39 -------- d-----w- c:\windows\Sun
2009-07-19 14:45 . 2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll
2009-07-19 14:45 . 2007-12-06 01:56 86082 ----a-w- c:\windows\system32\ror.exe
2009-07-17 15:57 . 2009-07-29 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 15:57 . 2009-07-17 16:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-16 15:02 . 2009-07-16 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-16 15:02 . 2009-07-25 01:39 -------- d-----w- c:\documents and settings\USER\Application Data\skypePM
2009-07-16 14:56 . 2009-07-25 02:09 -------- d-----w- c:\documents and settings\USER\Application Data\Skype
2009-07-16 14:55 . 2009-07-16 14:55 -------- d-----w- c:\program files\Common Files\Skype
2009-07-16 14:55 . 2009-07-29 13:51 -------- d-----r- c:\program files\Skype
2009-07-16 14:55 . 2009-07-16 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 14:16 . 2009-07-16 14:16 -------- d-sh--w- c:\documents and settings\USER\IECompatCache
2009-07-16 14:14 . 2009-07-16 14:14 -------- d-sh--w- c:\documents and settings\USER\PrivacIE
2009-07-16 14:12 . 2009-07-16 14:12 -------- d-sh--w- c:\documents and settings\USER\IETldCache
2009-07-16 14:10 . 2009-01-07 09:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-16 14:09 . 2009-07-16 14:10 -------- dc-h--w- c:\windows\ie8
2009-07-12 23:30 . 2009-01-09 04:34 57056 ----a-w- c:\windows\system32\optmirr.dll
2009-07-12 23:30 . 2009-01-07 07:11 3840 ----a-w- c:\windows\system32\drivers\optmirr.sys
2009-07-12 23:22 . 2009-07-19 14:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\NTTE
2009-07-12 23:22 . 2009-07-19 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\NTTE
2009-07-12 23:22 . 2009-07-12 23:22 15480072 ----a-w- c:\documents and settings\All Users\Application Data\NTTE\PcSetupToolPackages\Setup_FCT.exe
2009-07-12 01:09 . 2009-07-12 01:09 -------- d-----w- c:\program files\SopCast
2009-07-11 14:57 . 2009-07-11 14:57 -------- d-----w- c:\program files\CCleaner
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\TVU Networks
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\documents and settings\USER\LocalLow
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\program files\TVUPlayer
2009-07-11 11:38 . 2009-07-12 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-11 11:38 . 2009-07-12 01:02 -------- d-----w- c:\program files\NOS
2009-07-11 11:30 . 2009-07-11 11:37 1915520 ----a-w- c:\documents and settings\USER\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-11 09:58 . 2009-07-31 16:52 -------- d-----w- c:\documents and settings\USER\Application Data\vlc
2009-07-11 09:58 . 2009-07-11 09:58 -------- d-----w- c:\program files\VideoLAN
2009-07-11 08:40 . 2009-07-11 08:40 -------- d-sh--w- c:\documents and settings\USER\UserData
2009-07-11 08:23 . 2009-07-19 14:45 -------- d-----w- c:\program files\NTTE
2009-07-11 08:23 . 2009-07-11 08:23 -------- d-----w- c:\documents and settings\USER\Application Data\InstallShield
2009-07-11 08:17 . 2009-07-19 14:45 -------- d-----w- c:\documents and settings\USER\Application Data\NTTE
2009-07-11 08:17 . 2009-07-19 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NTTE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 13:50 . 2006-03-08 07:34 -------- d-----w- c:\program files\Justsystem
2009-07-21 13:07 . 2006-03-08 06:25 62672 ----a-w- c:\windows\system32\perfc011.dat
2009-07-21 13:07 . 2006-03-08 06:25 198820 ----a-w- c:\windows\system32\perfh011.dat
2009-07-19 14:45 . 2006-03-08 07:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 01:02 . 2009-05-30 09:21 33784 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 09:27 . 2009-05-30 09:27 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-29_15.40.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 02:06 . 2009-08-01 02:06 16384 c:\windows\Temp\Perflib_Perfdata_138.dat
+ 2006-03-08 06:24 . 2004-08-05 12:00 22016 c:\windows\system32\dllcache\lpk.dll
+ 2009-07-31 15:29 . 2009-07-31 15:29 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F6617.exe
+ 2009-07-31 15:29 . 2009-07-31 15:29 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F66110.exe
+ 2009-07-31 15:29 . 2009-07-31 15:29 1546240 c:\windows\Installer\a82074.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-08-24 135168]
"NECMFK"="c:\program files\necmfk\necmfk.exe" [2004-06-04 63488]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2003-12-08 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-01-28 180224]
"NPSpeed"="c:\program files\NPSpeed\NPSpeed.exe" [2004-07-30 442368]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-06-10 1380352]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 163840]
"NTTE_OSA_AUS"="c:\program files\NTTE\OSA_Aus\acs.exe" [2008-11-16 2401632]
"wlman"="c:\program files\wlman\wlman.exe" [2004-08-27 617489]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" - c:\windows\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"FCTLoginWatcher"="c:\progra~1\NTTE\FLETSC~1\FCToolW.exe" [2009-02-15 701848]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{DA0369E8-283A-420f-B2B7-45007AAE2D8A}"="c:\progra~1\NTTE\FLETSC~1\fct.exe" [2008-10-07 1209752]

c:\documents and settings\All Users\スタート メニュー\プログラム\スタートアップ\
IPv6アドレス取得ツール(NTT東日本).lnk - c:\program files\NTTE\ipv6renew\ipv6renew.exe [2009-7-19 52576]
MobileOptimizer.lnk - c:\program files\NETSW\NETICON.EXE [2006-3-8 278528]
インターネットを楽しもうスターター.lnk - c:\program files\Softnavi\SNWebStart.exe [2006-3-8 73728]
ソフトナビゲータースターター.lnk - c:\program files\Softnavi\SNaviBTN.exe [2006-3-8 94208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwMDialer]
2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1451:TCP"= 1451:TCP:lbyjzs

R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2006/03/08 16:27 4512]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [2004/06/09 15:10 50688]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2004/06/09 15:09 18560]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2004/06/09 15:09 5376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009/07/28 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009/07/28 10:53 72944]
R2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2006/03/08 16:31 65536]
R3 AL_WLAN;UGJZ Network Adapter Service;c:\windows\system32\drivers\AL_WLAN.sys [2009/05/30 18:20 391232]
R3 NaiFiltr;NaiFiltr;c:\program files\McAfee.com\VSO\naifiltr.sys [2006/03/08 16:27 23888]
R3 optmirr;optmirr;c:\windows\system32\drivers\optmirr.sys [2009/07/13 8:30 3840]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2004/06/09 15:09 8448]
S2 ezmxmtq;Update Server;c:\windows\system32\svchost.exe -k netsvcs [2006/03/08 15:24 14336]
S2 proytpahh;Time Center;c:\windows\system32\svchost.exe -k netsvcs [2006/03/08 15:24 14336]
S3 hpuqakbak;hpuqakbak;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 jcklgsvb;jcklgsvb;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 keqrxdgcb;keqrxdgcb;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 oishh;oishh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 olajbkqvj;olajbkqvj;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 pmoqqz;pmoqqz;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 pzbilkndu;pzbilkndu;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009/07/28 10:53 7408]
S3 sfeodoipy;sfeodoipy;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 tofnvbuft;tofnvbuft;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezmxmtq
proytpahh

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\McAfee.com アップデートの確認 (PC-USER).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2006-03-08 07:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.ntt-east.co.jp/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 11:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpuqakbak]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jcklgsvb]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\keqrxdgcb]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oishh]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olajbkqvj]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmoqqz]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pzbilkndu]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfeodoipy]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tofnvbuft]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ezmxmtq]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\proytpahh]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-1372701467-3062347852-324733321-1006\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ｳ0・ﾝ0・ﾍ0・ﾈ0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ｳ0・ﾝ0・ﾍ0・ﾈ0\CurVer]
@="BDATuner.コンポーネント.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\｢0・､0・ｹ0ﾈ0・・n0ﾐ0ﾃ0ｯ0｢0ﾃ0ﾗ0 *､0・・ｸ0]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="このバージョンの Windows をアンインストールして前のオペレーティング システムに戻る場合は、これらのファイルが必要です。"
"Display"="前のオペレーティング システムのバックアップ ファイル"
"IconPath"=expand:"%SystemRoot%\\system32\\osuninst.EXE,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\MultiDialerMain.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC

- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\SHDOCVW.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\ieframe.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-01 11:14
ComboFix-quarantined-files.txt 2009-08-01 02:14
ComboFix2.txt 2009-07-29 15:41

Pre-Run: 1,489,211,392 バイトの空き領域
Post-Run: 1,451,057,152 バイトの空き領域

255


Thank you so much for taking time out.

[Kyokushin-Kai]

Oh, BTW, I tried to deactivate my McAfee before the scan. I thought I did (it's all in Japanese), but it seemed to have still been running. I allowed combofix to keep running and I didn't block any processes. As far as McAfee, I am not having any problems that I am aware of. Thank you.

[mas_pogi]

hi.

Konbanwa. Dou desu ka?

Thank you for the information. Lets continue.

I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

-----------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named.


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
• At the next prompt, click No'.
  
• When the tool is finished, a log named CF_RC.txt will open.

You can also find it in C:\CF_RC.txt .
Please post it in your next reply.


Mark

[Kyokushin-Kai]

元気です！マークは？ha! Unfortunatley I can't access any microsoft sites. Do you have a link I can use that's not microsoft?

[mas_pogi]

hi.

Watashi mo Genki desu. Chotto matte kudasai.

I'll ask some expert about it. Please do not modify or run any tools.

Wait for further instructions.

Mark

[Kyokushin-Kai]

はい！待ってます。　Thanks.

[Kyokushin-Kai]

Sorry for the delay. Here's the txt:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

[mas_pogi]

hi.

You may download that package from another computer. And transfer it to the infected machine using your flash disk.

If you don't have any computer near you. You can ask your friend to download the package and email it to you.

mark

[Kyokushin-Kai]

I used your link and it worked perfectly.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

[mas_pogi]

hi.

Yosh. Lets continue.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/400373-cant-access-microsoft-any-antivirus-sites.html#post2269495

COLLECT::
c:\windows\system32\cfgnm.dll
c:\windows\system32\03.tmp
c:\windows\system32\01.tmp

DIRLOOK::
c:\windows\Drivers

REGISTRY::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1451:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

DRIVER::
ezmxmtq
proytpahh
hpuqakbak
jcklgsvb
keqrxdgcb
oishh
olajbkqvj
pmoqqz
pzbilkndu
sfeodoipy
tofnvbuft

NetSvc::
ezmxmtq
proytpahh

REGLOCK::
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*・^\.Current]
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*・^\.Current]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*・^\.Current]
[HKEY_USERS\S-1-5-21-1372701467-3062347852-324733321-1006\AppEvents\Schemes\Apps\Conf\*・^\.Current]
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ｳ0・ﾝ0・ﾍ0・ﾈ0\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ｳ0・ﾝ0・ﾍ0・ﾈ0\CurVer]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\｢0・､0・ｹ0ﾈ0・・n0ﾐ0ﾃ0ｯ0｢0ﾃ0ﾗ0 *､0・・ｸ0]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, it pops out with the CF log and this message box:



Clicking OK will begin the auto-upload of the zipped file.




-----------

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file.

--------------------------------------------------------------------------

Run ESET Online Scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

-----------------------------------------------------------------------
How's your computer now?


In your reply, please post

C:\combofix.txt
ESET scan result
Answer to my questions

Mark

[Kyokushin-Kai]

File submitted

[mas_pogi]

hi

Post the remaining logs when you are ready. おねがいたします。

You may leave ESET scanning overnight.
After it started scanning, you can disconnect your internet connection. It will still continue scanning.

It is almost 1am there =)

Mark

[Kyokushin-Kai]

It's scanning now. It's at 47%. It found 1 threat so far. It's actually 1:30 am!

[Kyokushin-Kai]

Done.

Combofix:
ComboFix 09-07-31.04 - USER 2009/08/02 0:52.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1041.18.1279.916 [GMT 9:00]
Running from: c:\documents and settings\USER\デスクトップ\ComboFix.exe
Command switches used :: c:\documents and settings\USER\デスクトップ\CFScript.txt
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


file zipped: c:\windows\system32\cfgnm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cfgnm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EZMXMTQ
-------\Legacy_PROYTPAHH
-------\Service_ezmxmtq
-------\Service_hpuqakbak
-------\Service_jcklgsvb
-------\Service_keqrxdgcb
-------\Service_oishh
-------\Service_olajbkqvj
-------\Service_pmoqqz
-------\Service_proytpahh
-------\Service_pzbilkndu
-------\Service_sfeodoipy
-------\Service_tofnvbuft


((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-08-01 04:12 . 2009-08-01 04:12 -------- d-----w- c:\documents and settings\USER\Application Data\Sonic
2009-08-01 04:12 . 2009-08-01 04:12 -------- d-----w- c:\documents and settings\USER\Application Data\Leadertech
2009-08-01 04:06 . 2009-08-01 04:06 -------- d-----w- c:\documents and settings\USER\Application Data\Ulead Systems
2009-07-31 15:29 . 2009-07-31 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-29 15:22 . 2009-07-29 15:22 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
2009-07-29 15:22 . 2009-07-13 04:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 15:22 . 2009-07-29 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 15:22 . 2009-07-29 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 15:22 . 2009-07-13 04:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 14:53 . 2009-07-29 15:15 117760 ----a-w- c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 14:53 . 2009-07-29 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-29 14:53 . 2009-07-29 14:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 14:53 . 2009-07-29 14:53 -------- d-----w- c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com
2009-07-29 14:52 . 2009-07-29 14:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 14:51 . 2009-07-29 14:51 1343372 ----a-w- C:\MGtools.exe
2009-07-29 14:06 . 2009-07-29 14:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 14:06 . 2009-07-29 14:06 -------- d-----w- c:\program files\Java
2009-07-26 16:10 . 2009-07-26 16:10 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Identities
2009-07-25 03:55 . 2004-08-05 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-25 03:53 . 2009-07-25 03:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-25 03:51 . 2009-07-25 03:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-25 03:51 . 2009-07-25 03:51 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 02:11 . 2009-07-25 02:11 -------- d-----w- c:\program files\Trend Micro
2009-07-24 15:15 . 2009-07-24 15:15 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Adobe
2009-07-24 15:15 . 2009-07-24 15:15 -------- d-----w- c:\documents and settings\USER\Application Data\AdobeUM
2009-07-24 15:15 . 2009-07-24 15:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 08:17 . 2009-07-24 08:17 -------- d-----w- c:\program files\IrfanView
2009-07-20 12:55 . 2009-07-20 12:55 -------- d-----w- c:\windows\Drivers
2009-07-20 07:22 . 2009-07-20 07:22 -------- d-----w- c:\documents and settings\USER\Application Data\dvdcss
2009-07-20 05:36 . 2009-07-20 05:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-19 16:39 . 2009-07-19 16:39 -------- d-----w- c:\windows\Sun
2009-07-19 14:45 . 2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll
2009-07-19 14:45 . 2007-12-06 01:56 86082 ----a-w- c:\windows\system32\ror.exe
2009-07-17 15:57 . 2009-08-01 05:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 15:57 . 2009-08-01 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 15:02 . 2009-07-16 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-16 15:02 . 2009-08-01 14:10 -------- d-----w- c:\documents and settings\USER\Application Data\skypePM
2009-07-16 14:56 . 2009-08-01 14:43 -------- d-----w- c:\documents and settings\USER\Application Data\Skype
2009-07-16 14:55 . 2009-07-16 14:55 -------- d-----w- c:\program files\Common Files\Skype
2009-07-16 14:55 . 2009-07-29 13:51 -------- d-----r- c:\program files\Skype
2009-07-16 14:55 . 2009-07-16 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 14:16 . 2009-07-16 14:16 -------- d-sh--w- c:\documents and settings\USER\IECompatCache
2009-07-16 14:14 . 2009-07-16 14:14 -------- d-sh--w- c:\documents and settings\USER\PrivacIE
2009-07-16 14:12 . 2009-07-16 14:12 -------- d-sh--w- c:\documents and settings\USER\IETldCache
2009-07-16 14:10 . 2009-01-07 09:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-16 14:09 . 2009-07-16 14:10 -------- dc-h--w- c:\windows\ie8
2009-07-12 23:30 . 2009-01-09 04:34 57056 ----a-w- c:\windows\system32\optmirr.dll
2009-07-12 23:30 . 2009-01-07 07:11 3840 ----a-w- c:\windows\system32\drivers\optmirr.sys
2009-07-12 23:22 . 2009-07-19 14:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\NTTE
2009-07-12 23:22 . 2009-07-19 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\NTTE
2009-07-12 23:22 . 2009-07-12 23:22 15480072 ----a-w- c:\documents and settings\All Users\Application Data\NTTE\PcSetupToolPackages\Setup_FCT.exe
2009-07-12 01:09 . 2009-07-12 01:09 -------- d-----w- c:\program files\SopCast
2009-07-11 14:57 . 2009-07-11 14:57 -------- d-----w- c:\program files\CCleaner
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\TVU Networks
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\documents and settings\USER\LocalLow
2009-07-11 13:25 . 2009-07-11 13:25 -------- d-----w- c:\program files\TVUPlayer
2009-07-11 11:38 . 2009-07-12 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-11 11:38 . 2009-07-12 01:02 -------- d-----w- c:\program files\NOS
2009-07-11 11:30 . 2009-07-11 11:37 1915520 ----a-w- c:\documents and settings\USER\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-11 09:58 . 2009-08-01 04:48 -------- d-----w- c:\documents and settings\USER\Application Data\vlc
2009-07-11 09:58 . 2009-07-11 09:58 -------- d-----w- c:\program files\VideoLAN
2009-07-11 08:40 . 2009-07-11 08:40 -------- d-sh--w- c:\documents and settings\USER\UserData
2009-07-11 08:23 . 2009-07-19 14:45 -------- d-----w- c:\program files\NTTE
2009-07-11 08:23 . 2009-07-11 08:23 -------- d-----w- c:\documents and settings\USER\Application Data\InstallShield
2009-07-11 08:17 . 2009-07-19 14:45 -------- d-----w- c:\documents and settings\USER\Application Data\NTTE
2009-07-11 08:17 . 2009-07-19 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NTTE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 04:06 . 2006-03-08 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-07-29 13:50 . 2006-03-08 07:34 -------- d-----w- c:\program files\Justsystem
2009-07-21 13:07 . 2006-03-08 06:25 62672 ----a-w- c:\windows\system32\perfc011.dat
2009-07-21 13:07 . 2006-03-08 06:25 198820 ----a-w- c:\windows\system32\perfh011.dat
2009-07-19 14:45 . 2006-03-08 07:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 01:02 . 2009-05-30 09:21 33784 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 09:27 . 2009-05-30 09:27 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\Drivers ----

2009-07-20 12:56 . 2002-10-17 08:13 32768 ------w- c:\windows\Drivers\LaCie\USBClean.exe


((((((((((((((((((((((((((((( SnapShot@2009-07-29_15.40.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 15:58 . 2009-08-01 15:58 16384 c:\windows\Temp\Perflib_Perfdata_f70.dat
+ 2009-08-01 15:58 . 2009-08-01 15:58 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat
+ 2006-03-08 06:41 . 2006-10-18 12:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2006-03-08 06:24 . 2004-08-05 12:00 22016 c:\windows\system32\dllcache\lpk.dll
+ 2009-07-31 15:29 . 2009-07-31 15:29 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F6617.exe
+ 2009-07-31 15:29 . 2009-07-31 15:29 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}\IconCD95F66110.exe
+ 2006-03-08 06:24 . 2004-08-05 12:00 8289792 c:\windows\system32\dllcache\shell32.dll
+ 2009-07-31 15:29 . 2009-07-31 15:29 1546240 c:\windows\Installer\a82074.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-08-24 135168]
"NECMFK"="c:\program files\necmfk\necmfk.exe" [2004-06-04 63488]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2003-12-08 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2004-01-28 180224]
"NPSpeed"="c:\program files\NPSpeed\NPSpeed.exe" [2004-07-30 442368]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-06-10 1380352]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 163840]
"NTTE_OSA_AUS"="c:\program files\NTTE\OSA_Aus\acs.exe" [2008-11-16 2401632]
"wlman"="c:\program files\wlman\wlman.exe" [2004-08-27 617489]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-02-14 88107]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" - c:\windows\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"FCTLoginWatcher"="c:\progra~1\NTTE\FLETSC~1\FCToolW.exe" [2009-02-15 701848]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{DA0369E8-283A-420f-B2B7-45007AAE2D8A}"="c:\progra~1\NTTE\FLETSC~1\fct.exe" [2008-10-07 1209752]

c:\documents and settings\All Users\スタート メニュー\プログラム\スタートアップ\
IPv6アドレス取得ツール(NTT東日本).lnk - c:\program files\NTTE\ipv6renew\ipv6renew.exe [2009-7-19 52576]
MobileOptimizer.lnk - c:\program files\NETSW\NETICON.EXE [2006-3-8 278528]
インターネットを楽しもうスターター.lnk - c:\program files\Softnavi\SNWebStart.exe [2006-3-8 73728]
ソフトナビゲータースターター.lnk - c:\program files\Softnavi\SNaviBTN.exe [2006-3-8 94208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwMDialer]
2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2006/03/08 16:27 4512]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [2004/06/09 15:10 50688]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2004/06/09 15:09 18560]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2004/06/09 15:09 5376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009/07/28 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009/07/28 10:53 72944]
R2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2006/03/08 16:31 65536]
R3 AL_WLAN;UGJZ Network Adapter Service;c:\windows\system32\drivers\AL_WLAN.sys [2009/05/30 18:20 391232]
R3 NaiFiltr;NaiFiltr;c:\program files\McAfee.com\VSO\naifiltr.sys [2006/03/08 16:27 23888]
R3 optmirr;optmirr;c:\windows\system32\drivers\optmirr.sys [2009/07/13 8:30 3840]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2004/06/09 15:09 8448]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009/07/28 10:53 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\McAfee.com アップデートの確認 (PC-USER).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2006-03-08 07:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.ntt-east.co.jp/
TCP: {1FD57EF1-C2AA-4434-A9E5-A57C5A0AEB48} = 202.238.95.24 202.238.95.26
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 00:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-1372701467-3062347852-324733321-1006\AppEvents\Schemes\Apps\Conf\*・^\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ｳ0・ﾝ0・ﾍ0・ﾈ0\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*ｳ0・ﾝ0・ﾍ0・ﾈ0\CurVer]
@="BDATuner.コンポーネント.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\｢0・､0・ｹ0ﾈ0・・n0ﾐ0ﾃ0ｯ0｢0ﾃ0ﾗ0 *､0・・ｸ0]
@="{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}"
"Description"="このバージョンの Windows をアンインストールして前のオペレーティング システムに戻る場合は、これらのファイルが必要です。"
"Display"="前のオペレーティング システムのバックアップ ファイル"
"IconPath"=expand:"%SystemRoot%\\system32\\osuninst.EXE,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\MultiDialerMain.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC

- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\SHDOCVW.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\system32\conime.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Apoint2K\HidFind.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-01 1:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 16:01
ComboFix2.txt 2009-08-01 15:05
ComboFix3.txt 2009-08-01 14:55
ComboFix4.txt 2009-08-01 02:14
ComboFix5.txt 2009-08-01 15:24

Pre-Run: 5,594,349,568 バイトの空き領域
Post-Run: 5,513,916,416 バイトの空き領域

267

ESET:
SETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=8f56964e76f6774a9e3cc0252838826b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-01 04:46:49
# local_time=2009-08-02 01:46:49 )
# country="Japan"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=35970
# found=1
# cleaned=0
# scan_time=1649
C:\Qoobox\Quarantine\[4]-Submit_2009-08-02_00.52.31.zip a variant of Win32/Conficker.AE worm 00000000000000000000000000000000 I

Thanks for your help. I can access Microsoft!

[mas_pogi]

hi.

Good job.

ESET flagged a file in Qoobox. Qoobox is our Tool's quarantine folder. So what in there are harmless. It will be deleted in my succeeding instruction.

Congratulations! You now appear clean!

We Need to Clean Up Our Mess

1. Uninstall ComboFix
   Remove Combofix now that we're done with it.
   • Click on your Start Menu, then Run....
   • Now copy and paste this one in the runbox. Then HIT enter.
     
     
     Code:

     ComboFix /u

     
     
     
   Uninstalling ComboFix will do the following:
   1. Delete ComboFix and its components from your computer.
   2. Delete other tools commonly used during the malware removal process.
   3. Resets clock settings to standard format.
   4. Re-hides file extensions and hidden/system files.
   5. Clears System Restore cache and creates new restore point.
   
   
2. Please also delete the DDS.scr located at your desktop.

-----------------------------------------------
Recommendations
Below are some recommendations to lower your chances of (re)infection.

1. Install Spyware Blaster and update it regularly
   If you wish, the commercial version provides automatic updating.
   
   
2. Install the MVPs hosts file, and update it regularly
   You can use the HostMan host file manager to do this automaticly if you wish.
   For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
   
   
3. Install an Anti-Spyware program, and update it regularly
   Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
   SUPERAntiSpyware is another good scanner with high detection and removal rates.
   Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
   
   
4. Keep Windows (and your other Microsoft software) up to date!
   I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
   
   Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
   
   
5. Keep your other software up to date as well
   Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
   
   
6. Stay up to date!
   The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Please respond to this thread one more time so we can mark this thread as resolved.

Maraming salamat.

Mark

[Kyokushin-Kai]

Amazing. Thank you so much. I will do all the advice you gave me. Would you recommend I still use McAfee or should I change to AVG?

[Kyokushin-Kai]

Or using firefox?

[mas_pogi]

hi

Ohayou =)

If you're still using licensed Mcafee, then let it expire before you use other antivirus. Remember to install only one antivirus per computer.

I suggest Antivir/Avira : http://www.free-av.com/en/trialpay_d...antivirus.html

Even the free one is very good.

I am using Firefox with No script add-on.

http://www.mozilla.com/en-US/
https://addons.mozilla.org/en-US/firefox/addon/722

=)

Mark