TechSpot

Logs

By ChingKai
Aug 18, 2011
  1. First sorry for the chinese version on Malwarebytes...

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    資料庫版本: 7502

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19120

    19/8/2011 10:14:27
    mbam-log-2011-08-19 (10-14-26).txt

    掃描類型: 快速掃描
    被掃描物件數量: 158584
    總共掃描時間: 10 分鐘, 14 秒

    被感染記憶體進程數量: 0
    被感染記憶體模組數量: 0
    被感染註冊表項目數量: 0
    被感染註冊表值數量: 0
    被感染註冊表資料項目數量: 0
    被感染資料夾數量: 0
    被感染檔案數量: 0

    被感染記憶體進程數量:
    (沒有檢測到有害項目)

    被感染記憶體模組數量:
    (沒有檢測

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-19 09:57:26
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1234GSX rev.AH001K
    Running: 14ccfte9.exe; Driver: C:\Users\Henry\AppData\Local\Temp\fgloipob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F33E398]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856FF1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 856FF1F8
    Device \Driver\atapi \Device\Ide\IdePort0 856FF1F8
    Device \Driver\atapi \Device\Ide\IdePort1 856FF1F8
    Device \Driver\atapi \Device\Ide\IdePort2 856FF1F8
    Device \Driver\atapi \Device\Ide\IdePort3 856FF1F8
    Device \Driver\atapi \Device\Ide\IdePort4 856FF1F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel0 857001F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel1 857001F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel2 857001F8
    Device \Driver\aznfl87l \Device\Scsi\aznfl87l1Port8Path0Target1Lun0 867571F8
    Device \Driver\aznfl87l \Device\Scsi\aznfl87l1Port8Path0Target0Lun0 867571F8
    Device \Driver\aznfl87l \Device\Scsi\aznfl87l1 867571F8
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 857011F8

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_11
    Run by Henry at 9:58:26 on 2011-08-19
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Softex\OmniPass\opvapp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.yahoo.com/search/ie.html
    mDefault_Page_URL = hxxp://www.pc-ap.fujitsu.com/
    uInternet Settings,ProxyOverride = local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\?速tudou\tudouDetector.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRunOnce: [PCDrProfiler] c:\program files\fujitsu hardware diagnostics tool\RunProfiler.exe -r
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D166C2BC-7A70-4BFA-A4A9-83A25E57A617} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D94053BE-C752-4B08-908F-1200A8810B2E} : DhcpNameServer = 192.168.1.1
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\henry\appdata\roaming\mozilla\firefox\profiles\g00ndh4x.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: network.proxy.type - 2
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-5-10 10368]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-7 309848]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-26 21504]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-7 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-7 54104]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-7 42184]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-26 21504]
    R3 fgloipob;fgloipob;C:\fgloipob.sys [2011-8-19 100864]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-10 5632]
    R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-5-10 34736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2007-12-12 3872]
    S3 SMSCIRDA;SMSC 紅外線裝置驅動程式;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2007-5-10 7680]
    S4 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
    .
    =============== Created Last 30 ================
    .
    2011-08-18 17:14:58 100864 ----a-w- C:\fgloipob.sys
    2011-08-18 17:10:57 -------- d-----w- c:\users\henry\appdata\roaming\Malwarebytes
    2011-08-18 17:10:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-18 17:10:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-18 17:10:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-18 17:10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-17 06:32:06 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{21ea345c-aa0c-4ac2-8d4e-f5d213117a46}\mpengine.dll
    2011-08-14 01:31:03 -------- d-----w- c:\program files\Pando Networks
    2011-08-09 19:26:13 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-09 19:26:11 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-09 19:26:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-08-09 19:26:01 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-09 19:26:01 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
    2011-08-09 19:26:00 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-08-08 13:40:53 -------- d-----w- C:\AeriaGames
    2011-08-08 13:23:21 -------- d-----w- c:\program files\common files\Akamai
    2011-08-06 14:21:08 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-08-06 14:21:01 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-08-06 14:21:01 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-08-06 14:20:58 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-08-06 14:20:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-08-06 13:43:03 -------- d-----w- c:\users\henry\Wolfenstein - Enemy Territory
    2011-07-21 11:12:03 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-21 10:49:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-07-21 10:48:42 276992 ----a-w- c:\windows\system32\schannel.dll
    .
    ==================== Find3M ====================
    .
    2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
    2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-17 05:58:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-17 00:43:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 09:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 10:00:31.40 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    You're not saying what problems you're having.

    Attach.txt part of DDS is missing.
     
  3. ChingKai

    ChingKai TS Rookie Topic Starter

    Sorry for not giving full info onto the post above.


    My IE starts crashing or wenting into "wait for response" status frequently since around 2-3 days ago. Everytime when i open 1-3 tabs in the IE, the browser will suddenly turn white, then crashed.

    Moreover, I couldn't watch youtube or any video clips online properly, since they always pause in the middle when they're loading. Also the internet always disconnects itself, but then reconnect after a few seconds (the icon at the bottom right hand side).

    So i ran the Avast virus scanner without connecting to the internet, and found a few virus/ infected files, and deleted it, also ran another scan during restart of the computer (suggested by AVast after the scan).

    However, 1 night after that, i was still encountering the same problems as before, so i ran the scan again, and found another infected file.

    Furthermore, my Avast gave me warning about failed to update durng last time update, but then when i clicked the update button, it just loaded for a 2-3 secs, then stopped, without saying update finished, but the update date will then changed to the latest date (i don't know why it stops, but i assume my Avast was the latest update already?)

    So i'm not sure if there're any hidden files or virus inside my computer, and keep spawning/spreading new virus .
    In order to make sure my computer is clean, i decided to run a full test following the "6 steps to remove virus and malware"

    & here is the missing DSS result that ran offline and seperated with the other scans (other scans are being ran seperately already) Thank you.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT


    .
    DDS (Ver_2011-06-23.01)
    .
    .
    Motherboard: FUJITSU | | FJNB1CD
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Onboard | 2001/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 6.089 GiB free.
    D: is FIXED (NTFS) - 55 GiB total, 44.719 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1667: 19/8/2011 7:06:57 - 排定的檢查點
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    ?速土豆 1.40.19.0
    2007 Microsoft Office system
    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.4 - Chinese Traditional
    Agere Systems HDA Modem
    Akamai NetSession Interface
    ALPS Touch Pad Driver
    Apple Software Update
    AuthenTec Fingerprint Sensor Minimum Install
    avast! Free Antivirus
    Bluetooth Stack for Windows by Toshiba
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon MP280 series MP Drivers
    Canon My Printer
    Canon Solution Menu EX
    Chinese Simplified Fonts Support For Adobe Reader 8
    ContentSAFER for Wizmax
    DecisionTools Suite 5.0, Professional Edition
    FINAL FANTASY XI
    FINAL FANTASY XI: Chains of Promathia
    FINAL FANTASY XI: Rise of the Zilart
    FINAL FANTASY XI: Treasures of Aht Urhgan
    FINAL FANTASY XI: Wings of the Goddess
    Fujitsu Display Manager
    Fujitsu Hardware Diagnostics Tool
    Fujitsu Hotkey Utility
    Fujitsu System Extension Utility
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Grand Fantasia
    Inst5657
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    LDOCE
    LifeBook Application Panel
    Malwarebytes' Anti-Malware 版本 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Chinese (Traditional)) 2007
    Microsoft Office Excel 2007 Help 更新程式 (KB963678)
    Microsoft Office Excel MUI (Chinese (Traditional)) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office IME (Chinese (Traditional)) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
    Microsoft Office PowerPoint 2007 更新程式 (KB963669)
    Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (Chinese (Traditional)) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Chinese (Traditional)) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
    Microsoft Office Shared MUI (Chinese (Traditional)) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007 更新程式 (KB963665)
    Microsoft Office Word MUI (Chinese (Traditional)) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (1.5)
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    O2Micro Flash Memory Card Windows Driver
    OGA Notifier 2.0.0048.0
    OmniPass 5.00.18
    OpenOffice.org Installer 1.0
    PlayOnline Viewer & Tetra Master
    Pocket RAR documentation
    PowerDVD
    PowerProducer
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator Home
    SafeCast Shared Components
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shock Sensor Utility
    SPSS Data Access Pack 4.5 for Windows
    SPSS Student Version 16.0 for Windows
    System Requirements Lab
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Update Navi
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Toolbar 摘要偵測器 (Windows Live Toolbar)
    Windows Live Writer
    Windows Live 上載工具
    Windows Live 登入小幫手
    Windows Live 程式集
    Windows Live 影像中心
    WinRAR archiver
    智慧型功能表 (Windows Live Toolbar)
    數位板
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. ChingKai

    ChingKai TS Rookie Topic Starter

    Sorry about that... but i guess i'll reformat my computer. Thank you very much.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    No problem.
    Thanks for letting me know :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...