Win32.mIRC.62 need help :(

[mauserme]

Your Java Runtime is out of date and is exploitable.  Update this to Version 5 Update 11 or higher

http://www.java.com/en/download/manual.jsp

Then make sure you go into Add/Remove Programs and uninstall any older versions (the update process does not do this).

Other than that I don't see anything terrible in the quick look I gave your log.  I'm at work right now so I 'll look a little deeper later on.  Did you have an advertising pop up problems in the past?

EDIT:  A third party firewall would help you avoid infection.  You should consider installing one.

[bug_master]

Did you have an advertiserising pop up problems in the past?

I have problems with a cookie Tagasaur (or something like that) but I fix it with Spybot.
Can you tell me a good free firewall to use?

[Lisandro]

Can you tell me a good free firewall to use?

Comodo

Personal Firewall Tests & Results. Firewall rating:
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings

Freeware firewalls:
http://www.firewallleaktester.com/tests_overview.php
http://www.thefreecountry.com/security/firewalls.shtml
http://forum.avast.com/index.php?topic=22742.0;topicseen

[mauserme]

Can you tell me a good free firewall to use?

Comodo

I second that 

[bug_master]

Thanx alot 

I was thinking of getting ZoneAlarm but I know a lot of people who suffered from it 
So then I decided to let my Windows Firewall do the job but I think he's not doing it right 
Do I have to switch off Windows Firewall when I install Comodo?
Is Comodo easy to handle?

[polonus]

Hi bug_master,

ZA was the thing to have around 2004, the older versions are still great, but I also experienced some hick-ups with the latest version on my XP SP2, just too restricted to surf. So what the others advise you is from their experience with this program, and you can trust these boys here on the forum. Those that hang in longer here have grown to be experienced users and powerusers, some even grown into geeks.  Before installing any FW read the manuals first, so you know what it is all about.

polonus

[mauserme]

All I see in your log (other than mentioned above) is possible remnants of something like CoolWebSearch or LOP Adware.  But it seems to have already been cleaned so unless you're having problems I would leave it alone.

When you install Comodo it will probably turn off the Windows Firewall for you but it can't hurt to double check since you don't want both active at the same time.  To tell you the truth, I hate complicated firewalls.  I want it to be secure but I don't want to devote my life to fine tuning it.  Comodo strikes a nice balance for me.

Ok, now that you've had a chance to ask lots of questions and maybe come to trust us a little more, can I ask you if there's a particular problem we need to address?  Maybe you just want to confirm that your system is free of the virus you mentioned in your first post, and that's OK.  But if there's something special we need to look at this would be a good time to post the details 

[bug_master]

Well as I said I had a serious infestation some days ago, and then I realised I am not awair what to do in such situations 
So I needed some help to understand if I'm 100% Ok and secured.
Most of my friends just preinstall Windows when they have a virus but I personaly think that is a wrong aproach.
So thank you alot for all the help and I hope I don't have another infection soon 

[mauserme]

Most of my friends just preinstall Windows when they have a virus but I personaly think that is a wrong aproach.

I agree.

So we still have ComboFix we can look at - if you want ...

[DavidR]

Well as I said I had a serious infestation some days ago, and then I realised I am not awair what to do in such situations 

If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.

1. back-up all the things that you don't want to lose, data files, like documents, spreadsheets, emails, email account details, registration keys, address book, favourites/bookmarks, downloaded files/programs, etc. the list goes on and on but if you don't want to lose it back it up. There are many back-up programs that can simplify this task and run it every day.

2. Recovery - re-installing your system really is a poor choice and one of last resort. There are tools (Drive Imaging software) that take exact images of your Partitions or Hard Disks and these images can be restored in minutes if you suffer a major catastrophe and that doesn't have to be a virus attack.

I do a weekly image of my partitions and save them to my 2nd hard disk, they can also be saved to off-line storage, DVD, USB external hard disk, etc. as part of my weekly system maintenance.

So if the worst comes to the worst at most I lose:
A. 6 days worth of program updates or new installations, but with my daily back-up I can recover most of that.
B. less than one days data files, emails, etc.
None of these is a problem and much quicker than a system reinstall and I don't have to go on-line to download the myriad of security updates needed to secure my system where there is a chance to get reinfected whilst my system has vulnerabilities because of these missing patches. Not to mention all my system tweaks and program settings are retained and I will have saved myself many hours of work and a huge amount of stress.

Many of these programs cost, there are some free ones, but it will take some research on your part to find these tools and decide on what is best for you from reviews, user feed back, etc. good luck.

[Lisandro]

If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.

Following David's advices, I recommend:
1. Partition cloning (backup) with Acronis, Paragon, etc.
2. Use on-line backup as Mozy. Click on my signature for details.

[bug_master]

Sorry for the delay but here it is:

"user" - 07-04-14 11:39:27    Service Pack 2
ComboFix 07-04-05 - Running from: "D:\software"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-14 to 2007-04-14  ))))))))))))))))))))))))))))))))))


2007-04-10 11:53   <DIR>   d--------   C:\DOCUME~1\user\APPLIC~1\Comodo
2007-04-10 11:53   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-04-10 11:50   51,328   --a------   C:\WINDOWS\system32\drivers\inspect.sys
2007-04-10 11:50   <DIR>   d--------   C:\Program Files\Comodo
2007-04-07 13:58   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-07 13:58   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-04-07 13:58   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-07 13:58   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-04-07 13:58   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-07 13:58   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-07 13:58   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-07 13:33   <DIR>   d--------   C:\WINDOWS\SxsCaPendDel
2007-04-07 12:39   <DIR>   d--------   C:\kav
2007-04-06 20:47   <DIR>   d--------   C:\DOCUME~1\user\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-06 14:43   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-04-05 21:54   <DIR>   d--------   C:\DOCUME~1\user\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
2007-04-02 21:32   <DIR>   d--------   C:\Program Files\Autodesk
2007-04-02 12:05   <DIR>   d--------   C:\DOCUME~1\user\APPLIC~1\e frontier
2007-03-31 17:22   2,208   --a------   C:\WINDOWS\system32\drivers\nxsIO32.sys
2007-03-30 16:57   93,824   -ra------   C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-30 16:57   765,952   -ra------   C:\WINDOWS\system\crlds3d.dll
2007-03-30 16:57   53,248   ---------   C:\WINDOWS\system32\wdmioctl.dll
2007-03-30 16:57   49,152   --a------   C:\WINDOWS\system32\DSndUp.exe
2007-03-30 16:57   45,056   ---------   C:\WINDOWS\system32\CleanUp.exe
2007-03-30 16:57   392,960   -ra------   C:\WINDOWS\system32\drivers\senfilt.sys
2007-03-30 16:57   229,888   -ra------   C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-03-30 16:57   1,285,632   ---------   C:\WINDOWS\system32\SMMedia.dll
2007-03-30 15:23   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-30 14:53   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2007-03-26 19:48   <DIR>   d--------   C:\Program Files\TrayIconsOK
2007-03-25 15:21   <DIR>   d--------   C:\WINDOWS\system32\bak
2007-03-20 21:16   68,888   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-03-20 21:16   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-03-20 21:16   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-03-20 21:16   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-03-20 21:16   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-03-20 21:16   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-03-16 06:55   40,960   --a------   C:\WINDOWS\system32\frapsvid.dll
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-14 11:15   --------   d--------   C:\Program Files\dc++
2007-04-12 22:10   --------   d--------   C:\DOCUME~1\user\APPLIC~1\skype
2007-04-07 21:36   --------   d--h-----   C:\Program Files\installshield installation information
2007-04-07 12:40   --------   d--------   C:\Program Files\kaspersky lab
2007-04-06 20:31   --------   d--------   C:\Program Files\electronic arts
2007-04-06 14:44   --------   d--------   C:\Program Files\lavasoft
2007-04-06 14:44   --------   d--------   C:\DOCUME~1\user\APPLIC~1\lavasoft
2007-03-31 17:25   49   --a------   C:\DOCUME~1\user\APPLIC~1\com.codenautics.zombies.txt
2007-03-30 16:57   --------   d--------   C:\Program Files\analog devices
2007-03-26 20:00   --------   d--------   C:\Program Files\daemon tools
2007-03-11 19:38   --------   d--------   C:\Program Files\alwil software
2007-03-06 16:15   98304   --a------   C:\WINDOWS\system32\cmdlineext.dll
2007-03-06 14:52   3750400   --a------   C:\DOCUME~1\user\APPLIC~1\engine.bin
2007-02-24 19:28   --------   d--------   C:\DOCUME~1\user\APPLIC~1\my battle for middle-earth(tm) ii files
2007-02-17 13:25   --------   d--------   C:\Program Files\skype
2007-02-17 13:25   --------   d--------   C:\Program Files\Common Files\skype
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DAEMON Tools"="\"D:\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0\0\0
   Security Packages   REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages   REG_MULTI_SZ      scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-14 11:40:48
C:\ComboFix-quarantined-files.txt ... 07-04-14 11:40


Btw I have a folder named QooBox in disk C after using ComboFix should I delete it?

[mauserme]

Your log looks fine.

And yes, the qoobox folder can be deleted.  That's where ComboFix would have quarantined files if it was needed.

[bug_master]

I also have a file boot.ini.comodofirewall should it be there?

Btw after using ComboFix I tried to use my desktop shortcut to wikipedia.org but I got this: Windows cannot find 'http://wikipedia.org/'. Make sure you typed the name correctly, and then try again. To search for a file, click the start buton, and then click search.

Should I be worried 

[Lisandro]

I also have a file boot.ini.comodofirewall should it be there?

It's a clean file from Comodo. If you delete, you won't harm your system but, if you keep them, no trouble too. It has a backup of your boot configurations.