« previous next »
Pages: 1 2 3 [4]   Go Down

Author Topic: Guys, about this "Adware Softomate".....  (Read 25044 times)

0 Members and 1 Guest are viewing this topic.

reles

  • Guest
Re: Guys, about this "Adware Softomate".....
« Reply #45 on: March 10, 2008, 02:04:24 AM »

Ok, I'll be working on that.

In the meanwhile, Combofix's latest log:

ComboFix 08-03-04.3 - il Dottore 2008-03-10 20:42:14.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.203 [GMT -7:00]
Running from: C:\Documents and Settings\il Dottore\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\il Dottore\Desktop\CFscript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\lvuvc.hs
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lvuvc.hs

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LVUVC


(((((((((((((((((((((((((   Files Created from 2008-02-11 to 2008-03-11  )))))))))))))))))))))))))))))))
.

2008-03-07 18:56 . 2008-03-07 18:56   <DIR>   d--------   C:\Program Files\Trend Micro
2008-03-06 23:27 . 2008-03-10 14:20   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-03-06 23:27 . 2008-03-06 23:27   1,409   --a------   C:\WINDOWS\QTFont.for
2008-03-06 23:24 . 2008-03-06 23:26   <DIR>   d--------   C:\Program Files\iTunes
2008-03-06 23:19 . 2008-03-06 23:21   <DIR>   d--------   C:\Program Files\QuickTime
2008-03-05 20:48 . 2008-02-22 03:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-03-05 20:44 . 2008-03-05 20:45   15,918,488   --a------   C:\jre-6u5-windows-i586-p.exe
2008-02-23 17:55 . 2008-02-23 17:59   <DIR>   d--------   C:\Documents and Settings\il Dottore\Application Data\Sibelius Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 06:25   ---------   d-----w   C:\Program Files\iPod
2008-03-06 03:48   ---------   d-----w   C:\Program Files\Java
2008-02-24 00:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sibelius Software
2008-02-24 00:49   ---------   d-----w   C:\Program Files\Sibelius Software
2008-02-24 00:29   ---------   d-----w   C:\Program Files\Finale 2002
2008-01-30 06:43   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2007-07-27 02:19   604   ---ha-w   C:\Program Files\STLL Notifier
2007-04-01 21:36   258   ----a-w   C:\Program Files\First Theorem.sn2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 04:24 65536]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 20:34 3084288]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-25 00:52 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 21:01 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 19:00 126976]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 16:01 1019904]
"Start RF Wireless Mouse"="C:\Program Files\RF Wireless Mouse\cm20.exe" [2002-01-31 11:59 61440]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-11-20 18:24 26112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-14 14:10 6731312]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\il Dottore\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 12:49:38 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-04-11 08:23:36 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-25 00:52:32 67128]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-07-19 18:53:18 57344]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 14:23:32 51776]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-11-20 17:58:56 155648]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-03 12:29:12 1568768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 02:07]
R4 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-11-04 12:50]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-14 01:04]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 14:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 14:12]
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 10:03]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 18:38]
S3 VVBETHERNET;Efficient Networks Virtual Bus Ethernet driver;C:\WINDOWS\system32\DRIVERS\vvbEthT.sys [2002-05-22 18:26]
S3 VvBusUsb;Efficient Networks USB Virtual Bus driver;C:\WINDOWS\system32\drivers\vvbususb.sys [2002-05-22 18:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 06:09:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 00:26:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 20:52:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-03-10 20:57:42 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-11 03:57:35
ComboFix2.txt  2008-03-11 00:25:52
ComboFix3.txt  2008-03-09 21:26:31
ComboFix4.txt  2008-03-06 03:30:56
ComboFix5.txt  2008-02-21 08:40:32
.
2008-02-14 03:03:40   --- E O F --- 
Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Guys, about this "Adware Softomate".....
« Reply #46 on: March 10, 2008, 04:55:02 AM »
Hi reles , don't worry about the rest. For some reason, the script worked this time, though it failed before. (page 3 reply #33). Go figure.  ???

Anyway, it's gone now, if everything seems ok, we can clean up the tools you used.

* Delete  Registry Search

* Click start button, run, then copy and paste the following line into the box and click ok.

ComboFix /u

* Open HJT, click misc tools button, slide the slider down, click uninstall, you will have to delete hijackthis.exe

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

* Remove old restore points

- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

* If you are using windows firewall, please note that it doesn't provide outbound protection. A third party firewall will.

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0

or

http://forum.avast.com/index.php?topic=33530.0


Now that you have your java installed, you can delete the file from your desktop.

Also you should check your hosts file. There isn't any reason you can not reach the hijackthis download page from the link I provided. Except of course something blocking it and the hosts file is the usual first suspect.

Take care and keep safe.

Logged

reles

  • Guest
Re: Guys, about this "Adware Softomate".....
« Reply #47 on: March 10, 2008, 05:42:33 AM »

Thank you man. I will follow those procedures tomorrow (since it's late now) and I'll let you know if there were any inconveniences.

Glad to know it's gone now. By the way, by "it" we are referring to the Adware Softomate, right?
Logged
Pages: 1 2 3 [4]   Go Up
« previous next »