Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Spigot, Inc

blacksea

By blacksea
in Spyware-Malware Removal Help!

Recommended Posts

blacksea Newbie

blacksea

Posted
  • Author
Posted

CF-Submit.htm

 

Next to the combofix log an other thing has been saved a 'Chromuim HTML document'

 

- - ComboFix - - -

 

 

 

Stuur bestand naar Bleeping Computer voor onderzoek.

 

 

 

Kopiëer/plak het onderstaand bestandspad in het venster hierboven en klik op Zenden [send].

 

File path ---> C:\Qoobox\Quarantine\[4]-Submit_2010-12-30_00.57.20.zip

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \??\C:\commy31738c\catchme.sys

Service Name: catchme

Module Base: F7797000

Module End: F779F000

Hidden: Yes

 

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Service Name: ---

Module Base: F79A3000

Module End: F79A5000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwAddBootEntry

Address: AE597CAE

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwClose

Address: AE5B49A5

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateEvent

Address: AE599B34

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateEventPair

Address: AE599B8C

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateIoCompletion

Address: AE599CA2

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateKey

Address: AE5B4359

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateMutant

Address: AE599A8A

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateSection

Address: AE599BDC

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateSemaphore

Address: AE599ADE

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwCreateTimer

Address: AE599C50

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwDeleteBootEntry

Address: AE597CD2

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwDeleteKey

Address: AE5B506B

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwDeleteValueKey

Address: AE5B5321

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwDuplicateObject

Address: AE59A3D4

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwEnumerateKey

Address: AE5B4ED6

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwEnumerateValueKey

Address: AE5B4D41

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwLoadDriver

Address: AE597ADA

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwModifyBootEntry

Address: AE597CF6

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwNotifyChangeKey

Address: AE59A548

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwNotifyChangeMultipleKeys

Address: AE5987F8

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenEvent

Address: AE599B64

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenEventPair

Address: AE599BB4

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenIoCompletion

Address: AE599CCC

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenKey

Address: AE5B46B5

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenMutant

Address: AE599AB6

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenProcess

Address: AE59A20C

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenSection

Address: AE599C1C

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenSemaphore

Address: AE599B0C

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenThread

Address: AE59A2F0

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwOpenTimer

Address: AE599C7A

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwQueryKey

Address: AE5B4BBC

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwQueryObject

Address: AE5986BE

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwQueryValueKey

Address: AE5B4A0E

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwRenameKey

Address: AE5E822E

Driver Base: AE5DF000

Driver End: AE606000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

 

Function Name: ZwReplyWaitReceivePort

Address: AE59A57E

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwReplyWaitReceivePortEx

Address: AE59A142

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwRestoreKey

Address: AE5B39CC

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetBootEntryOrder

Address: AE597D1A

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetBootOptions

Address: AE597D3E

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetSystemInformation

Address: AE597B34

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSetValueKey

Address: AE5B5172

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwShutdownSystem

Address: AE597C44

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

Function Name: ZwSystemDebugControl

Address: AE597C56

Driver Base: AE586000

Driver End: AE5DF000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

 

******************************************************************************************

******************************************************************************************

Kernel Hooks:

Hooked Function: ZwCreateProcessEx

At Address: 805D1164

Jump To: AE5F4BB2

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

 

Hooked Function: ZwClose

At Address: 805BC52E

Jump To: AE5F05D4

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

 

Hooked Function: PsCreateSystemThread

At Address: 805D1164

Jump To: AE5F4BB2

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

 

Hooked Function: ObMakeTemporaryObject

At Address: 805BC52E

Jump To: AE5F05D4

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

 

Hooked Function: ObInsertObject

At Address: 805C2FB2

Jump To: AE5F1FFA

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

 

Hooked Function: ObCloseHandle

At Address: 805BC52E

Jump To: AE5F05D4

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Documents and Settings\Cengii\Mijn documenten\DVDVideoSoft\FreeYouTubeToMP3Converter\Yetenek Sizsiniz Türkiye - Türkçe Rap 2011 (25 Aralik 2010) Gaziantep.mp3

Status: Hidden

 

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
Next to the combofix log an other thing has been saved a 'Chromuim HTML document'

 

- - ComboFix - - -

 

Stuur bestand naar Bleeping Computer voor onderzoek.

 

Kopiëer/plak het onderstaand bestandspad in het venster hierboven en klik op Zenden [send].

 

File path ---> C:\Qoobox\Quarantine\[4]-Submit_2010-12-30_00.57.20.zip

I'm sorry. I don't understand this.

 

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

What I meant was, is that Combofix said that he would created an other log also, because of something that had to do with my internet. So when I click on the other log that combofix also made; it said

 

 

- - ComboFix - - -

 

Send file to Bleeping Computer Research.

 

Copy / paste the following file path in the box above and click Send [send].

 

Filepath ---> C: \ Qoobox \ Quarantine \ [4] Submit_2010-12-30_00.57.20.zip

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

C:\System Volume Information\_restore{674759FB-FF47-45CB-82B9-00504A364745}\RP24\A0033899.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined

C:\System Volume Information\_restore{674759FB-FF47-45CB-82B9-00504A364745}\RP27\A0035367.exe a variant of Win32/HotSpotShield application deleted - quarantined

Link to comment
Share on other sites
blacksea Newbie

blacksea

Posted
  • Author
Posted

Hi superdave,

 

Well my computer did not had any symptoms of spyware or virus, so I did not experience a big change. I do thank you for cleaning my machine. Well what did have changed is that IE8 does not freeze anymore. What I am actually still experiencing is that I am still having the same problem with the download map of chrome/dragon that it freezes and that I have to wait a min or 2. And that my machine is still not shutting down normally. Once again thank you very much!

 

Blacksea

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

We should do some cleanup. I don't believe the problems you are having are related to infections.

 

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt

 

**************************************

To turn off Windows XP System Restore:

 

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

 

1. Click Start.

2. Right-click the My Computer icon, and then click Properties.

3. Click the System Restore tab.

4. Check "Turn off System Restore" or "Turn off System Restore on all drives"

5. Click Apply.

6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.

7. Click OK.

8. Restart the computer and follow the instructions in the next section to turn on System Restore.

 

To turn on Windows XP System Restore:

 

1. Click Start.

2. Right-click My Computer, and then click Properties.

3. Click the System Restore tab.

4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."

5. Click Apply, and then click OK.

******************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*********************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
When I want to remove QooBox I get this error;

 

Can not delete folder BackEnv. Access is denied.

 

Make sure if the disk is full or writing Secured or that the file is currently in use.

 

Yes. That's a normal error. Just empty the folder of everything that you can and leave it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...