Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS Log Help - "Bad Image" trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 govols21

govols21

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 24 February 2009 - 12:54 PM

Hello,
I am having trouble with some type of trojan/malware that is slowing my processing speed. My computer seems to constantly by processing info even at idle. I am not sure what files to remove, so I have attached the DDS logs. Thank you for your time and any help you can provide.
Best Regards!


DDS (Ver_09-02-01.01) - NTFSx86
Run by Bert at 12:39:50.03 on Tue 02/24/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.418 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bert\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2450159d-79bd-4aa2-ad36-a89467e2d9ca} - c:\windows\system32\bogiviza.dll
BHO: {5262d2be-111e-41d7-8095-3d82c7126072} - c:\windows\system32\vtUOiJcb.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: MCIEPlugIn Class: {c09c9904-fd44-11d6-a711-00105ac8f168} - c:\progra~1\metama~1\metama~1\IEPlugIn.dll
BHO: {df5d5c66-6b9d-4b50-997f-700a3b444232} - No File
BHO: {501597b4-1e0d-313a-83b4-f146d0c8282f}: {f2828c0d-641f-4b38-a313-d0e14b795105} - c:\windows\system32\mbuhpn.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Antispyware] c:\program files\antispyware\Antispyware.exe -boot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TOSHIBA Accessibility] c:\program files\toshiba\accessibility\FnKeyHook.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [BearShare] "c:\program files\bearshare\BearShare.exe" /pause
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [AS00_Gear511] c:\program files\netgear\wg511scu\utility\Gear511.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [jiziyonube] Rundll32.exe "c:\windows\system32\dinibafi.dll",s
mRun: [b4bda793] rundll32.exe "c:\windows\system32\deporare.dll",b
mRun: [CPMb78e940f] Rundll32.exe "c:\windows\system32\robejaku.dll",a
StartupFolder: c:\docume~1\bert\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software\Microsoft
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software\Microsoft\Internet Explorer
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software\Microsoft\Internet Explorer\Main
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/current/FileOpen.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {84F3E3B8-99FD-433A-8927-F0F1CF380EA5} = 192.168.0.2 192.168.11.2 192.168.0.2 192.168.0.5
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\windows\system32\zokulabo.dll c:\windows\system32\kihugali.dll c:\windows\system32\zayitala.dll c:\windows\system32\vihegawu.dll c:\windows\system32\robejaku.dll
SEH: MCOEShellHook Class: {b9e618a2-a4fe-11d4-83c2-005004636c96} - c:\program files\metamail inc\metamail reader\OESHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUOiJcb
LSA: Notification Packages = scecli c:\windows\system32\kihugali.dll c:\windows\system32\hedukage.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bert\applic~1\mozilla\firefox\profiles\2lt8v07s.default\
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-26 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-3-26 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-5-23 122880]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-1-20 16194]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-5-23 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-5-23 23296]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASENUM;SASENUM; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\Aspi32.sys [2007-5-20 16512]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-5-23 245760]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2008-1-20 449888]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-3-4 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-3-4 44928]
S3 USB_NDISXP;RCA USB Digital Cable Modem Driver;c:\windows\system32\drivers\NetRcaCmXP.sys [2008-8-25 14336]

=============== Created Last 30 ================

2009-02-24 10:30 1,608,273 ---sh--- c:\windows\system32\eraroped.ini
2009-02-24 10:25 143,360 a--sh--- c:\windows\system32\oyjiyr.dll
2009-02-23 09:54 176,235 a------- c:\windows\system32\Primomonnt.dll
2009-02-23 09:54 <DIR> --d----- c:\windows\PrimoPDF4
2009-02-23 09:08 1,608,251 ---sh--- c:\windows\system32\azivubeb.ini
2009-02-23 09:03 143,360 a--sh--- c:\windows\system32\rvifkf.dll
2009-02-23 09:00 108,544 a------- c:\windows\system32\vihegawu.dll
2009-02-22 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-22 10:49 1,608,251 ---sh--- c:\windows\system32\iyebemer.ini
2009-02-22 10:49 144,896 a--sh--- c:\windows\system32\iudxxz.dll
2009-02-21 22:48 1,608,264 ---sh--- c:\windows\system32\ojimuyuv.ini
2009-02-21 22:48 145,408 a--sh--- c:\windows\system32\zkgwiy.dll
2009-02-21 10:54 1,608,251 ---sh--- c:\windows\system32\uveporik.ini
2009-02-21 10:48 143,360 a--sh--- c:\windows\system32\ohzrad.dll
2009-02-20 17:19 <DIR> --d----- C:\!KillBox
2009-02-20 16:57 <DIR> --d----- c:\program files\Trend Micro
2009-02-19 23:28 22,236 a------- c:\windows\system32\AAWService_2009_02_19_23_28_57.dmp
2009-02-19 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-19 22:07 <DIR> --d----- c:\docume~1\bert\applic~1\Antispyware
2009-02-19 10:05 0 a------- c:\windows\TPTray.INI
2009-02-18 22:23 22,236 a------- c:\windows\system32\AAWService_2009_02_18_22_23_52.dmp
2009-02-18 20:50 22,236 a------- c:\windows\system32\AAWService_2009_02_18_20_50_45.dmp
2009-02-18 20:15 143,360 a--sh--- c:\windows\system32\ptkhqb.dll
2009-02-05 13:51 <DIR> --d----- c:\program files\common files\ODBC
2009-02-04 08:11 <DIR> --d----- c:\program files\Network Associates
2009-02-03 20:33 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-02-03 20:33 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-02-03 20:33 <DIR> --d----- c:\program files\McAfee
2009-02-03 20:33 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-02-03 20:33 <DIR> --d----- c:\program files\AVDistribution
2009-02-02 12:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0

==================== Find3M ====================

2009-02-24 10:25 107,520 a--sh--- c:\windows\system32\robejaku.dll
2009-02-24 10:25 143,360 a--sh--- c:\windows\system32\ritujute.dll
2009-02-24 10:25 103,936 a--sh--- c:\windows\system32\deporare.dll
2009-02-23 09:03 143,360 a--sh--- c:\windows\system32\nogayeda.dll
2009-02-23 09:03 103,936 a--sh--- c:\windows\system32\bebuviza.dll
2009-02-22 10:49 102,912 a--sh--- c:\windows\system32\remebeyi.dll
2009-02-21 22:48 109,056 a--sh--- c:\windows\system32\jipanidi.dll
2009-02-21 22:48 145,408 a--sh--- c:\windows\system32\razifazi.dll
2009-02-21 22:48 104,448 -------- c:\windows\system32\vuyumijo.dll
2009-02-21 10:48 108,032 a--sh--- c:\windows\system32\zumunope.dll
2009-02-21 10:48 143,360 a--sh--- c:\windows\system32\hahohetu.dll
2009-02-21 10:48 103,424 -------- c:\windows\system32\kiropevu.dll
2009-02-18 20:15 143,360 a--sh--- c:\windows\system32\lodayija.dll
2008-04-19 09:04 87,608 a------- c:\docume~1\bert\applic~1\inst.exe
2008-04-19 09:04 47,360 a------- c:\docume~1\bert\applic~1\pcouffin.sys
2007-10-04 12:59 1,004 a------- c:\docume~1\bert\applic~1\wklnhst.dat
2005-10-17 16:49 3,926,928 a------- c:\program files\PokerStarsInstall.exe
1997-05-16 07:52 32,528 a------- c:\documents and settings\bert\OLEPRO32.DLL
1997-05-16 07:52 271,632 a------- c:\documents and settings\bert\MSVCRT.DLL
1997-05-16 07:52 939,792 a------- c:\documents and settings\bert\MFC42U.DLL
1997-05-16 07:52 941,840 a------- c:\documents and settings\bert\MFC42.DLL
1997-05-16 07:52 330,512 a------- c:\documents and settings\bert\MSPAINT.EXE
0000-00-00 00:00 0 a--sh--- c:\windows\system32\butabefu.dll
0000-00-00 00:00 71,680 a--sh--- c:\windows\system32\fetutupi.dll

============= FINISH: 12:43:02.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 govols21

govols21
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 28 February 2009 - 11:53 PM

Title was: dinibafi.dll trojan, Cannot remove "jiziyonube" registry trojan ~ OB

Hello,

I am having trouble with a dinibafi.dll error popping up every time I start my computer. I have run Malwarebytes, but it is not able to delete the jiziyonube registry trojan. I would greatly appreciate any help on how to permanently delete it. Thank you for your time and help.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Bert at 23:43:27.15 on Sat 02/28/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.551 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bert\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;BERTSPC;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2450159d-79bd-4aa2-ad36-a89467e2d9ca} - c:\windows\system32\bogiviza.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: MCIEPlugIn Class: {c09c9904-fd44-11d6-a711-00105ac8f168} - c:\progra~1\metama~1\metama~1\IEPlugIn.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TOSHIBA Accessibility] c:\program files\toshiba\accessibility\FnKeyHook.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [AS00_Gear511] c:\program files\netgear\wg511scu\utility\Gear511.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [jiziyonube] Rundll32.exe "c:\windows\system32\dinibafi.dll",s
StartupFolder: c:\docume~1\bert\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software\Microsoft
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software\Microsoft\Internet Explorer
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\Software\Microsoft\Internet Explorer\Main
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/current/FileOpen.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\windows\system32\kihugali.dll vmhsmn.dll
SEH: MCOEShellHook Class: {b9e618a2-a4fe-11d4-83c2-005004636c96} - c:\program files\metamail inc\metamail reader\OESHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUOiJcb
LSA: Notification Packages = scecli c:\windows\system32\kihugali.dll c:\windows\system32\hedukage.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bert\applic~1\mozilla\firefox\profiles\2lt8v07s.default\
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-26 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-3-26 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-5-23 122880]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-1-20 16194]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-5-23 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-5-23 23296]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\Aspi32.sys [2007-5-20 16512]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-5-23 245760]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [2008-1-20 449888]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-3-4 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-3-4 44928]
S3 USB_NDISXP;RCA USB Digital Cable Modem Driver;c:\windows\system32\drivers\NetRcaCmXP.sys [2008-8-25 14336]

=============== Created Last 30 ================

2009-02-25 11:02 <DIR> --d----- c:\docume~1\bert\applic~1\Malwarebytes
2009-02-25 11:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 11:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 11:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 11:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 10:28 144,384 a--sh--- c:\windows\system32\zsqwxg.dll
2009-02-24 22:27 145,408 a--sh--- c:\windows\system32\mfwvsi.dll
2009-02-24 10:25 143,360 a--sh--- c:\windows\system32\oyjiyr.dll
2009-02-23 09:54 176,235 a------- c:\windows\system32\Primomonnt.dll
2009-02-23 09:54 <DIR> --d----- c:\windows\PrimoPDF4
2009-02-23 09:03 143,360 a--sh--- c:\windows\system32\rvifkf.dll
2009-02-22 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-22 10:49 144,896 a--sh--- c:\windows\system32\iudxxz.dll
2009-02-21 22:48 145,408 a--sh--- c:\windows\system32\zkgwiy.dll
2009-02-21 10:48 143,360 a--sh--- c:\windows\system32\ohzrad.dll
2009-02-20 16:57 <DIR> --d----- c:\program files\Trend Micro
2009-02-19 23:28 22,236 a------- c:\windows\system32\AAWService_2009_02_19_23_28_57.dmp
2009-02-19 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-19 22:07 <DIR> --d----- c:\docume~1\bert\applic~1\Antispyware
2009-02-19 10:05 0 a------- c:\windows\TPTray.INI
2009-02-18 22:23 22,236 a------- c:\windows\system32\AAWService_2009_02_18_22_23_52.dmp
2009-02-18 20:50 22,236 a------- c:\windows\system32\AAWService_2009_02_18_20_50_45.dmp
2009-02-18 20:15 143,360 a--sh--- c:\windows\system32\ptkhqb.dll
2009-02-05 13:51 <DIR> --d----- c:\program files\common files\ODBC
2009-02-04 08:11 <DIR> --d----- c:\program files\Network Associates
2009-02-03 20:33 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-02-03 20:33 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-02-03 20:33 <DIR> --d----- c:\program files\McAfee
2009-02-03 20:33 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-02-03 20:33 <DIR> --d----- c:\program files\AVDistribution
2009-02-02 12:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0

==================== Find3M ====================

2009-02-25 10:28 144,384 a--sh--- c:\windows\system32\visoziyo.dll
2009-02-24 22:27 145,408 a--sh--- c:\windows\system32\fegufula.dll
2009-02-24 10:25 143,360 a--sh--- c:\windows\system32\ritujute.dll
2009-02-23 09:03 143,360 a--sh--- c:\windows\system32\nogayeda.dll
2009-02-21 22:48 109,056 a--sh--- c:\windows\system32\jipanidi.dll
2009-02-21 22:48 145,408 a--sh--- c:\windows\system32\razifazi.dll
2009-02-21 10:48 108,032 a--sh--- c:\windows\system32\zumunope.dll
2009-02-21 10:48 143,360 a--sh--- c:\windows\system32\hahohetu.dll
2009-02-18 20:15 143,360 a--sh--- c:\windows\system32\lodayija.dll
2008-04-19 09:04 87,608 a------- c:\docume~1\bert\applic~1\inst.exe
2008-04-19 09:04 47,360 a------- c:\docume~1\bert\applic~1\pcouffin.sys
2007-10-04 12:59 1,004 a------- c:\docume~1\bert\applic~1\wklnhst.dat
2005-10-17 16:49 3,926,928 a------- c:\program files\PokerStarsInstall.exe
1997-05-16 07:52 32,528 a------- c:\documents and settings\bert\OLEPRO32.DLL
1997-05-16 07:52 271,632 a------- c:\documents and settings\bert\MSVCRT.DLL
1997-05-16 07:52 939,792 a------- c:\documents and settings\bert\MFC42U.DLL
1997-05-16 07:52 941,840 a------- c:\documents and settings\bert\MFC42.DLL
1997-05-16 07:52 330,512 a------- c:\documents and settings\bert\MSPAINT.EXE
0000-00-00 00:00 0 a--sh--- c:\windows\system32\butabefu.dll
0000-00-00 00:00 71,680 a--sh--- c:\windows\system32\fetutupi.dll

============= FINISH: 23:44:55.75 ===============

Attached Files


Edited by Orange Blossom, 01 March 2009 - 01:32 AM.
Merged topics. ~ OB


#3 govols21

govols21
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 09 March 2009 - 10:20 AM

Hello All,

Please delete this post. I was able to fix my problem using Malwarebytes, HJT, ComboFix, and SDfix from another post in your forum. Thanks for making all of these tools free to use!

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:22 AM

Posted 09 March 2009 - 08:16 PM

Thanks for informing us what you have done.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users