Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With An Unknown Rootkit


  • This topic is locked This topic is locked
28 replies to this topic

#16 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 18 March 2010 - 08:42 PM

Ok so I did the program removal, adobe update, then the dds scan. Right after i was done with the scan, i tried to save the text files and the screen shuts off, but the machine is still running. Not like the screen is hibernating, but like something is wrong and f-ed up w/my laptop!

So if you wanted to know, my pc is still running slow and glitchy + it's still doing these strange kind of things like shutting off for no reason at all.

Can we fix this as soon as possible, by formatting it and starting from scratch or is there some kind of irreversible damage done to my pc that cannot be fixed?



BC AdBot (Login to Remove)

 


#17 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 18 March 2010 - 08:46 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by imd at 18:33:38.75 on Thu 03/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2419 [GMT -7:00]

AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Google Update] "c:\documents and settings\imd\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Auto EPSON Stylus Photo RX500 on EMPRESS] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2k1.exe /p40 "auto epson stylus photo rx500 on empress" /o34 "\\empress\EPSON Stylus Photo RX500" /M "Stylus Photo RX500"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\imd\applic~1\mozilla\firefox\profiles\0lyv8n1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\imd\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-15 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-15 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-15 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-15 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-15 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-15 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-15 40552]
S2 0093411268647079mcinstcleanup;McAfee Application Installer Cleanup (0093411268647079);c:\docume~1\imd\locals~1\temp\009341~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\imd\locals~1\temp\009341~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-15 34248]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2010-03-16 20:07:37 0 d-sha-r- C:\cmdcons
2010-03-16 20:05:37 98816 ----a-w- c:\windows\sed.exe
2010-03-16 20:05:37 77312 ----a-w- c:\windows\MBR.exe
2010-03-16 20:05:37 261632 ----a-w- c:\windows\PEV.exe
2010-03-16 20:05:37 161792 ----a-w- c:\windows\SWREG.exe
2010-03-15 10:03:27 11911 ----a-w- c:\windows\system32\Config.MPF
2010-03-15 09:58:14 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-15 09:58:14 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-15 09:58:14 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-15 09:58:07 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-15 09:57:24 0 d-----w- c:\program files\common files\McAfee
2010-03-15 09:57:23 0 d-----w- c:\program files\McAfee.com
2010-03-15 09:54:45 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-14 23:52:10 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:24:22 0 d-----w- c:\program files\ESET
2010-03-09 10:03:30 0 ----a-w- c:\documents and settings\imd\defogger_reenable
2010-03-09 09:47:05 376 ----a-w- c:\documents and settings\imd\Application Dataprivacy.xml
2010-03-05 07:04:26 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-03-05 07:04:26 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-03-05 01:30:50 0 d-----w- c:\program files\VirusTotalUploader2
2010-03-05 01:17:26 0 d-----w- C:\Backreg
2010-03-05 01:05:43 0 d-----w- c:\program files\UnHackMe
2010-03-04 23:45:36 68 ----a-w- c:\windows\st_affiliate.ini
2010-03-04 23:40:02 0 ----a-w- c:\documents and settings\imd\REGISTRY DEFENDER
2010-03-01 21:01:31 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-01 21:01:31 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-01 21:01:31 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-01 21:01:30 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2010-03-01 21:01:30 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-01 20:59:54 0 d-----w- c:\program files\coolpro2
2010-03-01 08:01:22 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-01 08:01:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-01 08:01:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-01 08:01:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-25 05:20:11 0 d-sh--w- c:\documents and settings\imd\IECompatCache
2010-02-25 05:18:57 0 d-sh--w- c:\documents and settings\imd\PrivacIE
2010-02-25 01:14:20 9662 ----a-w- c:\windows\EPISME00.SWB
2010-02-22 22:47:08 3833 ----a-w- c:\windows\machine.ver
2010-02-22 11:38:41 0 ----a-w- c:\windows\system32\cid_store.dat
2010-02-22 10:59:33 0 d-----w- c:\docume~1\imd\applic~1\MxBoost
2010-02-22 10:55:50 0 d-----w- c:\program files\Maxthon2
2010-02-22 05:23:59 0 d-sh--w- c:\documents and settings\imd\IETldCache
2010-02-22 04:24:44 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 04:24:16 0 d-----w- c:\windows\ie8updates
2010-02-22 04:23:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 04:23:37 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 04:23:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 04:23:37 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 04:23:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 04:23:37 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-18 22:34:39 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-18 22:34:39 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-02-17 21:30:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2010-02-17 21:30:31 0 d-----w- c:\docume~1\imd\applic~1\Azureus
2010-02-17 11:06:30 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2010-02-17 10:59:56 156910 ----a-w- c:\windows\WMSysPr8.prx
2010-02-17 10:59:55 221215 ----a-w- c:\windows\system32\divxdec.ax
2010-02-17 10:59:52 82944 ----a-w- c:\windows\system32\vct3216.acm
2010-02-17 10:59:52 638976 ----a-w- c:\windows\system32\divx.dll
2010-02-17 10:59:52 53248 ----a-w- c:\windows\system32\xvid.ax
2010-02-17 10:59:52 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-17 10:59:52 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-17 10:59:52 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-02-17 10:59:52 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-17 10:59:51 81920 ----a-w- c:\windows\system32\AC3ACM.acm
2010-02-17 10:59:51 38912 ----a-w- c:\windows\system32\alf2cd.acm
2010-02-17 10:59:51 0 d-----w- c:\program files\AVSMedia
2010-02-17 10:57:04 0 d-----w- c:\program files\common files\AVSMedia
2010-02-17 10:56:30 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-17 10:56:30 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-17 10:56:29 0 d-----w- c:\program files\AVS4YOU

==================== Find3M ====================

2010-02-16 21:24:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 11:26:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-16 11:26:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-15 09:14:10 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll

============= FINISH: 18:34:53.56 ===============


#18 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 19 March 2010 - 03:52 PM

Hello, mrimd.
Did you have Registry Defender installe at some point? I just noticed that in the file list. It is a known rogue.

http://www.mywot.com/en/scorecard/www.registrydefender.com


There's a few other things we can clear.





Step 1

Is it in Add/Remove Programs? If so, please uninstall before continuing, then reboot and move to step 2. If not, please jump to step 2.



Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
SecCenter::
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}
Driver::
0093411268647079mcinstcleanup
File::
c:\windows\st_affiliate.ini
c:\documents and settings\imd\REGISTRY DEFENDER
c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#19 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 19 March 2010 - 06:47 PM

ComboFix 10-03-19.06 - imd 03/19/2010 16:31:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2579 [GMT -7:00]
Running from: c:\documents and settings\imd\Desktop\FXPC\ComboFix.exe
Command switches used :: c:\documents and settings\imd\Desktop\FXPC\CFScript.rtf
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\imd\REGISTRY DEFENDER"
"c:\windows\st_affiliate.ini"
"c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf"
"c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\imd\REGISTRY DEFENDER
c:\windows\st_affiliate.ini
c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0093411268647079MCINSTCLEANUP
-------\Service_0093411268647079mcinstcleanup


((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 01:22 . 2010-03-19 01:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-16 19:58 . 2010-03-16 19:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-03-15 10:02 . 2010-03-15 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-03-15 09:58 . 2009-11-11 18:14 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-15 09:58 . 2009-11-11 18:14 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-15 09:58 . 2009-11-11 18:14 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-15 09:58 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-15 09:57 . 2010-03-15 09:58 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-15 09:57 . 2010-03-15 09:57 -------- d-----w- c:\program files\McAfee.com
2010-03-15 09:54 . 2009-11-11 18:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-14 23:52 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:24 . 2010-03-14 21:24 -------- d-----w- c:\program files\ESET
2010-03-13 22:31 . 2010-03-13 22:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-13 22:24 . 2010-03-13 22:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-10 19:55 . 2006-04-06 03:38 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-03-10 19:53 . 2010-03-10 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-03-09 10:33 . 2010-03-09 10:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-09 09:05 . 2010-03-09 09:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-05 23:58 . 2010-03-05 23:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-05 07:04 . 2008-04-14 08:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-03-05 07:04 . 2008-04-14 08:10 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-03-05 01:30 . 2010-03-15 09:46 -------- d-----w- c:\program files\VirusTotalUploader2
2010-03-05 01:17 . 2010-03-05 01:17 -------- d-----w- C:\Backreg
2010-03-05 01:05 . 2010-03-15 09:46 -------- d-----w- c:\program files\UnHackMe
2010-03-02 01:38 . 2010-03-02 01:38 -------- d-----w- c:\documents and settings\imd\Application Data\AdobeUM
2010-03-01 21:01 . 2010-03-01 21:01 -------- d-----w- c:\documents and settings\imd\Application Data\Syntrillium
2010-03-01 21:01 . 2001-10-19 22:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-01 21:01 . 2001-10-19 22:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-01 21:01 . 2001-10-19 22:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-01 21:01 . 2001-10-19 22:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-01 20:59 . 2010-03-01 21:07 -------- d-----w- c:\program files\coolpro2
2010-03-01 08:01 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-01 08:01 . 2008-04-14 13:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-01 08:01 . 2008-04-14 08:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-01 08:01 . 2008-04-14 08:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-25 05:20 . 2010-02-25 05:20 -------- d-sh--w- c:\documents and settings\imd\IECompatCache
2010-02-25 05:18 . 2010-02-25 05:18 -------- d-sh--w- c:\documents and settings\imd\PrivacIE
2010-02-23 19:55 . 2010-02-23 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-22 11:38 . 2010-02-22 11:38 0 ----a-w- c:\windows\system32\cid_store.dat
2010-02-22 10:59 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\imd\Application Data\MxBoost
2010-02-22 10:55 . 2010-02-22 11:11 -------- d-----w- c:\program files\Maxthon2
2010-02-22 05:23 . 2010-02-22 05:23 -------- d-sh--w- c:\documents and settings\imd\IETldCache
2010-02-22 04:24 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 04:24 . 2010-02-24 11:01 -------- d-----w- c:\windows\ie8updates
2010-02-22 04:23 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 04:23 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 04:23 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 04:23 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 04:23 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 04:23 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-19 06:42 . 2010-02-19 06:42 -------- d-----w- c:\documents and settings\imd\Local Settings\Application Data\PCHealth
2010-02-18 22:34 . 2004-08-10 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-18 22:34 . 2004-08-10 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 01:19 . 2006-02-16 09:28 -------- d-----w- c:\program files\Common Files\Java
2010-03-15 10:03 . 2006-05-13 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-15 10:02 . 2006-05-13 23:44 -------- d-----w- c:\program files\McAfee
2010-03-15 09:53 . 2006-02-16 16:59 36240 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 09:43 . 2010-02-16 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\The Shield Deluxe
2010-03-13 22:29 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-13 22:18 . 2006-05-13 23:30 -------- d-----w- c:\program files\America Online 9.0
2010-03-06 00:12 . 2010-02-16 11:09 -------- d-----w- c:\documents and settings\imd\Application Data\U3
2010-02-17 23:04 . 2010-02-17 21:30 -------- d-----w- c:\documents and settings\imd\Application Data\Azureus
2010-02-17 21:30 . 2010-02-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-02-17 11:06 . 2010-02-17 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-17 11:03 . 2010-02-17 10:57 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-17 10:59 . 2010-02-17 10:59 -------- d-----w- c:\program files\AVSMedia
2010-02-17 10:58 . 2010-02-17 10:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-17 00:24 . 2010-02-17 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-02-16 21:42 . 2010-02-16 21:42 -------- d-----w- c:\documents and settings\imd\Application Data\The Shield Deluxe
2010-02-16 21:42 . 2010-02-16 21:41 -------- d-----w- c:\program files\Common Files\The Shield Deluxe
2010-02-16 21:41 . 2010-02-16 21:41 -------- d-----w- c:\program files\The Shield Deluxe
2010-02-16 21:40 . 2010-02-16 21:40 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-16 21:25 . 2010-02-16 21:25 348160 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\msvcr71.dll
2010-02-16 21:25 . 2010-02-16 21:25 503808 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\msvcp71.dll
2010-02-16 21:25 . 2010-02-16 21:25 499712 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1381c5b9-n\jmc.dll
2010-02-16 21:25 . 2010-02-16 21:25 61440 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-214311f5-n\decora-sse.dll
2010-02-16 21:25 . 2010-02-16 21:25 12800 ----a-w- c:\documents and settings\imd\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-214311f5-n\decora-d3d.dll
2010-02-16 21:24 . 2010-02-16 21:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 21:24 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2010-02-16 20:43 . 2010-02-16 20:43 -------- d-----w- c:\documents and settings\imd\Application Data\Apple Computer
2010-02-16 20:39 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-16 20:33 . 2010-02-16 20:32 -------- d-----w- c:\program files\QuickTime
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\program files\Apple Software Update
2010-02-16 20:32 . 2010-02-16 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-16 20:28 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-02-16 11:57 . 2010-02-16 11:57 -------- d-----w- c:\program files\MSBuild
2010-02-16 11:57 . 2010-02-16 11:57 -------- d-----w- c:\program files\Reference Assemblies
2010-02-16 11:25 . 2010-02-16 11:24 -------- d-----w- c:\program files\Driver Checker
2010-02-16 11:14 . 2010-02-16 11:14 -------- d-----w- c:\program files\EPSON
2010-02-16 11:03 . 2010-02-16 11:03 -------- d-----w- c:\program files\MSXML 4.0
2010-02-16 08:57 . 2010-02-16 08:56 -------- d-----w- c:\program files\MagicDisc
2010-02-16 08:41 . 2010-02-16 08:39 -------- d-----w- c:\program files\Smith Micro
2010-02-16 08:41 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 08:40 . 2010-02-15 09:15 -------- d-----w- c:\documents and settings\imd\Application Data\McAfee.com Personal Firewall
2010-02-16 08:40 . 2010-02-16 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Smith Micro
2010-02-15 23:54 . 2010-02-15 23:54 -------- d-----w- c:\documents and settings\imd\Application Data\Sonic
2010-02-15 12:33 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-15 10:58 . 2010-02-15 10:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2010-02-15 09:15 . 2010-02-15 09:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2010-02-15 09:14 . 2010-02-15 09:14 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-02-15 09:13 . 2010-02-15 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-02-15 09:13 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel
2010-02-15 09:13 . 2010-02-15 09:15 -------- d-----w- c:\documents and settings\imd\Application Data\Intel
2010-02-15 09:13 . 2010-02-15 09:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-02-15 09:13 . 2010-02-15 09:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-02-15 09:04 . 2010-02-15 09:04 -------- d-----w- c:\program files\AVerMedia
2010-02-15 09:04 . 2010-02-15 09:04 -------- d-----w- c:\program files\Common Files\InterVideo
2010-02-15 09:04 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo
2010-01-06 01:04 . 2010-01-06 01:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-15 14:04 916480 ------w- c:\windows\system32\wininet.dll
2009-09-14 06:10 . 2010-02-17 00:26 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-17_08.41.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-19 23:39 . 2010-03-19 23:39 16384 c:\windows\Temp\Perflib_Perfdata_23c.dat
+ 2006-02-15 15:41 . 2010-03-19 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2010-03-16 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-17 09:31 . 2010-03-19 23:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-19 01:23 . 2010-03-19 01:23 3940352 c:\windows\Installer\8b9122b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-15 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Auto EPSON Stylus Photo RX500 on EMPRESS"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-02 99840]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/15/2010 3:02 AM 203280]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005Core.job
- c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 10:54]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-1005UA.job
- c:\documents and settings\imd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-15 10:54]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119506194-70046555-1172815383-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-13 22:23]

2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-15 19:22]

2010-03-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-15 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\imd\Application Data\Mozilla\Firefox\Profiles\0lyv8n1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
c:\program files\McAfee\VirusScan\scriptsn.dll
c:\windows\system32\JScript.dll
c:\windows\system32\VBScript.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\eHome\ehRec.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TDispVol.exe
c:\windows\AGRSMMSG.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-03-19 16:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-19 23:45
ComboFix2.txt 2010-03-17 08:43
ComboFix3.txt 2010-03-16 20:27

Pre-Run: 73,094,402,048 bytes free
Post-Run: 73,149,956,096 bytes free

- - End Of File - - 4CD8D32EEB75AB456DE94D55AB1E53A9


#20 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 20 March 2010 - 06:31 AM

Hello, mrimd.
IT's look better, how is it running for you?



Step 1

The current version of Java is 1.6 update 18. I see you have this installed.

However, I need you to remove an older version you do not need anymore that has known security issues.

Please go to Add/Remove Programs and remove:
J2SE Runtime Environment 5.0 Update 4





Step 2

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#21 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 22 March 2010 - 02:43 PM

I have done all of this and it still has symptoms of an infected pc. Not sure if this was your plan of fixing my laptop or if it's only the beginning, but can we try another solution because it's not getting any better on my end.

#22 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 22 March 2010 - 09:41 PM

what symptoms remain?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#23 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 23 March 2010 - 04:06 AM

Sluggish, glitchy, the usual and I have maxed out th RAM @ 4gb!

#24 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 24 March 2010 - 06:18 PM

Hello, mrimd.
OK, it does not appear to be malware related. Just to be sure, please do the following.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please post the MBAM log and a fresh DDS log.


etavares

Edited by etavares, 24 March 2010 - 06:19 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#25 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 24 March 2010 - 07:00 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/24/2010 4:57:12 PM
mbam-log-2010-03-24 (16-57-12).txt

Scan type: Quick Scan
Objects scanned: 132201
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



_____________________________________





DDS (Ver_09-12-01.01) - NTFSx86
Run by imd at 16:57:54.00 on Wed 03/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2260 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\imd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\imd\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Google Update] "c:\documents and settings\imd\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Auto EPSON Stylus Photo RX500 on EMPRESS] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2k1.exe /p40 "auto epson stylus photo rx500 on empress" /o34 "\\empress\EPSON Stylus Photo RX500" /M "Stylus Photo RX500"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\imd\applic~1\mozilla\firefox\profiles\0lyv8n1i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-15 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-15 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-15 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-15 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-15 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-15 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-15 40552]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-15 606736]

=============== Created Last 30 ================

2010-03-24 23:47:42 0 d-----w- c:\docume~1\imd\applic~1\Malwarebytes
2010-03-24 23:47:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-24 23:47:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 23:47:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 23:47:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 20:07:37 0 d-sha-r- C:\cmdcons
2010-03-16 20:05:37 98816 ----a-w- c:\windows\sed.exe
2010-03-16 20:05:37 77312 ----a-w- c:\windows\MBR.exe
2010-03-16 20:05:37 261632 ----a-w- c:\windows\PEV.exe
2010-03-16 20:05:37 161792 ----a-w- c:\windows\SWREG.exe
2010-03-15 10:03:27 12113 ----a-w- c:\windows\system32\Config.MPF
2010-03-15 09:58:14 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-03-15 09:58:14 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-03-15 09:58:14 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-03-15 09:58:07 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-15 09:57:24 0 d-----w- c:\program files\common files\McAfee
2010-03-15 09:57:23 0 d-----w- c:\program files\McAfee.com
2010-03-15 09:54:45 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-03-14 23:52:10 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-14 21:24:22 0 d-----w- c:\program files\ESET
2010-03-09 10:03:30 0 ----a-w- c:\documents and settings\imd\defogger_reenable
2010-03-09 09:47:05 376 ----a-w- c:\documents and settings\imd\Application Dataprivacy.xml
2010-03-05 07:04:26 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-03-05 07:04:26 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-03-05 01:30:50 0 d-----w- c:\program files\VirusTotalUploader2
2010-03-05 01:17:26 0 d-----w- C:\Backreg
2010-03-05 01:05:43 0 d-----w- c:\program files\UnHackMe
2010-03-01 21:01:31 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-03-01 21:01:31 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-03-01 21:01:31 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-03-01 21:01:30 285184 ----a-w- c:\windows\system32\wmidx2.ocx
2010-03-01 21:01:30 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-03-01 20:59:54 0 d-----w- c:\program files\coolpro2
2010-03-01 08:01:22 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-01 08:01:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-01 08:01:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-01 08:01:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-25 05:20:11 0 d-sh--w- c:\documents and settings\imd\IECompatCache
2010-02-25 05:18:57 0 d-sh--w- c:\documents and settings\imd\PrivacIE
2010-02-25 01:14:20 9662 ----a-w- c:\windows\EPISME00.SWB

==================== Find3M ====================

2010-02-16 21:24:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 09:14:10 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

============= FINISH: 16:58:24.29 ===============

Attached Files



#26 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 25 March 2010 - 07:00 AM

that appears to be a clean log. let's run GMER one last time...I'm thinking it's not malware at this point. Sluggishness can be caused by software or hardware issues as well. If this is clean, we'll clean up and I'll refer you to a better forum on this website for issues with general sluggishness. You can also run StartupLite, I've listed that after the GMER post.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.



You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Edited by etavares, 25 March 2010 - 07:00 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#27 mrimd

mrimd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Diego, Ca
  • Local time:08:46 PM

Posted 27 March 2010 - 01:27 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-26 23:14:57
Windows 5.1.2600 Service Pack 3
Running: jhgphgds.exe; Driver: C:\DOCUME~1\imd\LOCALS~1\Temp\kxrdqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


#28 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 28 March 2010 - 01:20 PM

Hello, mrimd.

The GMER log is clean, so this sluggishness does not appear to be malware related. Unfortunately, that means I'm not the best person to help you anymore. Step 2 below refers you to a forum that is better able to help with non-malware issues.


Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Step 2

Since the remaining issues do not appear to be malware-related, I am going to forward you to a forum better equipped to help you with non-malware issues.

First, please refer to this thread:
Slow Computer/browser? Check Here First; It May Not Be Malware

If you have issues still remaining, our XP forum has advisors that can help.
Windows XP Home and Professional




Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#29 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 02 April 2010 - 07:02 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users