Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirected when clicking links via google.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Gdt1120

Gdt1120

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 20 March 2010 - 06:29 AM

I've been being redirected when clicking links to google, the website that generally comes up is something called nexplore. I tried running MBAM but it wouldn't run, renamed the file to random.exe and ran it, went through fine, removed some viruses, however I'm still being redirected. I have no idea where I got this virus, if that is what it is, but any help in removing the problem would be extremely appreciated.

UPDATED: With a hijack this log since I got 53 views and no help whatsoever. Maybe putting this in will net me some help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:51 PM, on 3/20/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Geo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddawvudrv] rundll32.exe "iifcby.dll",s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [geeecydrv] rundll32.exe "iifcby.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ursqpqdrv] rundll32.exe "iifcby.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ursqpqdrv] rundll32.exe "iifcby.dll",s (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 8450 bytes

Edited by aommaster, 21 March 2010 - 09:30 PM.
Removed Code tags


BC AdBot (Login to Remove)

 


#2 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 21 March 2010 - 04:26 AM

Throwing a bump. I really need some help with this.

#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 21 March 2010 - 09:30 PM

Hello, Gdt1120.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 22 March 2010 - 03:55 AM

Thank you for replying to my thread aommaster. Just tried running RSIT and this happens :
I will now run GMER and then edit this post with the file.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-22 02:15:46
Windows 6.1.7600
Running: eec2g6vj.exe; Driver: C:\Users\Geo\AppData\Local\Temp\pxdorpoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C104
INT 0x61 ? 9291AA58
INT 0x71 ? 9291ACD8
INT 0xB0 ? 9291A558
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E04634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E04898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D1A8

Code \SystemRoot\system32\ntkrnlpa.exe[PAGEVRFY] [83168A2D] pIofCompleteRequest

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x33 0x05 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0xEE 0xDF 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x8B 0x04 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0x33 0x05 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0xEE 0xDF 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDC 0x8B 0x04 0xA6 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Geo\Downloads\Easy GIF Animator 5 Pro [PC ~ ENG] + Crack [Thumper\x2122]\Easy GIF Animator 5 Pro [PC ~ ENG]\egifan5.exe 1

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.log   10.59KB   2 downloads

Edited by aommaster, 22 March 2010 - 12:44 PM.
Editted logs in


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 22 March 2010 - 12:44 PM

Hi!

No problem! For future reference, please copy and paste logs into your reply, as they make it easier for me to read.

Please run a fresh DDS scan, and we can work from there smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 22 March 2010 - 02:10 PM

DDS (Ver_10-03-17.01) - NTFSx86
Run by Geo at 12:07:01.17 on Mon 03/22/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1852 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\Geo\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [geeecydrv] rundll32.exe "iifcby.dll",s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ddawvudrv] rundll32.exe "iifcby.dll",s
dRun: [ursqpqdrv] rundll32.exe "iifcby.dll",s
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 mliige.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\geo\appdata\roaming\mozilla\firefox\profiles\hdyvzkup.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-14 25896]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-5-29 34128]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-2 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-15 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CM1083264TB;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2009-9-5 1290752]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-3-2 13224]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-11-21 33792]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-7-9 17408]
S3 RDMPLocalService;RDM+ Local Service;c:\program files\rdm+\rdmpserv.exe [2009-12-24 801280]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-3-2 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-3-2 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-3-2 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-3-2 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-3-2 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-3-2 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-3-2 109736]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-10-3 1373480]

=============== Created Last 30 ================

2010-03-22 08:52:32 0 d-----w- c:\program files\trend micro
2010-03-15 09:21:43 0 d-----w- c:\program files\PragmaDigm
2010-03-02 07:59:20 0 d-----w- c:\users\geo\appdata\roaming\FMA
2010-03-02 07:59:20 0 d-----w- c:\program files\FMA 2
2010-03-02 07:43:19 0 d-----w- c:\programdata\BVRP Software
2010-03-02 07:13:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-03-02 07:04:32 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-03-02 07:04:29 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-03-02 07:04:29 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-03-02 07:03:58 0 d-----w- c:\program files\Sony Ericsson
2010-02-28 16:05:28 0 d-----w- C:\VundoFix Backups
2010-02-28 11:21:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 11:21:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 11:21:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 10:13:38 0 d-----w- c:\windows\system32\Wat
2010-02-23 21:08:52 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 21:08:51 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-23 21:08:50 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 21:08:49 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 20:58:27 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 12:47:32 73216 ---ha-w- c:\windows\system32\iifcby.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-07 22:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 22:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 22:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 22:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 22:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 22:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-12-30 23:24:58 608256 ----a-w- C:\blackra1n.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-12-05 09:23:37 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-19 04:45:23 13 --sha-r- c:\windows\system32\drivers\fbd.sys
2009-08-19 04:45:20 4 --sha-r- c:\windows\system32\drivers\taishop.sys
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:07:58.26 ===============

Attached Files


Edited by aommaster, 22 March 2010 - 02:46 PM.
Removed Code Tags


#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 22 March 2010 - 02:48 PM

Hello, Gdt1120.
You don't need to use the code tags. Just a copy/paste will do smile.gif

Let's begin!
P2P Program Warning!

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to disable TeaTimer
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Uncheck the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy


NEXT:

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 22 March 2010 - 04:05 PM

ComboFix 10-03-22.02 - Geo 03/22/2010 13:39:41.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.2348 [GMT -7:00]
Running from: c:\users\Geo\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1576855875-1548784221-2766212479-500
c:\$recycle.bin\S-1-5-21-870811854-3856541507-2520668799-500
C:\install.exe
c:\program files\temp
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Connect.dll
c:\windows\system32\OGACheckControl.dll

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 20:53 . 2010-03-22 20:55 -------- d-----w- c:\users\Geo\AppData\Local\temp
2010-03-22 20:53 . 2010-03-22 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 20:53 . 2010-03-22 20:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-03-22 08:52 . 2010-03-22 09:18 -------- d-----w- c:\program files\trend micro
2010-03-22 08:51 . 2010-03-22 08:51 -------- d-----w- C:\rsit
2010-03-15 09:21 . 2010-03-15 09:21 -------- d-----w- c:\program files\PragmaDigm
2010-03-02 07:59 . 2010-03-02 08:40 -------- d-----w- c:\program files\FMA 2
2010-03-02 07:59 . 2010-03-02 08:00 -------- d-----w- c:\users\Geo\AppData\Roaming\FMA
2010-03-02 07:43 . 2010-03-02 07:43 -------- d-----w- c:\programdata\BVRP Software
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys
2010-03-02 07:40 . 2008-10-21 17:22 109736 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2010-03-02 07:40 . 2008-10-21 17:22 26024 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2010-03-02 07:40 . 2008-10-21 17:22 108328 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2010-03-02 07:40 . 2008-10-21 17:22 104616 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2010-03-02 07:40 . 2008-10-21 17:22 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2010-03-02 07:40 . 2008-10-21 17:22 114600 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2010-03-02 07:40 . 2008-10-21 17:22 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2010-03-02 07:40 . 2008-10-21 17:22 86824 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2010-03-02 07:04 . 2010-03-02 07:04 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-03-02 07:04 . 2010-03-02 07:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-03-02 07:04 . 2010-03-02 07:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-03-02 07:03 . 2010-03-14 16:13 -------- d-----w- c:\program files\Sony Ericsson
2010-02-28 16:05 . 2010-02-28 16:05 -------- d-----w- C:\VundoFix Backups
2010-02-28 11:21 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 11:21 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 11:21 . 2010-02-28 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 10:13 . 2010-02-28 10:13 -------- d-----w- c:\windows\system32\Wat
2010-02-28 08:36 . 2010-02-28 08:36 -------- d-----w- c:\users\Geo\AppData\Roaming\U3
2010-02-23 21:08 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 21:08 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 21:08 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 20:58 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 20:58 . 2009-12-11 12:00 -------- d-----w- c:\users\Geo\AppData\Roaming\uTorrent
2010-03-22 08:56 . 2009-11-11 12:28 -------- d-----w- c:\users\Geo\AppData\Roaming\ImageBadger
2010-03-22 08:34 . 2009-08-19 10:12 -------- d-----w- c:\users\Geo\AppData\Roaming\vlc
2010-03-14 17:24 . 2009-09-24 07:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-10 10:01 . 2009-07-14 08:08 -------- d-----w- c:\programdata\Microsoft Help
2010-03-06 03:58 . 2009-12-15 12:05 -------- d-----w- c:\program files\Google
2010-03-05 20:30 . 2009-09-20 07:45 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-03-02 07:40 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-02 07:13 . 2010-03-02 07:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-02-28 09:14 . 2009-09-24 07:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-24 17:16 . 2009-10-02 19:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 23:25 . 2010-02-15 23:25 -------- d-----w- c:\program files\Unlocker
2010-02-13 12:47 . 2010-02-13 12:47 73216 ---ha-w- c:\windows\system32\iifcby.dll
2010-02-07 11:18 . 2009-09-14 22:40 -------- d-----w- c:\users\Geo\AppData\Roaming\IrfanView
2010-02-07 09:08 . 2010-02-07 09:08 -------- d-----w- c:\users\Geo\AppData\Roaming\ImgBurn
2010-02-07 08:42 . 2010-02-07 08:41 -------- d-----w- c:\program files\ImgBurn
2010-02-05 15:48 . 2009-08-19 06:35 -------- d-----w- c:\programdata\Apple Computer
2010-02-05 14:11 . 2010-02-05 14:10 -------- d-----w- c:\program files\RDM+
2010-02-05 12:19 . 2010-02-05 12:19 -------- d-----w- c:\program files\Opanda
2010-02-05 01:16 . 2010-02-05 01:16 -------- d-----w- c:\programdata\Blumentals
2010-02-05 01:15 . 2010-02-05 01:15 -------- d-----w- c:\program files\Easy GIF Animator
2010-02-02 12:05 . 2009-09-24 05:14 -------- d-----w- c:\program files\iTunes
2010-02-02 12:03 . 2010-02-02 12:03 -------- d-----w- c:\program files\iPod
2010-02-02 12:03 . 2009-08-19 06:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 11:55 . 2009-08-19 06:35 -------- d-----w- c:\program files\QuickTime
2010-02-02 11:48 . 2010-02-02 11:48 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-26 14:36 . 2009-08-19 07:59 -------- d-----w- c:\program files\Zune
2010-01-26 13:17 . 2009-08-19 06:27 -------- d-----w- c:\program files\uTorrent
2010-01-26 12:58 . 2010-01-21 09:52 -------- d-----w- c:\program files\Trillian
2010-01-18 23:29 . 2010-02-10 05:44 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 05:44 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 05:44 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 05:44 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 05:44 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 05:44 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 05:44 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 05:44 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 05:26 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 05:26 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-07 22:38 . 2010-01-07 22:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:22 . 2010-01-07 22:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 22:22 . 2010-01-07 22:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 22:22 . 2010-01-07 22:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 22:22 . 2010-01-07 22:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 22:22 . 2010-01-07 22:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 22:22 . 2010-01-07 22:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-01-01 07:38 . 2009-10-22 12:57 123360 ----a-w- c:\users\Geo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 23:24 . 2009-12-30 23:24 608256 ----a-w- C:\blackra1n.exe
2009-12-24 21:41 . 2009-12-24 14:38 256 ----a-w- c:\windows\system32\pool.bin
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-08-19 04:45 . 2009-08-19 04:45 13 --sha-r- c:\windows\System32\drivers\fbd.sys
2009-08-19 04:45 . 2009-08-19 04:45 4 --sha-r- c:\windows\System32\drivers\taishop.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-26 319280]
"geeecydrv"="iifcby.dll" [2010-02-13 73216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-30 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-30 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-30 166936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"ddawvudrv"="iifcby.dll" [2010-02-13 73216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ursqpqdrv"="iifcby.dll" [2010-02-13 73216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 18:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 03:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-07-29 05:13 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-06-02 20:26 505720 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-26 13:17 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 22:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 135664]
R3 CM1083264TB;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2007-01-03 1290752]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-03-02 13224]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-07-09 17408]
R3 RDMPLocalService;RDM+ Local Service;c:\program files\RDM+\rdmpserv.exe [2009-12-25 801280]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-23 3330164]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-07 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-05-29 34128]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-03-02 27632]


--- Other Services/Drivers In Memory ---

*Deregistered* - SCDEmu
.
Contents of the 'Scheduled Tasks' folder

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 12:05]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 12:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
FF - ProfilePath - c:\users\Geo\AppData\Roaming\Mozilla\Firefox\Profiles\hdyvzkup.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
MSConfigStartUp-VX6000 - c:\windows\vVX6000.exe
MSConfigStartUp-Waiting1690 - c:\windows\stid1690.exe
AddRemove-HijackThis - c:\users\Geo\Desktop\HijackThis.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe halmacpi.dll CLASSPNP.SYS disk.sys >>UNKNOWN [0x8D7DCA38]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x855de628
QueryNameProcedure -> 0x855de7b8
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\System32\iifcby.dll

- - - - - - - > 'Explorer.exe'(3628)
c:\windows\System32\iifcby.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-03-22 14:02:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-22 21:02

Pre-Run: 102,603,444,224 bytes free
Post-Run: 102,344,269,824 bytes free

- - End Of File - - 0779D2F24C27F6A0D4315ED8D41C4BD9


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:17 PM, on 3/22/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Geo\Desktop\Geo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddawvudrv] rundll32.exe "iifcby.dll",s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [geeecydrv] rundll32.exe "iifcby.dll",s
O4 - HKUS\S-1-5-18\..\Run: [ursqpqdrv] rundll32.exe "iifcby.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ursqpqdrv] rundll32.exe "iifcby.dll",s (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 7829 bytes


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 22 March 2010 - 04:18 PM

Hello, Gdt1120.
We need to run a Combofix script
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    CODE
    http://www.bleepingcomputer.com/forums/t/303747/being-redirected-when-clicking-links-via-google/

    Collect::
    c:\windows\System32\iifcby.dll

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "geeecydrv"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ddawvudrv"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ursqpqdrv"=-
  4. Save this as CFScript.txt, in the same location as ComboFix.exe
  5. Now, drag and drop CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 22 March 2010 - 05:16 PM

ComboFix 10-03-22.02 - Geo 03/22/2010 14:52:36.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.2389 [GMT -7:00]
Running from: c:\users\Geo\Desktop\ComboFix.exe
Command switches used :: c:\users\Geo\Desktop\CFScript.txt
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\iifcby.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 22:05 . 2010-03-22 22:05 -------- d-----w- c:\users\Geo\AppData\Local\temp
2010-03-22 22:05 . 2010-03-22 22:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-22 22:05 . 2010-03-22 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 22:05 . 2010-03-22 22:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-03-22 08:52 . 2010-03-22 09:18 -------- d-----w- c:\program files\trend micro
2010-03-22 08:51 . 2010-03-22 08:51 -------- d-----w- C:\rsit
2010-03-15 09:21 . 2010-03-15 09:21 -------- d-----w- c:\program files\PragmaDigm
2010-03-02 07:59 . 2010-03-02 08:40 -------- d-----w- c:\program files\FMA 2
2010-03-02 07:59 . 2010-03-02 08:00 -------- d-----w- c:\users\Geo\AppData\Roaming\FMA
2010-03-02 07:43 . 2010-03-02 07:43 -------- d-----w- c:\programdata\BVRP Software
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys
2010-03-02 07:40 . 2008-10-21 17:22 109736 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2010-03-02 07:40 . 2008-10-21 17:22 26024 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2010-03-02 07:40 . 2008-10-21 17:22 108328 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2010-03-02 07:40 . 2008-10-21 17:22 104616 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2010-03-02 07:40 . 2008-10-21 17:22 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2010-03-02 07:40 . 2008-10-21 17:22 114600 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2010-03-02 07:40 . 2008-10-21 17:22 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2010-03-02 07:40 . 2008-10-21 17:22 86824 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2010-03-02 07:40 . 2008-10-21 17:22 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2010-03-02 07:04 . 2010-03-02 07:04 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-03-02 07:04 . 2010-03-02 07:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-03-02 07:04 . 2010-03-02 07:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-03-02 07:03 . 2010-03-14 16:13 -------- d-----w- c:\program files\Sony Ericsson
2010-02-28 16:05 . 2010-02-28 16:05 -------- d-----w- C:\VundoFix Backups
2010-02-28 11:21 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 11:21 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 11:21 . 2010-02-28 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 10:13 . 2010-02-28 10:13 -------- d-----w- c:\windows\system32\Wat
2010-02-28 08:36 . 2010-02-28 08:36 -------- d-----w- c:\users\Geo\AppData\Roaming\U3
2010-02-23 21:08 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-23 21:08 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-23 21:08 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-23 20:58 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 21:04 . 2009-12-11 12:00 -------- d-----w- c:\users\Geo\AppData\Roaming\uTorrent
2010-03-22 08:56 . 2009-11-11 12:28 -------- d-----w- c:\users\Geo\AppData\Roaming\ImageBadger
2010-03-22 08:34 . 2009-08-19 10:12 -------- d-----w- c:\users\Geo\AppData\Roaming\vlc
2010-03-14 17:24 . 2009-09-24 07:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-10 10:01 . 2009-07-14 08:08 -------- d-----w- c:\programdata\Microsoft Help
2010-03-06 03:58 . 2009-12-15 12:05 -------- d-----w- c:\program files\Google
2010-03-05 20:30 . 2009-09-20 07:45 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-03-02 07:40 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-02 07:13 . 2010-03-02 07:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-02-28 09:14 . 2009-09-24 07:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-24 17:16 . 2009-10-02 19:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 23:25 . 2010-02-15 23:25 -------- d-----w- c:\program files\Unlocker
2010-02-07 11:18 . 2009-09-14 22:40 -------- d-----w- c:\users\Geo\AppData\Roaming\IrfanView
2010-02-07 09:08 . 2010-02-07 09:08 -------- d-----w- c:\users\Geo\AppData\Roaming\ImgBurn
2010-02-07 08:42 . 2010-02-07 08:41 -------- d-----w- c:\program files\ImgBurn
2010-02-05 15:48 . 2009-08-19 06:35 -------- d-----w- c:\programdata\Apple Computer
2010-02-05 14:11 . 2010-02-05 14:10 -------- d-----w- c:\program files\RDM+
2010-02-05 12:19 . 2010-02-05 12:19 -------- d-----w- c:\program files\Opanda
2010-02-05 01:16 . 2010-02-05 01:16 -------- d-----w- c:\programdata\Blumentals
2010-02-05 01:15 . 2010-02-05 01:15 -------- d-----w- c:\program files\Easy GIF Animator
2010-02-02 12:05 . 2009-09-24 05:14 -------- d-----w- c:\program files\iTunes
2010-02-02 12:03 . 2010-02-02 12:03 -------- d-----w- c:\program files\iPod
2010-02-02 12:03 . 2009-08-19 06:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 11:55 . 2009-08-19 06:35 -------- d-----w- c:\program files\QuickTime
2010-02-02 11:48 . 2010-02-02 11:48 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-26 14:36 . 2009-08-19 07:59 -------- d-----w- c:\program files\Zune
2010-01-26 13:17 . 2009-08-19 06:27 -------- d-----w- c:\program files\uTorrent
2010-01-26 12:58 . 2010-01-21 09:52 -------- d-----w- c:\program files\Trillian
2010-01-18 23:29 . 2010-02-10 05:44 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 05:44 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 05:44 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 05:44 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 05:44 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 05:44 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 05:44 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 05:44 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 05:26 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 05:26 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-07 22:38 . 2010-01-07 22:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:22 . 2010-01-07 22:22 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 22:22 . 2010-01-07 22:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 22:22 . 2010-01-07 22:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 22:22 . 2010-01-07 22:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 22:22 . 2010-01-07 22:22 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 22:22 . 2010-01-07 22:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-01-01 07:38 . 2009-10-22 12:57 123360 ----a-w- c:\users\Geo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-30 23:24 . 2009-12-30 23:24 608256 ----a-w- C:\blackra1n.exe
2009-12-24 21:41 . 2009-12-24 14:38 256 ----a-w- c:\windows\system32\pool.bin
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-08-19 04:45 . 2009-08-19 04:45 13 --sha-r- c:\windows\System32\drivers\fbd.sys
2009-08-19 04:45 . 2009-08-19 04:45 4 --sha-r- c:\windows\System32\drivers\taishop.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-26 319280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-30 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-30 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-30 166936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 18:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 03:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-07-29 05:13 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-06-02 20:26 505720 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-26 13:17 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 22:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-07 691696]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 135664]
R3 CM1083264TB;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2007-01-03 1290752]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-03-02 13224]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-07-09 17408]
R3 RDMPLocalService;RDM+ Local Service;c:\program files\RDM+\rdmpserv.exe [2009-12-25 801280]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-23 3330164]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-05-29 34128]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-03-02 27632]


--- Other Services/Drivers In Memory ---

*Deregistered* - SCDEmu
.
Contents of the 'Scheduled Tasks' folder

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 12:05]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 12:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
FF - ProfilePath - c:\users\Geo\AppData\Roaming\Mozilla\Firefox\Profiles\hdyvzkup.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-22 15:10:12
ComboFix-quarantined-files.txt 2010-03-22 22:10
ComboFix2.txt 2010-03-22 21:03

Pre-Run: 102,398,836,736 bytes free
Post-Run: 102,343,798,784 bytes free

- - End Of File - - 05DAEEE42A0A4D5C9B4333B5F6AB01C4


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:45 PM, on 3/22/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Geo\Desktop\Geo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 6648 bytes


#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 22 March 2010 - 08:13 PM

Hello, Gdt1120.
Looks good! How's your computer doing? Are you experiencing any problems?

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 18 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the Export to button, Post the contents of the ActiveScan report

In your next reply, please include the following:
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 23 March 2010 - 05:07 PM

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-23 13:55:38
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 Antivirus 4.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
03251688 Generic Trojan Virus/Trojan No 0 Yes No c:\program files\evolution tools\evooptions.exe
03251688 Generic Trojan Virus/Trojan No 0 No No c:\users\geo\desktop\desktop icons\cyclods\evotools-1.0-beta2\setupevotools 1.0 beta2.exe[evooptions.exe]
06088035 HackTool/Cain HackTools No 0 Yes No c:\program files\cain\cain.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


#13 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 23 March 2010 - 08:05 PM

Hi!

Are you familiar with any of the programs the ActiveScan found? Also, are you having any other issues with your PC?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#14 Gdt1120

Gdt1120
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 24 March 2010 - 04:25 AM

I'm familiar with all the programs. I can delete the evotools as i doubt I'm ever going to use them, and cain and abel is a program used to monitor network activity. I don't think there is anything else that I"m having problems with at the moment. I couldn't find out where to turn on javascript update however, I'm using windows 7. Do you think you could point me in the right direction then close this thread?

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:08:59 PM

Posted 24 March 2010 - 12:42 PM

Hello, Gdt1120.
That feature is only available with XP and below, so unfortunately, you'll have to check manually on the java webpage to see if they have updated or not. Generally, the updates come out once every few months, but that is variable.

Since everything appears fine, let's clean up smile.gif
We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".

NEXT:

We need to enable TeaTimer
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Check the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  4. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  5. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users