Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Photo

After a MalwareBytes scan

Started by Mewface , Dec 02 2010 05:58 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 Mewface

Mewface

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:07:32 PM

Posted 02 December 2010 - 05:58 AM

I suspect Malwarebytes couldn't remove everything, so I'm turning to you for assistance... I have no immediately visible problems now, but there was a lot of junk there before that seemed to come from nowhere, so.

Thanks for helping, you do amazing work

DDS log


DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Peter McCallum at 21:50:18.67 on Thu 02/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3824.2043 [GMT 11:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Toshiba\TNROTATE\TNROTATE.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\prevhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\Peter McCallum\Desktop\mewface.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Peter McCallum\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://entertainment.timesonline.co.uk/tol/arts_and_entertainment/the_tls/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
uInternet Settings,ProxyOverride = *.local
BHO: TFPUPWDBankBHO Class: {030ac7b6-e7ec-40f1-8fb2-c0fd344de0b9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LvRYPiejlqW] C:\Users\PETERM~1\AppData\Local\Temp\drweb.exe
uRun: [LvhRcqZkfgnsc] C:\Users\Peter McCallum\AppData\Local\Temp\drweb.exe
uRun: [LvRYPiejlbS] C:\Users\PETERM~1\AppData\Local\Temp\fy2r2w.exe
uRun: [LvhRcqZkfgnTg] C:\Users\Peter McCallum\AppData\Local\Temp\fy2r2w.exe
uRun: [LvRYPiejl/1yERM~1\AppData\Local\Temp\3692875490.exe] C:\Users\PETERM~1\AppData\Local\Temp\3692875490.exe
uRunOnce: [*propfilebase.exe] "C:\Users\Peter McCallum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\propfilebase.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\fun for all\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\Peter McCallum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\propfilebase.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {081F7847-637D-49AD-8048-054F891FEC39} = 61.9.194.49,61.9.195.193
TCP: 0554455425D4343414C4C455D4C445F5E4564777F627B6 = 61.9.194.49,61.9.195.193
TCP: 46C696E6B6 = 61.9.194.49,61.9.195.193
TCP: D4363416C6C657D6F5E4564777F627B6 = 61.9.194.49,61.9.195.193
TCP: D4363616C6C657D6F5E6564777F627B6 = 61.9.194.49,61.9.195.193
TCP: E4544574541425 = 61.9.194.49,61.9.195.193
TCP: {7758A87D-E2BA-49C3-95BF-8E4D5E66F4FA} = 61.9.194.49,61.9.195.193
Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
mRun-x64: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

================= FIREFOX ===================

FF - ProfilePath - C:\Users\PETERM~1\AppData\Roaming\Mozilla\Firefox\Profiles\okoqfacy.default\
FF - component: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin\components\TFPUPWDBankEx.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Automatic password input in Fx: {C1CA7765-44E4-452e-9D00-A04F3D434281} - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin
FF - Extension: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Extension: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF - Extension: XULRunner: {404A4E56-7E96-4B17-8AAB-F032CE21BD85} - C:\Users\Peter McCallum\AppData\Local\{404A4E56-7E96-4B17-8AAB-F032CE21BD85}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1108000.005\symds64.sys [2010-9-22 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1108000.005\symefa64.sys [2010-9-22 221232]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-30 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-30 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-4-6 482384]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [2010-9-1 954928]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1108000.005\cchpx64.sys [2010-9-22 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100924.001\IDSviA64.sys [2010-9-25 463408]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1108000.005\ironx64.sys [2010-9-22 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1108000.005\symtdiv.sys [2010-9-22 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-11-14 2723576]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-6 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2010-9-22 126392]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-4-6 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-4-6 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-4-6 55808]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-8 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-29 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-6 2320920]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-10 493248]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-11-15 762880]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-4-6 283824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-31 132656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-10-31 244736]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\netw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-4-6 35008]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-6 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-11 824688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-7 135664]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-6 51512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-10 1255736]

=============== Created Last 30 ================

2010-12-02 10:20:34 180736 ----a-w- C:\Users\PETERM~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\propfilebase.exe
2010-12-02 09:44:17 709456 ----a-w- C:\windows\isRS-000.tmp
2010-12-02 09:43:45 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-02 09:43:44 -------- d-----w- C:\Program Files (x86)\fun for all
2010-11-30 11:49:18 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-30 11:49:18 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-23 22:49:36 -------- d-----w- C:\Users\PETERM~1\AppData\Roaming\Malwarebytes
2010-11-23 22:49:22 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-11-23 22:49:22 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-17 14:22:56 -------- d-----w- C:\Users\PETERM~1\AppData\Roaming\Tific
2010-11-17 14:22:56 -------- d-----w- C:\Users\PETERM~1\AppData\Local\Symantec
2010-11-17 14:15:01 0 ----a-w- C:\Users\PETERM~1\AppData\Local\Sbuwisixej.bin
2010-11-17 14:14:59 -------- d-----w- C:\Users\PETERM~1\AppData\Local\{404A4E56-7E96-4B17-8AAB-F032CE21BD85}
2010-11-17 14:01:51 -------- d-----w- C:\Users\PETERM~1\AppData\Roaming\EB805A04879E3EB31C953DB85C3372D3
2010-11-07 13:35:02 15256 ----a-w- C:\Users\PETERM~1\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

==================== Find3M ====================

2010-09-10 05:35:44 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-09-08 01:17:46 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-09-08 01:17:46 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

============= FINISH: 21:50:47.71 ===============
Attached File  Attach.txt   4.46KB   0 downloads

BC AdBot (Login to Remove)

 

#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:32 AM

Posted 09 December 2010 - 06:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

Best Regards,
oneof4.

Best Regards,
oneof4.

#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:32 AM

Posted 14 December 2010 - 08:51 AM

Three Day Bump...

Are you still with us?

Best Regards,
oneof4.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:04:32 AM

Posted 17 December 2010 - 01:40 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·