Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen-FraudLoad and others


  • This topic is locked This topic is locked
2 replies to this topic

#1 hockeypill

hockeypill

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 16 December 2010 - 01:07 AM

I am working on cleaning up a friends laptop. It is a total mess and I am not an experienced Vista user, so I need a little help. It looks like there is several unwanted items running. ie win16.exe and iexplarer.exe.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Ward at 23:45:11.07 on Wed 12/15/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1515 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\SPICEW~1\bin\spiceworks.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Ward\AppData\Local\Temp\win16 .exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ward\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Users\Ward\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101103065906.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Mqvrela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\windows\wininst.exe
uRun: [Mqvrela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\wininst.exe
uRun: [Mqvrela/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] c:\windows\wininst.exe
uRun: [Mqvrela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\wininst.exe
uRun: [Lvhciejlq+] c:\users\ward\appdata\local\temp\win16.exe
uRun: [Lvhciejlhb] c:\users\ward\appdata\local\temp\debug.exe
uRun: [Lvhciejlotc] c:\users\ward\appdata\local\temp\hexdump.exe
uRun: [Lvhciejlq+0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\users\ward\appdata\local\temp\win16.exe
uRun: [Lvhciejlotc (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] c:\users\ward\appdata\local\temp\hexdump.exe
uRun: [Lvhciejlq+0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\users\ward\appdata\local\temp\win16.exe
uRun: [Lvhciejlq+0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\users\ward\appdata\local\temp\win16.exe
uRun: [MqvPcla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] c:\windows\win16.exe
uRun: [MqvPK] c:\windows\win16 .exe
uRun: [MqqyK] c:\windows\csrss .exe
uRun: [MqpSK] c:\windows\avp32 .exe
uRun: [MqusN] c:\windows\svchost .exe
uRun: [MquxI] c:\windows\system .exe
uRun: [MqqsK] c:\windows\drweb .exe
uRun: [MqsrK] c:\windows\login .exe
uRun: [MqruqK] c:\windows\iexplarer .exe
uRun: [Lvhciejlqt] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [MqsuK] c:\windows\lsass .exe
uRun: [MqvrN] c:\windows\wininst .exe
uRun: [MqvPKla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\win16 .exe
uRun: [MqpSKla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\avp32 .exe
uRun: [Lvhciejlqt0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [MqpSKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\windows\avp32 .exe
uRun: [Lvhciejlpsc] c:\users\ward\appdata\local\temp\taskmgr.exe
uRun: [Lvhciejlna] c:\users\ward\appdata\local\temp\login.exe
uRun: [Lvhciejlqb] c:\users\ward\appdata\local\temp\winamp.exe
uRun: [Lvhciejlora] c:\users\ward\appdata\local\temp\iexplarer.exe
uRun: [LvhciejlotK] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlhK] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlpN] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlpsK] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlqXc] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [Lvhciejlqpc] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlorJ] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [MqvPcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\win32.exe
uRun: [LvhciejlqW] c:\users\ward\appdata\local\temp\drweb.exe
uRun: [MqpSKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\avp32 .exe
uRun: [MqpSKla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\avp32 .exe
uRun: [MqsrKla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] c:\windows\login .exe
uRun: [LvhciejlorJ (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [MqsrKla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] c:\windows\login .exe
uRun: [MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] c:\windows\lsass .exe
uRun: [MqsuKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\lsass .exe
uRun: [MquxIla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] c:\windows\system .exe
uRun: [LvhciejlnJ] c:\users\ward\appdata\local\temp\login .exe
uRun: [LvhciejlhHc] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlorFc] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [Lvhciejlot0] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlpJc] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlqXK] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [LvhciejlnFc] c:\users\ward\appdata\local\temp\login .exe
uRun: [Lvhciejlps0] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlorFK] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [Lvhciejlotj] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlqpK] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlhHK] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlpJK] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlorF0] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [LvhciejlqX0] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [Lvhciejlqp0] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [Lvhciejlotgc] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlpJ0] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlorFj] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [Lvhciejlqpj] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlpJj] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [Lvhciejlqpgc] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlqXj] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [MqvPcla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\win32.exe
uRun: [Lvhciejlotj (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlpJK (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [MqqyKla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\csrss .exe
uRun: [Lvhciejlqpj (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlpJK (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlqF] c:\users\ward\appdata\local\temp\drweb .exe
uRun: [LvhciejlqBc] c:\users\ward\appdata\local\temp\drweb .exe
uRun: [Lvhciejlpsj] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlnFK] c:\users\ward\appdata\local\temp\login .exe
uRun: [Mqrtcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\hexdump.exe
uRun: [LvhciejlhH0] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlqBK] c:\users\ward\appdata\local\temp\drweb .exe
uRun: [Lvhciejlpsgc] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlqXgc] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [LvhciejlqB0] c:\users\ward\appdata\local\temp\drweb .exe
uRun: [LvhciejlnF0] c:\users\ward\appdata\local\temp\login .exe
uRun: [LvhciejlotgK] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlpsgK] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlpJgc] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlhHj] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlqXgK] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [LvhciejlorFgc] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [LvhciejlqpgK] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlnFj] c:\users\ward\appdata\local\temp\login .exe
uRun: [LvhciejlqXgKd\AppData\Local\Temp\winamp .exe] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [Lvhciejlpsg0] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlhHgc] c:\users\ward\appdata\local\temp\debug .exe
uRun: [Lvhciejlotg0] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlqBj] c:\users\ward\appdata\local\temp\drweb .exe
uRun: [LvhciejlnFgc] c:\users\ward\appdata\local\temp\login .exe
uRun: [Lvhciejlqpg0] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlorFgK] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [LvhciejlpJgK] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlqXg0] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [Lvhciejlqpgj] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlnFgK] c:\users\ward\appdata\local\temp\login .exe
uRun: [LvhciejlpJg0] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [Lvhciejlpsgj] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlqXgj] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [LvhciejlhHgK] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlorFg0] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [Lvhciejlotgj] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [Lvhciejlqpggc] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlpJgj] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlhHg0] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlqXggc] c:\users\ward\appdata\local\temp\winamp .exe
uRun: [LvhciejlqBgc] c:\users\ward\appdata\local\temp\drweb .exe
uRun: [Lvhciejlpsggc] c:\users\ward\appdata\local\temp\taskmgr .exe
uRun: [LvhciejlorFgj] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [Lvhciejlotggc] c:\users\ward\appdata\local\temp\hexdump .exe
uRun: [LvhciejlqpggK] c:\users\ward\appdata\local\temp\win16 .exe
uRun: [LvhciejlpJggc] c:\users\ward\appdata\local\temp\csrss .exe
uRun: [LvhciejlhHgj] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlorFggc] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [LvhciejlhHggc] c:\users\ward\appdata\local\temp\debug .exe
uRun: [LvhciejlorFggK] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [LvhciejlorFgg0] c:\users\ward\appdata\local\temp\iexplarer .exe
uRun: [LvhciejlhHggK] c:\users\ward\appdata\local\temp\debug .exe
uRun: [MqruqKa/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\windows\iexplarer .exe
uRun: [MqsrKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\login .exe
uRun: [MqpSKla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\windows\avp32 .exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-VFJM4.exe" /REG /REGSVRMODE
dRun: [MqmPrge] c:\windows\temp\jasn8mshm.exe
dRun: [Mqvre] c:\windows\wininst.exe
dRun: [Mqqsc] c:\windows\drweb.exe
dRun: [MqmPrgI] c:\windows\temp\jasn8mshm .exe
StartupFolder: c:\users\ward\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-31 386840]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-17 20384]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-31 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-31 164840]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-28 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-31 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-31 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-31 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-31 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-31 141792]
R2 spiceworks;Spiceworks;c:\program files\spiceworks\httpd\bin\spiceworks-httpd.exe [2010-6-23 18432]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-31 55840]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-31 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-31 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-31 313288]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-17 954368]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-31 84264]
S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-4-13 2560]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-16 04:07:59 54016 ----a-w- c:\windows\system32\drivers\kaihkvj.sys
2010-12-16 03:42:38 709456 ----a-w- c:\windows\is-VFJM4.exe
2010-12-15 23:41:47 -------- d-----w- c:\users\ward\appdata\roaming\Malwarebytes
2010-12-15 23:35:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 23:35:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 23:35:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 23:35:44 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-11 23:32:11 41480 ----a-w- c:\users\ward\J5BDfNDIe.com
2010-12-11 23:31:06 41480 ----a-w- c:\users\ward\appdata\local\J5BDfNDIe.exe
2010-12-11 23:21:04 41484 ----a-w- c:\progra~2\J5BDfNDIe.exe
2010-11-29 21:47:02 0 ----a-w- c:\windows\system32\lspD251.tmp

==================== Find3M ====================

2010-12-16 00:48:52 41580 ----a-w- c:\windows\system .exe
2010-12-12 20:08:47 41480 ----a-w- c:\windows\avp32 .exe
2010-12-12 20:07:06 41492 ----a-w- c:\windows\avp32 .exe
2010-12-12 15:03:28 41484 ----a-w- c:\windows\csrss .exe
2010-12-12 15:03:27 41488 ----a-w- c:\windows\login .exe
2010-12-12 15:03:27 41484 ----a-w- c:\windows\wininst .exe
2010-12-12 15:03:11 41480 ----a-w- c:\windows\lsass .exe
2010-12-12 15:02:50 41480 ----a-w- c:\windows\drweb .exe
2010-12-12 15:01:21 41480 ----a-w- c:\windows\drweb .exe
2010-12-12 15:01:13 41480 ----a-w- c:\windows\lsass .exe
2010-12-12 14:54:42 41484 ----a-w- c:\windows\wininst .exe
2010-12-12 14:54:42 41484 ----a-w- c:\windows\csrss .exe
2010-12-12 14:54:35 41480 ----a-w- c:\windows\login .exe
2010-12-12 14:53:53 41480 ----a-w- c:\windows\iexplarer .exe
2010-12-02 11:21:38 41476 ----a-w- c:\windows\iexplarer .exe
2010-10-14 02:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe

============= FINISH: 23:46:30.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 hockeypill

hockeypill
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 19 December 2010 - 03:14 PM

Please close this item. I cleaned everything up. I don't believe there was anything left after running Malwarebytes. If anything really stands out, please reply. The main thing that I had left to do was identify all the extra files, delete them, and them remove the entries from the registry to clean up the startup data.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:38 AM

Posted 19 December 2010 - 07:54 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users