Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent and trojan.fakealert


  • This topic is locked This topic is locked
20 replies to this topic

#1 abejr

abejr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 03 December 2011 - 04:50 PM

Laptop would boot up but there seemed to be no desktop and nothing on the start menu. Ran Malwarebytes before coming here and seemed to remove 14 infections. Now the start menu has some stuff back but the desktop still is blank. I'm gonna post all the logs but should i also post the first malwarebytes log?

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:09:55 on 2011-12-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1713 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [pccguide.exe] "c:\program files\trend micro\antivirus\pccguide.exe"
mRun: [PCClient.exe] "c:\program files\trend micro\antivirus\PCClient.exe"
mRun: [TM Outbreak Agent] "c:\program files\trend micro\antivirus\TMOAgent.exe" /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281409026255
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A50DA4B-D77E-41DF-BD58-352A52011BC6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-12-23 3567928]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2006-9-13 197648]
S2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\antivirus\Tmntsrv.exe [2006-9-13 241737]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-13 31248]
S2 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus\tmproxy.exe [2006-9-13 204873]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-13 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
.
=============== Created Last 30 ================

Attached Files



BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 07 December 2011 - 02:19 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log
3. The MalwareBytes' Log you mentioned in your post.

Use multiple posts if you can't fit everything into one post.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 07 December 2011 - 07:54 PM

thank you for the help.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 14:57:54 on 2011-12-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1716 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [pccguide.exe] "c:\program files\trend micro\antivirus\pccguide.exe"
mRun: [PCClient.exe] "c:\program files\trend micro\antivirus\PCClient.exe"
mRun: [TM Outbreak Agent] "c:\program files\trend micro\antivirus\TMOAgent.exe" /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281409026255
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A50DA4B-D77E-41DF-BD58-352A52011BC6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-12-23 3567928]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2006-9-13 197648]
S2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\antivirus\Tmntsrv.exe [2006-9-13 241737]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-13 31248]
S2 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus\tmproxy.exe [2006-9-13 204873]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-13 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
.
=============== Created Last 30 ================
.
2011-12-03 19:33:23 -------- d-----w- c:\program files\CCleaner
2011-12-03 19:01:34 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-12-03 19:01:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-03 19:01:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 19:01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 18:59:09 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-12-03 18:58:53 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
.
==================== Find3M ====================
.
2011-09-11 16:52:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:58:48.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/23/2006 10:00:03 AM
System Uptime: 12/7/2011 2:52:01 PM (0 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 133.65 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 8/27/2011 2:00:49 PM - System Checkpoint
RP168: 9/1/2011 3:26:54 PM - System Checkpoint
RP169: 9/5/2011 12:12:52 PM - System Checkpoint
RP170: 9/10/2011 8:55:36 AM - Software Distribution Service 3.0
RP171: 9/14/2011 6:43:12 AM - Software Distribution Service 3.0
RP172: 9/25/2011 12:52:23 PM - System Checkpoint
RP173: 9/28/2011 8:48:16 PM - Software Distribution Service 3.0
RP174: 10/6/2011 5:04:05 PM - System Checkpoint
RP175: 10/13/2011 4:49:33 PM - Software Distribution Service 3.0
RP176: 10/13/2011 5:01:41 PM - Installed iTunes
RP177: 10/13/2011 5:09:40 PM - Removed iTunes
RP178: 10/15/2011 10:25:35 AM - System Checkpoint
RP179: 10/26/2011 3:46:33 PM - System Checkpoint
RP180: 11/3/2011 6:32:25 PM - System Checkpoint
RP181: 11/5/2011 6:29:22 PM - System Checkpoint
RP182: 11/6/2011 6:26:06 PM - System Checkpoint
RP183: 11/9/2011 6:58:35 AM - Software Distribution Service 3.0
RP184: 11/11/2011 5:40:20 PM - System Checkpoint
RP185: 11/19/2011 9:46:25 AM - System Checkpoint
RP186: 12/3/2011 10:50:23 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DVD-RAM Driver
ESPNMotion
FATE
GemMaster Mystic
Google Desktop
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Juniper Networks Setup Client Activex Control
Mah Jong Quest
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office File Validation Add-In
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Works
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Otto
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
SCRABBLE
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Spy Sweeper
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Trend Micro Antivirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768
Yahoo! Music Engine
.
==== Event Viewer Messages From Past Week ========
.
12/3/2011 11:34:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/3/2011 11:30:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/3/2011 11:24:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi
12/3/2011 11:24:48 AM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/3/2011 11:20:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
12/3/2011 11:20:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/3/2011 1:16:20 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

#4 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 07 December 2011 - 07:55 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-07 16:46:03
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwrdyfob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1892] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 0045024D C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Spy Sweeper Engine/Webroot Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8298

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/3/2011 11:18:28 AM
mbam-log-2011-12-03 (11-18-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 229209
Time elapsed: 15 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GGyfLFDEWNT.exe (Trojan.FakeAlert) -> Value: GGyfLFDEWNT.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ggyflfdewnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\h7od40dhi32h2z.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\default user.toshiba-user\application data\kb00267474.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\default user.toshiba-user\application data\Baokgy\ysru.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\documents and settings\default user.toshiba-user\application data\Uqdiuv\iscyb.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\default user.toshiba-user\local settings\Temp\tmpdbdc7c24\heap4avg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP170\A0045174.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP170\A0045192.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP170\A0045220.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP170\A0045231.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP172\A0045471.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP173\A0047482.exe (Trojan.Jorik) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP174\A0049532.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{4b1aea69-b95e-4955-a6a6-502cd89cda69}\RP182\A0052971.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

#5 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 08 December 2011 - 12:32 AM

Hi. :)

It looks like you ran DDS in Safe Mode. Please run DDS (no need to rerun GMER) in Normal Mode and post the logs in your next post/reply.

Thanks. :)

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#6 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 08 December 2011 - 06:30 PM

sorry about that.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Default User at 15:14:16 on 2011-12-08
.
============== Running Processes ===============
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Default User.TOSHIBA-USER\Local Settings\Temporary Internet Files\Content.IE5\YMYTAQUN\dds[1].scr
C:\WINDOWS\system32\REGSVR32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_0
uRun: [{775C4760-C7C3-AD7B-FB3B-39E4E1771AF6}] "c:\documents and settings\default user.toshiba-user\application data\uqdiuv\iscyb.exe"
uRun: [KB00267474.exe] "c:\documents and settings\default user.toshiba-user\application data\KB00267474.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [pccguide.exe] "c:\program files\trend micro\antivirus\pccguide.exe"
mRun: [PCClient.exe] "c:\program files\trend micro\antivirus\PCClient.exe"
mRun: [TM Outbreak Agent] "c:\program files\trend micro\antivirus\TMOAgent.exe" /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281409026255
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A50DA4B-D77E-41DF-BD58-352A52011BC6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? IO_Memory;IO_Memory
R? SVRPEDRV;SVRPEDRV
S? McrdSvc;Media Center Extender Service
S? Tmfilter;Tmfilter
S? Tmntsrv;Trend NT Realtime Service
S? Tmpreflt;Tmpreflt
S? tmproxy;Trend Micro Proxy Service
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
.
=============== Created Last 30 ================
.
2011-12-03 19:33:23 -------- d-----w- c:\program files\CCleaner
2011-12-03 19:20:24 -------- d-----w- c:\documents and settings\default user.toshiba-user\application data\Malwarebytes
2011-12-03 19:01:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-03 19:01:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 19:01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-29 04:30:31 -------- d-----w- c:\documents and settings\default user.toshiba-user\application data\7ED78847
.
==================== Find3M ====================
.
2011-09-11 16:52:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:19:34.33 ===============

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/23/2006 10:00:03 AM
System Uptime: 12/8/2011 3:07:12 PM (0 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 131.492 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 8/27/2011 2:00:49 PM - System Checkpoint
RP168: 9/1/2011 3:26:54 PM - System Checkpoint
RP169: 9/5/2011 12:12:52 PM - System Checkpoint
RP170: 9/10/2011 8:55:36 AM - Software Distribution Service 3.0
RP171: 9/14/2011 6:43:12 AM - Software Distribution Service 3.0
RP172: 9/25/2011 12:52:23 PM - System Checkpoint
RP173: 9/28/2011 8:48:16 PM - Software Distribution Service 3.0
RP174: 10/6/2011 5:04:05 PM - System Checkpoint
RP175: 10/13/2011 4:49:33 PM - Software Distribution Service 3.0
RP176: 10/13/2011 5:01:41 PM - Installed iTunes
RP177: 10/13/2011 5:09:40 PM - Removed iTunes
RP178: 10/15/2011 10:25:35 AM - System Checkpoint
RP179: 10/26/2011 3:46:33 PM - System Checkpoint
RP180: 11/3/2011 6:32:25 PM - System Checkpoint
RP181: 11/5/2011 6:29:22 PM - System Checkpoint
RP182: 11/6/2011 6:26:06 PM - System Checkpoint
RP183: 11/9/2011 6:58:35 AM - Software Distribution Service 3.0
RP184: 11/11/2011 5:40:20 PM - System Checkpoint
RP185: 11/19/2011 9:46:25 AM - System Checkpoint
RP186: 12/3/2011 10:50:23 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DVD-RAM Driver
ESPNMotion
FATE
GemMaster Mystic
Google Desktop
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Juniper Networks Cache Cleaner 6.4.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Mah Jong Quest
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office File Validation Add-In
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Works
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Otto
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
SCRABBLE
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Spy Sweeper
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Trend Micro Antivirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768
Yahoo! Music Engine
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 3:11:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.
12/8/2011 3:11:11 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2011 2:57:32 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DEB4567A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/7/2011 5:14:03 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address D8:30:62:18:B2:15. Network operations on this system may be disrupted as a result.
12/7/2011 4:24:48 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/3/2011 11:27:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/3/2011 11:20:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KR10N
12/3/2011 11:20:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/3/2011 10:57:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi
12/3/2011 10:57:35 AM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/3/2011 10:56:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/3/2011 1:16:20 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

#7 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 09 December 2011 - 02:38 AM

sorry about that.


No problem. :) Be sure that from now you run everything I ask for you to run in Normal Mode instead of Safe Mode. Only run it in Safe Mode if asked to do so.

Thanks. :)



Step # 1: Download and run UnHide

Download and run UnHide




Step # 2: Disable SpySweeper

SpySweeper normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

If you have version 4:

- Open SpySweeper
- Select Options and then Program Options
- Uncheck the option Load at Windows Startup
- Select Shields and uncheck all there
- Uncheck Home page shield
- Uncheck automatically restore default without notification
- Reboot your machine to complete the process

If you have version 5:

* Open SpySweeper.
* Click Shield Settings on the right

(or Shields on the left, depending what screen you're on).

* Click Internet Explorer and uncheck all items.
* Click Windows System and uncheck all items.
* Click Hosts File and uncheck all items.
* Click Startup Programs and uncheck all items.
* Close SpySweeper.

Reboot you computer, and ensure Spy Sweeper is disabled.



Step # 3: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#8 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 09 December 2011 - 09:38 PM

ComboFix 11-12-09.04 - Default User 12/09/2011 18:09:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1536 [GMT -8:00]
Running from: c:\documents and settings\Default User.TOSHIBA-USER\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User.TOSHIBA-USER\Application Data\Uqdiuv\iscyb.exe
c:\documents and settings\Default User.TOSHIBA-USER\Start Menu\Programs\System Fix
c:\documents and settings\Default User.TOSHIBA-USER\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Default User.TOSHIBA-USER\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\Default User.TOSHIBA-USER\WINDOWS
c:\documents and settings\Default User\WINDOWS
C:\LOG10A.tmp
C:\LOG110.tmp
C:\LOG12C.tmp
C:\LOG150.tmp
C:\LOG15E.tmp
C:\LOG176.tmp
C:\LOG259.tmp
C:\LOG3E.tmp
C:\LOG52.tmp
C:\LOG53.tmp
C:\LOG55.tmp
C:\LOG5A.tmp
C:\LOG5C.tmp
C:\LOG5E.tmp
C:\LOG5F.tmp
C:\LOG60.tmp
C:\LOG62.tmp
C:\LOG63.tmp
C:\LOG64.tmp
C:\LOG68.tmp
C:\LOG69.tmp
C:\LOG6C.tmp
C:\LOG7C.tmp
C:\LOG8C.tmp
C:\LOG90.tmp
C:\LOGB3.tmp
C:\LOGB5.tmp
C:\LOGC0.tmp
C:\LOGCA.tmp
c:\windows\CSC\d6
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-03 19:33 . 2011-12-03 19:33 -------- d-----w- c:\program files\CCleaner
2011-12-03 19:20 . 2011-12-03 19:20 -------- d-----w- c:\documents and settings\Default User.TOSHIBA-USER\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 19:01 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 18:59 . 2011-12-03 18:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-03 18:58 . 2011-12-03 18:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-29 04:30 . 2011-11-29 04:30 -------- d-----w- c:\documents and settings\Default User.TOSHIBA-USER\Application Data\7ED78847
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-11 16:52 . 2011-09-11 16:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2006-09-14 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2006-09-14 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2006-09-14 290816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-06 30192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24989:UDP"= 24989:UDP:UDP 24989
"28615:TCP"= 28615:TCP:TCP 28615
.
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [9/13/2006 9:00 PM 197648]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [9/13/2006 9:00 PM 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/13/2006 9:00 PM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [9/13/2006 9:00 PM 204873]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 3:21 PM 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{775C4760-C7C3-AD7B-FB3B-39E4E1771AF6} - c:\documents and settings\Default User.TOSHIBA-USER\Application Data\Uqdiuv\iscyb.exe
HKCU-Run-KB00267474.exe - c:\documents and settings\Default User.TOSHIBA-USER\Application Data\KB00267474.exe
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-09 18:28
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\WRLogonNTF.dll
.
- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TDispVol.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\AGRSMMSG.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-12-09 18:36:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 02:36
.
Pre-Run: 140,484,141,056 bytes free
Post-Run: 140,831,801,344 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E01556EF69ACF38AFC544A4ADE7E6906

#9 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 10 December 2011 - 02:45 AM

Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    KILALL::
    
    DirLook::
    
    c:\documents and settings\Default User.TOSHIBA-USER\Application Data\7ED78847

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Posted Image


    Note: This CFScript is for use on abejr's computer only! Do not use it on your computer.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#10 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 10 December 2011 - 11:18 AM

ComboFix 11-12-09.04 - Default User 12/10/2011 8:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1426 [GMT -8:00]
Running from: c:\documents and settings\Default User.TOSHIBA-USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Default User.TOSHIBA-USER\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User.TOSHIBA-USER\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\Default User.TOSHIBA-USER\Desktop\System Fix.lnk
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 04:43 . 2011-12-10 04:43 -------- d-----w- c:\windows\system32\LogFiles
2011-12-03 19:33 . 2011-12-03 19:33 -------- d-----w- c:\program files\CCleaner
2011-12-03 19:20 . 2011-12-03 19:20 -------- d-----w- c:\documents and settings\Default User.TOSHIBA-USER\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 19:01 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 18:59 . 2011-12-03 18:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-03 18:58 . 2011-12-03 18:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-29 04:30 . 2011-11-29 04:30 -------- d-----w- c:\documents and settings\Default User.TOSHIBA-USER\Application Data\7ED78847
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-11 16:52 . 2011-09-11 16:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Default User.TOSHIBA-USER\Application Data\7ED78847 ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2006-09-14 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2006-09-14 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2006-09-14 290816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-06 30192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24989:UDP"= 24989:UDP:UDP 24989
"28615:TCP"= 28615:TCP:TCP 28615
.
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [9/13/2006 9:00 PM 197648]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [9/13/2006 9:00 PM 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/13/2006 9:00 PM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [9/13/2006 9:00 PM 204873]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 3:21 PM 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 08:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2011-12-10 08:14:25
ComboFix-quarantined-files.txt 2011-12-10 16:14
ComboFix2.txt 2011-12-10 02:36
.
Pre-Run: 140,838,703,104 bytes free
Post-Run: 140,826,914,816 bytes free
.
- - End Of File - - CD97E7DEE1AD604689917A2123D8857E


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Default User at 8:16:47 on 2011-12-10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1448 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\RAMASST.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_0
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [LtMoh] "c:\program files\ltmoh\Ltmoh.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
mRun: [pccguide.exe] "c:\program files\trend micro\antivirus\pccguide.exe"
mRun: [PCClient.exe] "c:\program files\trend micro\antivirus\PCClient.exe"
mRun: [TM Outbreak Agent] "c:\program files\trend micro\antivirus\TMOAgent.exe" /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281409026255
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A50DA4B-D77E-41DF-BD58-352A52011BC6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2006-9-13 197648]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\antivirus\Tmntsrv.exe [2006-9-13 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-13 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus\tmproxy.exe [2006-9-13 204873]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-12-23 3567928]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-13 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
.
=============== Created Last 30 ================
.
2011-12-10 04:43:14 -------- d-----w- c:\windows\system32\LogFiles
2011-12-10 02:04:48 -------- d-sha-r- C:\cmdcons
2011-12-10 01:59:42 98816 ----a-w- c:\windows\sed.exe
2011-12-10 01:59:42 518144 ----a-w- c:\windows\SWREG.exe
2011-12-10 01:59:42 256000 ----a-w- c:\windows\PEV.exe
2011-12-10 01:59:42 208896 ----a-w- c:\windows\MBR.exe
2011-12-03 19:33:23 -------- d-----w- c:\program files\CCleaner
2011-12-03 19:20:24 -------- d-----w- c:\documents and settings\default user.toshiba-user\application data\Malwarebytes
2011-12-03 19:01:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-03 19:01:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 19:01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-29 04:30:31 -------- d-----w- c:\documents and settings\default user.toshiba-user\application data\7ED78847
.
==================== Find3M ====================
.
2011-09-11 16:52:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 8:17:02.15 ===============

#11 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 10 December 2011 - 12:59 PM

Thanks for the log. :)

I've a question before we continue:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24989:UDP"= 24989:UDP:UDP 24989
"28615:TCP"= 28615:TCP:TCP 28615


Do you recognize the above ports? Did you open them yourself?

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#12 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 10 December 2011 - 01:01 PM

I don't recognize them and i didn't open them.

#13 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 11 December 2011 - 12:22 AM

Delete CFScript.txt from your Desktop, you will be creating and running a new one.



Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    KILLALL::
    
    
    Folder::
    
    c:\documents and settings\Default User.TOSHIBA-USER\Application Data\7ED78847
    
    
    Registry::
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24989:UDP"=-
    "28615:TCP"=-

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Posted Image


    Note: This CFScript is for use on abejr's computer only! Do not use it on your computer.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.




Step # 2 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u29.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • J2SE Runtime Environment 5.0 Update 4

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.



In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step has been completed.
2. MalwareBytes' Log

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#14 abejr

abejr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 11 December 2011 - 01:23 PM

ComboFix 11-12-09.04 - Default User 12/11/2011 9:13.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1501 [GMT -8:00]
Running from: c:\documents and settings\Default User.TOSHIBA-USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Default User.TOSHIBA-USER\Desktop\cfscript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User.TOSHIBA-USER\Application Data\7ED78847
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-10 04:43 . 2011-12-10 04:43 -------- d-----w- c:\windows\system32\LogFiles
2011-12-03 19:33 . 2011-12-03 19:33 -------- d-----w- c:\program files\CCleaner
2011-12-03 19:20 . 2011-12-03 19:20 -------- d-----w- c:\documents and settings\Default User.TOSHIBA-USER\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-03 19:01 . 2011-12-03 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 19:01 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 18:59 . 2011-12-03 18:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-03 18:58 . 2011-12-03 18:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2006-09-14 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2006-09-14 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2006-09-14 290816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-06 30192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [9/13/2006 9:00 PM 197648]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [9/13/2006 9:00 PM 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/13/2006 9:00 PM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [9/13/2006 9:00 PM 204873]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 3:21 PM 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 09:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\WRLogonNTF.dll
.
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\TDispVol.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-12-11 09:33:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 17:32
ComboFix2.txt 2011-12-10 16:14
ComboFix3.txt 2011-12-10 02:36
.
Pre-Run: 140,818,997,248 bytes free
Post-Run: 140,816,838,656 bytes free
.
- - End Of File - - F478B5C5E6A2E92F2F75B94483FA5596


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8352

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/11/2011 10:11:34 AM
mbam-log-2011-12-11 (10-11-34).txt

Scan type: Quick scan
Objects scanned: 171875
Time elapsed: 12 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 PM

Posted 12 December 2011 - 01:30 AM

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 7.0.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick McAfeeŽ Security Scan Plus if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe Reader X (10.1.1) is a large program and if you prefer a smaller program you can get Foxit 5.1.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 5.1.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay




ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



In your next post/reply, I need to see the following:

1. ESET Log
2. How is your computer doing, any problems?

MalWare Removal University Master

Member of ASAP
unite_Invision.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users