Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sharing Folders / Windows Firewall Issue


  • This topic is locked This topic is locked
2 replies to this topic

#1 stevencv

stevencv

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 14 March 2012 - 07:58 AM

My Laptop
Make: Toshiba
Model: Satellite Pro
OS: Windows 7 Professional 64x

Background
Microsoft Security Essentials has found two 'severe' items recently:
1) 9th February: Trojan:Win64/Sirefef.B
2) 27th February: Exploit:Unix/Lotoor

It told me it had removed these threats and I thought no more about it.

The Problem(s)
We have a new printer at work, and I was trying to set it up to scan to my computer over the network. I had to set a folder to shared. When I tried to do so, I got the following error message:

"An error occurred while trying to share Scan Folder. There are no more endpoints available from the endpoint mapper. The shared resource was not created at this time."

After googling the issue, I was informed that I need to turn my Windows Firewall on. However when I tried to do so, I got this error message:

"Windows Firewall can't change some of your settings. Error code 0x80070424"

So I googled this, and all the sites I visited seem to be pointing to rootkit issues.

Scans Ran
One site recommend I run Command Promp and type sfc /scannow. This reported back that 'Windows Resource Protection did not find any integrity violations."
Spybot Search & Destroy: This found 2 entrys for 'Double Click', which were removed. I then re ran the scan and it was clean.
Malwarebytes: Found nothing.
Microsoft Security Essentials: Found nothing.

I am now at a point where I do not know what to do. If anyone has any suggestions on what I could try next, I would be very grateful.

I posted this initially here: http://www.bleepingcomputer.com/forums/topic445158.html and was told to post here instead and post logs.

DDS Logs:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Steven Journeaux at 12:53:24 on 2012-03-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3933.1737 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BT Access Manager\btomosrv.exe
C:\Program Files (x86)\BTCM Device Detection Service\btomodds.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\MozyPro\mozyprobackup.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\BT Access Manager\btomo.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Users\Steven Journeaux\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\BTACCE~1\BTOMOP~1.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [DuckCapture] "C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe" /autorun
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [BTCommonClient] "C:\Program Files (x86)\BT Access Manager\btomo.exe" -a
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\STEVEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steven Journeaux\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files (x86)\MozyPro\mozyprostat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94BB7635-67C4-4368-964C-CE2615E91ADE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94BB7635-67C4-4368-964C-CE2615E91ADE}\244524573796E6563737845726D2036303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94BB7635-67C4-4368-964C-CE2615E91ADE}\244524573796E6563737845726D2435373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94BB7635-67C4-4368-964C-CE2615E91ADE}\35A435B4956383039363 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{94BB7635-67C4-4368-964C-CE2615E91ADE}\F4C6468616D63465 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E359DA9E-0B4C-4711-9E7C-FF1043782129} : DhcpNameServer = 194.72.6.57 194.73.82.242
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {F0173905-8498-4452-A4BD-EC689AFA6B3A} - "%ProgramFiles%\Common Files\Sage SBD\ForceEIRRegistration.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven Journeaux\AppData\Roaming\Mozilla\Firefox\Profiles\bvo9561n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 0c21e18100000000000068a3c4ad5c84
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c21e18100000000000068a3c4ad5c84
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15348
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:05:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 mozyproFilter;mozyproFilter;C:\Windows\system32\DRIVERS\mozypro.sys --> C:\Windows\system32\DRIVERS\mozypro.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BT Access Manager;BT Access Manager;C:\Program Files (x86)\BT Access Manager\btomosrv.exe [2009-10-2 28747]
R2 BTCM Device Detection Service;BTCM Device Detection Service;C:\Program Files (x86)\BTCM Device Detection Service\btomodds.exe [2010-2-26 102400]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-1-6 1811456]
R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2011-11-17 54632]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-2-7 343032]
R2 Sage SData Service;Sage SData Service;C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [2011-7-28 53248]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-1-6 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-2 136176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-2 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-14 09:00:30 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF6AA503-9BED-4130-B07A-49786CECEE4C}\mpengine.dll
2012-03-12 10:52:49 -------- d-----w- C:\Users\Steven Journeaux\AppData\Local\Microsoft Games
2012-03-07 11:27:36 -------- d-----r- C:\Users\Steven Journeaux\AppData\Roaming\Brother
2012-03-07 11:12:44 -------- d-----w- C:\ProgramData\Brother
2012-03-05 15:49:52 -------- d-----w- C:\Users\Steven Journeaux\AppData\Local\ElevatedDiagnostics
2012-02-29 11:57:50 66048 ----a-w- C:\Windows\System32\CNAS0MMK.DLL
2012-02-29 11:56:09 -------- d-----w- C:\Program Files\Canon
2012-02-28 16:55:44 -------- d-----w- C:\Windows\SysWow64\System32
2012-02-26 17:19:15 -------- d-----w- C:\ProgramData\Sports Interactive
2012-02-26 17:18:37 -------- d-----w- C:\Users\Steven Journeaux\AppData\Roaming\Sports Interactive
2012-02-26 17:18:37 -------- d-----w- C:\Users\Steven Journeaux\AppData\Local\Sports Interactive
2012-02-26 17:13:59 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll
2012-02-26 17:07:51 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2012-02-26 17:07:51 -------- d-----w- C:\Program Files (x86)\Sports Interactive
2012-02-26 17:07:03 -------- d--h--w- C:\Users\Steven Journeaux\InstallAnywhere
2012-02-17 09:15:54 -------- d-----w- C:\Program Files\Common Files\Common Desktop Agent
2012-02-17 09:15:54 -------- d-----w- C:\Program Files (x86)\Common Files\Common Desktop Agent
2012-02-17 09:14:27 27648 ----a-w- C:\Windows\System32\ssi1mlm.dll
2012-02-16 11:54:27 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 11:54:27 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 11:54:21 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 11:54:21 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 11:54:20 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 11:54:20 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 11:54:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 11:54:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 14:47:13 67328 ----a-w- C:\Windows\System32\drivers\mozypro.sys
2012-02-14 12:03:57 -------- d-----w- C:\ProgramData\Sierra Wireless
2012-02-14 12:03:45 -------- d-----w- C:\Users\Steven Journeaux\AppData\Roaming\BT Access Manager
2012-02-14 12:03:32 -------- d-----w- C:\Program Files (x86)\BTCM Device Detection Service
2012-02-14 12:03:31 -------- d-----w- C:\ProgramData\BTCM Device Detection Service
2012-02-14 12:03:31 -------- d-----w- C:\Program Files (x86)\BT Access Manager
2012-02-14 12:03:18 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbser6k.sys
2012-02-14 12:03:18 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbnmea.sys
2012-02-14 12:03:18 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
2012-02-14 12:03:05 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2012-02-14 12:03:05 216576 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2012-02-14 12:03:05 117248 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2012-02-14 12:03:05 114560 ----a-w- C:\Windows\System32\drivers\ewusbdev.sys
2012-02-14 12:02:35 -------- d-----w- C:\ProgramData\BT Access Manager
.
==================== Find3M ====================
.
2012-02-22 09:04:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-07 23:41:44 30200 ----a-w- C:\Windows\System32\nitrolocalmon2.dll
2012-02-07 23:41:44 18424 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-19 17:52:14 548864 ------w- C:\Windows\SysWow64\S18DBC32.dll
2012-01-06 15:36:59 603648 ----a-w- C:\Windows\System32\vbscript.dll
2012-01-06 15:36:59 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2012-01-06 15:36:59 165888 ----a-w- C:\Windows\System32\iexpress.exe
2012-01-06 15:36:59 160256 ----a-w- C:\Windows\System32\wextract.exe
2012-01-06 13:13:29 20592 ----a-w- C:\Windows\System32\drivers\CeKbFilter.sys
2011-12-21 10:23:50 7122944 ------w- C:\Windows\SysWow64\sg50SdoEngine180.dll
.
============= FINISH: 12:54:01.22 ===============


I have also attached a zip of the attach.txt file as instructed.

GMER Log:
I did not do this, as I am running a 64x computer and the instructions said to skip this step if this is the case.

If anyone can help, I would be hugely grateful. This is my work laptop, and doing a factory reset would be a major pain, and a lot of time to restore all my programs.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 17 March 2012 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your logs.

Lets start with this.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

p.s. Did you install this BabylonToolbar?
From your DDS log.

---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 0c21e18100000000000068a3c4ad5c84 G
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c21e18100000000000068a3c4ad5c84G
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15348
etc...


Not sure if it's part of you difficulties yet.
http://forums.spybot.info/showthread.php?t=61869

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 PM

Posted 23 March 2012 - 09:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users