Jump to content

captlat

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. captlat
  2. captlat
    [Did you know if you press ESC it erases all you have typed in this reply? I will retype it all. Was trying to figure out how to upload screen shot] 1. Scanned wscr.dll with VirusTotal. Result: 0/43 (0.0%). Clean, eh. 2. Ran ESET Online Scan. Found and fixed 5 threats. Log pasted below: C:\Users\bw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\26e2fcd2-1724e522 multiple threats deleted - quarantined C:\Users\bw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4678319b-26119410 multiple threats deleted - quarantined C:\Users\bw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4e220c63-4fa196e6 a variant of Java/Rowindal.A trojan deleted - quarantined C:\Users\bw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3207c172-56621750 a variant of Java/Rowindal.A trojan deleted - quarantined C:\Users\bw\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-36d2109d multiple threats deleted - quarantined 3. Ran Security Check. Log pasted below: Results of screen317's Security Check version 0.99.5 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! AVG 9.0 ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 21 Adobe Flash Player 10.1.85.3 Adobe Reader 9.1 Out of date Adobe Reader installed! Mozilla Firefox (3.6.10) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgemc.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` 4. Attempted to load Firefox. Still UAC asks if Firefox permission to change computer. Click YES and Firefox starts loading, but no content of web site in windows. Also no popup of Windows-Defence attack. Tried loading different sites, still no content. Weird HTML coding appears in Firefox tool bar area. Screen shot attached. Should I download and reinstall Firefox? I intend to reboot and try Firefox again and check MBAM to see if UAC requests allowing changes
  3. captlat
    Thanks screen317 Downloaded & ran TDSSKiller. No infection found, so no reboot requested. Log attched. Thanks TDSSKiller.2.4.4.0_14.10.2010_12.48.39_log.txt
  4. captlat
    Originally posted in wrong forum. Windows-Defence Trojan-Virus has infected Firefox and (I think) Malwarebytes Anti-Malware. Upon opening either of these two programs, a User Account Control windows pops asking "Do you want to allow the following program to makes changes......." Answer No and will not open. Answer "YES" and Firefox is re-directed to alert that web site is attacked and you should not open. Clicking any part of alert sends to Windows-Defence.com page where you are urged to puchase the fake anti-virus. I think MBAM is compromised due to the UAC pop-up before MBAM will load. I have licensed MBAM. Ran all three scans with no infections. Have run full scans with AVG and MS Security Essentials. Still infected. Have run latest Spybot S&D -- removed 100 items. Finally running instructions on this forum: 1. Defogger 2. DDS: here is DDS.txt DDS (Ver_10-10-10.03) - NTFS_AMD64 Run by bw at 9:59:33.07 on Wed 10/13/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2106 [GMT -6:00] SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\windows\system32\lsm.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\SysWOW64\svchost.exe -k hpdevmgmt C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\Dwm.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\windows\Explorer.EXE C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe C:\Program Files (x86)\AVG\AVG9\avgam.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Ares\Ares.exe C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\PROGRA~2\SPEEDB~2\VideoAcceleratorEngine.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k HPService C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\TOSHIBA\rselect\RSelSvc.exe C:\windows\system32\sppsvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\Users\bw\Downloads\dds.com C:\windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = https://login.facebook.com/login.php?login_attempt=1 uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Reserch: {b2249032-6464-466d-a58e-c588f7dbac22} - C:\Users\bw\AppData\Roaming\Microsoft\Credentials\wscr.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU26\tbcore3.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h uRun: [speedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\bw\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL IFEO: image file execution options - svchost.exe BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [(Default)] mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe mRun-x64: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AppInit_DLLs-X64: avgrssta.dll IFEO-X64: image file execution options - svchost.exe Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - C:\Users\bw\AppData\Roaming\Mozilla\Firefox\Profiles\3bgw597p.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php? FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - component: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox\components\Engine.dll FF - component: C:\Users\bw\AppData\Roaming\Mozilla\Firefox\Profiles\3bgw597p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: C:\Users\bw\AppData\Roaming\Mozilla\Firefox\Profiles\3bgw597p.default\extensions\fsl@fsl.net\components\fsl.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - trueC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-5-11 56008] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1105000.07F\symds64.sys [2010-3-14 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1105000.07F\symefa64.sys [2010-3-14 221232] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-12-22 482384] R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-5-11 269904] R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-5-11 35536] R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-5-11 317520] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1105000.07F\cchpx64.sys [2010-3-14 615040] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100317.002\IDSviA64.sys [2010-3-23 466992] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1105000.07F\symtdiv.sys [2010-3-14 451120] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-22 203264] R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-6-22 921952] R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-22 308136] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [2010-3-14 126392] R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-7-13 36864] R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-12 1153368] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?] R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2009-12-22 9216] R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-12-22 35008] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 291328] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-22 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [2010-2-11 676912] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1105000.07F\ironx64.sys [2010-3-14 148528] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-14 135664] S3 ATTRcAppSvc;AT&T RcAppSvc;"C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" --> C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-5-11 430152] S3 CAATT;AT&T Con App Svc;"C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" --> C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-22 222208] S3 rtlss;Service for enabling selective suspend to RTL device;C:\Windows\System32\drivers\rtlss.sys [2010-6-21 27240] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-30 1255736] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040] S3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);C:\Windows\System32\drivers\ZD1211U.sys [2010-7-12 351616] =============== Created Last 30 ================ 2010-10-13 15:37:14 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{29ECCD27-003F-4695-B735-1F804D9B1F02}\mpengine.dll 2010-10-13 15:26:58 -------- d-----w- C:\Program Files (x86)\CCleaner 2010-10-13 02:25:14 -------- d-----w- C:\79127b953f758500dafe 2010-10-12 23:43:54 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2010-10-12 23:43:53 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2010-10-12 23:43:53 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL 2010-10-12 23:43:52 12625920 ----a-w- C:\windows\System32\wmploc.DLL 2010-10-12 23:43:50 463360 ----a-w- C:\windows\System32\drivers\srv.sys 2010-10-12 23:43:49 9728 ----a-w- C:\windows\SysWow64\sscore.dll 2010-10-12 23:43:49 402944 ----a-w- C:\windows\System32\drivers\srv2.sys 2010-10-12 23:43:49 236032 ----a-w- C:\windows\System32\srvsvc.dll 2010-10-12 23:43:49 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys 2010-10-12 23:43:48 3123712 ----a-w- C:\windows\System32\win32k.sys 2010-10-12 22:53:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2010-10-12 22:53:15 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy 2010-10-09 21:27:32 -------- d-----w- C:\PROGRA~3\WSCL 2010-10-09 21:24:49 -------- d-----w- C:\Users\bw\AppData\Local\Dfc 2010-10-09 15:07:34 -------- d-----w- C:\Program Files\Unlocker 2010-10-09 14:09:47 -------- d-----w- C:\Program Files (x86)\vSoft 2010-09-30 09:00:40 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys 2010-09-30 09:00:39 243712 ----a-w- C:\windows\System32\drivers\ks.sys 2010-09-29 14:51:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2010-09-29 14:51:29 2048 ----a-w- C:\windows\System32\tzres.dll 2010-09-29 14:51:25 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-09-29 14:51:25 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2010-09-28 01:38:33 -------- d-----w- C:\Program Files (x86)\Ask.com 2010-09-28 01:38:31 -------- d-----w- C:\Program Files (x86)\BitTorrent 2010-09-28 01:37:09 -------- d-----w- C:\Users\bw\AppData\Roaming\BitTorrent 2010-09-28 00:19:37 -------- d-----w- C:\PROGRA~3\EmailNotifier 2010-09-22 00:04:58 -------- d-----w- C:\Program Files (x86)\Citrix 2010-09-22 00:00:58 -------- d-----w- C:\Users\bw\AppData\Local\Deployment 2010-09-16 14:10:58 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com 2010-09-15 18:53:32 -------- d-----w- C:\PROGRA~3\AT&T 2010-09-15 00:12:33 558592 ----a-w- C:\windows\System32\spoolsv.exe ==================== Find3M ==================== 2010-09-08 05:36:17 1192960 ----a-w- C:\windows\System32\wininet.dll 2010-09-08 05:34:34 57856 ----a-w- C:\windows\System32\licmgr10.dll 2010-09-08 04:30:04 978432 ----a-w- C:\windows\SysWow64\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll 2010-09-08 04:16:38 482816 ----a-w- C:\windows\System32\html.iec 2010-09-08 03:35:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2010-09-08 03:22:31 386048 ----a-w- C:\windows\SysWow64\html.iec 2010-09-08 02:48:16 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2010-08-31 04:32:30 954752 ----a-w- C:\windows\SysWow64\mfc40.dll 2010-08-31 04:32:30 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll 2010-08-26 05:27:28 148992 ----a-w- C:\windows\System32\t2embed.dll 2010-08-26 04:39:58 109056 ----a-w- C:\windows\SysWow64\t2embed.dll 2010-08-21 06:38:47 1024512 ----a-w- C:\windows\System32\wmpmde.dll 2010-08-21 06:36:49 340992 ----a-w- C:\windows\System32\schannel.dll 2010-08-21 06:31:06 633856 ----a-w- C:\windows\System32\comctl32.dll 2010-08-21 05:36:33 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll 2010-08-21 05:36:24 224256 ----a-w- C:\windows\SysWow64\schannel.dll 2010-08-21 05:33:24 530432 ----a-w- C:\windows\SysWow64\comctl32.dll 2010-07-29 06:30:34 82944 ----a-w- C:\windows\SysWow64\iccvid.dll 2010-07-17 11:00:04 423656 ----a-w- C:\windows\SysWow64\deployJava1.dll ============= FINISH: 10:00:24.36 =============== The zipped DDS Attach.txt is attached. 3. GMER Scan text log file is zipped and attached. Thanks Capt lat ark.zip Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.