Jump to content

Recommended Posts

I tried to download a file from a torrent site. stupid move #1 :wacko:

It changed settings in my firefox browser and prevented reaching several sites. I finally gave in and uninstalled firefox, but then could not download a new version to reinstall.

my dds.txt and attach.txt files are attached.

I appreciate your assistance in finding what settings, registry entries, and other items may have been hijacked.

I do use carbonite, but fear that my backups are infected also.

Kind regards,

techladysings

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Toshiba at 20:06:51 on 2011-11-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1858 [GMT -6:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\windows\system32\igfxext.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\ctfmon.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [MobiLink3] c:\program files\novatel wireless\virgin mobile\MobiLink3.exe

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [Media Finder] c:\program files\media finder\.\MF.exe /opentotray

uRun: [Google Update] "c:\users\toshiba\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\toshiba\appdata\roaming\micros~1\windows\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download with &Media Finder - c:\program files\media finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{5EAF5A8C-A07E-402B-831E-3D5815B8DD38} : DhcpNameServer = 10.10.10.120 10.10.10.212

TCP: Interfaces\{5EAF5A8C-A07E-402B-831E-3D5815B8DD38}\76570786F6D656 : DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3

TCP: Interfaces\{677DE85F-C933-400A-985D-A1351BE32947} : DhcpNameServer = 192.168.1.254 192.168.1.254

Notify: igfxcui - igfxdev.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-14 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-14 320856]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-14 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-14 54616]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-10 44768]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-8-14 7680]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-8-14 24064]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-8-14 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 135664]

S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2011-8-19 11264]

S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]

S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]

S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-14 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-14 1343400]

.

=============== Created Last 30 ================

.

2011-11-28 00:12:14 -------- d-----w- c:\program files\iPod

2011-11-28 00:12:13 -------- d-----w- c:\program files\iTunes

2011-11-26 01:57:11 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{55c20179-502d-456f-8d2e-087233452bd9}\offreg.dll

2011-11-26 01:57:10 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{55c20179-502d-456f-8d2e-087233452bd9}\mpengine.dll

2011-11-22 03:36:02 388096 ----a-r- c:\users\toshiba\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-22 03:36:02 -------- d-----w- c:\program files\Trend Micro

2011-11-14 04:41:39 -------- d-----w- c:\program files\OverDrive Media Console

2011-11-10 15:06:56 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-10 15:06:56 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 15:06:55 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-07 19:05:05 -------- d-----w- c:\users\toshiba\appdata\roaming\Malwarebytes

2011-11-07 19:05:00 -------- d-----w- c:\programdata\Malwarebytes

2011-11-07 19:04:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-07 19:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-07 18:38:40 -------- d-----w- c:\users\toshiba\appdata\local\Apps

2011-11-02 16:11:04 -------- d-----w- c:\users\toshiba\appdata\roaming\Media Finder

2011-10-31 06:47:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-10-31 06:47:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-10-31 06:47:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2011-11-22 02:44:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 04:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 20:07:07.76 ===============

DDS.txt

Attach.txt

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.