techladysings Posted November 28, 2011 ID:498809 Share Posted November 28, 2011 I tried to download a file from a torrent site. stupid move #1 It changed settings in my firefox browser and prevented reaching several sites. I finally gave in and uninstalled firefox, but then could not download a new version to reinstall.my dds.txt and attach.txt files are attached. I appreciate your assistance in finding what settings, registry entries, and other items may have been hijacked.I do use carbonite, but fear that my backups are infected also.Kind regards, techladysings.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by Toshiba at 20:06:51 on 2011-11-27Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1858 [GMT -6:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\windows\system32\igfxsrvc.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\windows\System32\spoolsv.exeC:\windows\system32\taskhost.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files\TOSHIBA\TECO\TEco.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\windows\system32\igfxext.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exeC:\windows\system32\svchost.exe -k imgsvcC:\Windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Windows\System32\StikyNot.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\system32\taskeng.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\windows\system32\wbem\wmiprvse.exeC:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\windows\System32\svchost.exe -k secsvcsC:\windows\system32\vssvc.exeC:\windows\System32\svchost.exe -k swprvC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\ctfmon.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\conhost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTOuRun: [MobiLink3] c:\program files\novatel wireless\virgin mobile\MobiLink3.exeuRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exeuRun: [Media Finder] c:\program files\media finder\.\MF.exe /opentotrayuRun: [Google Update] "c:\users\toshiba\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [<NO NAME>] mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exemRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEmRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exemRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exemRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exemRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exemRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /rmRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunmRun: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exemRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exemRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exemRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\users\toshiba\appdata\roaming\micros~1\windows\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Download with &Media Finder - c:\program files\media finder\hook.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254 192.168.1.254TCP: Interfaces\{5EAF5A8C-A07E-402B-831E-3D5815B8DD38} : DhcpNameServer = 10.10.10.120 10.10.10.212TCP: Interfaces\{5EAF5A8C-A07E-402B-831E-3D5815B8DD38}\76570786F6D656 : DhcpNameServer = 24.177.176.38 97.81.22.195 24.178.162.3TCP: Interfaces\{677DE85F-C933-400A-985D-A1351BE32947} : DhcpNameServer = 192.168.1.254 192.168.1.254Notify: igfxcui - igfxdev.dllmASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP.============= SERVICES / DRIVERS ===============.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-14 442200]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-14 320856]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-14 20568]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-14 54616]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-10 44768]R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-8-14 7680]R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-8-14 24064]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-8-14 51512]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 135664]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 135664]S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2011-8-19 11264]S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-14 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-14 1343400].=============== Created Last 30 ================.2011-11-28 00:12:14 -------- d-----w- c:\program files\iPod2011-11-28 00:12:13 -------- d-----w- c:\program files\iTunes2011-11-26 01:57:11 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{55c20179-502d-456f-8d2e-087233452bd9}\offreg.dll2011-11-26 01:57:10 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{55c20179-502d-456f-8d2e-087233452bd9}\mpengine.dll2011-11-22 03:36:02 388096 ----a-r- c:\users\toshiba\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe2011-11-22 03:36:02 -------- d-----w- c:\program files\Trend Micro2011-11-14 04:41:39 -------- d-----w- c:\program files\OverDrive Media Console2011-11-10 15:06:56 708608 ----a-w- c:\program files\common files\system\wab32.dll2011-11-10 15:06:56 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-10 15:06:55 2341888 ----a-w- c:\windows\system32\win32k.sys2011-11-07 19:05:05 -------- d-----w- c:\users\toshiba\appdata\roaming\Malwarebytes2011-11-07 19:05:00 -------- d-----w- c:\programdata\Malwarebytes2011-11-07 19:04:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-07 19:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-11-07 18:38:40 -------- d-----w- c:\users\toshiba\appdata\local\Apps2011-11-02 16:11:04 -------- d-----w- c:\users\toshiba\appdata\roaming\Media Finder2011-10-31 06:47:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-10-31 06:47:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-10-31 06:47:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-10-31 06:47:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll.==================== Find3M ====================.2011-11-22 02:44:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll2011-08-31 04:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll.============= FINISH: 20:07:07.76 ===============DDS.txtAttach.txt Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500473 Share Posted December 2, 2011 Try System Restore Win7http://www.sevenforums.com/tutorials/700-system-restore.htmlSee if you can find a date the the PC worked. Link to post Share on other sites More sharing options...
LDTate Posted December 6, 2011 ID:501990 Share Posted December 6, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts