Jump to content

FBI lockout virus - maybe fixed

markschum
 Share

Recommended Posts

markschum

markschum

Posted
Posted

Hello, I got a screen claiming an FBI internet task force had locked my computer and send money to get an unlock code.

I believed this to be a virus so I powered the machine off and restarted it in safe mode this morning (sunday). I did a revert to a systemm restore point that seemed to fix things. I ran malewarebytes free version. It found and removed two trojans.

My laptop is a toshiba running vista.

I think I followed your sites guide and post the files below.

Can you advise if the system is clean ? thanks

Fram malwarebytes log

Files Detected: 3

C:\$RECYCLE.BIN\S-1-5-21-2648317281-1878308405-4135220662-1000\$2c568a31310402a22506ad0a4c4feff6\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$RECYCLE.BIN\S-1-5-21-2648317281-1878308405-4135220662-1000\$2c568a31310402a22506ad0a4c4feff6\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.

C:\$RECYCLE.BIN\S-1-5-21-2648317281-1878308405-4135220662-1000\$2c568a31310402a22506ad0a4c4feff6\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.17.2

Run by Mark at 0:11:55 on 2013-05-06

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.975 [GMT -5:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVG SafeGuard toolbar\vprot.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\mdm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=116782&tt=010213_2004&babsrc=HP_ss&mntrId=6c3262420000000000000024d24e5615

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: <No Name>: {FFFFFEF0-5B30-21D4-945D-000000000000} - c:\program files\star downloader\SDIEInt.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE

mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe

mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"

mRun: [NDSTray.exe] NDSTray.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe

StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download with Star Downloader - c:\progra~1\stardo~1\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{81491A02-82EE-4755-AA32-8EDA036E3CAB} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\lt2svhfa.default\

FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\users\mark\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-03-25 13:16; avg@toolbar; c:\programdata\avg safeguard toolbar\firefoxext\14.2.0.1

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.215:55:05

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6c3262420000000000000024d24e5615&q=

FF - user.js: extensions.BabylonToolbar.id - 6c3262420000000000000024d24e5615

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15737

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10

FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1013:58:42

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - uninst

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116782&tt=010213_2004

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar.rvrt - false

FF - user.js: extensions.BabylonToolbar.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-2-26 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-2-14 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-25 33112]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090811.002\IDSvix86.sys [2009-8-15 272432]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-29 20384]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-17 149352]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-4-3 968880]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-5-5 1245064]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-11 23888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-10 101936]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-5 29744]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-29 954368]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-22 36928]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

.

=============== Created Last 30 ================

.

2013-05-05 16:48:01 2422272 ----a-w- c:\windows\system32\wucltux.dll

2013-05-05 16:46:54 88576 ----a-w- c:\windows\system32\wudriver.dll

2013-05-05 16:46:15 33792 ----a-w- c:\windows\system32\wuapp.exe

2013-05-05 16:46:15 171904 ----a-w- c:\windows\system32\wuwebv.dll

2013-05-05 03:34:15 -------- d-----w- C:\F-Engrave-1.02_win

2013-05-02 13:48:47 -------- d-----w- c:\windows\system32\eu-ES

2013-05-02 13:48:47 -------- d-----w- c:\windows\system32\ca-ES

2013-05-02 13:48:45 -------- d-----w- c:\windows\system32\vi-VN

2013-05-02 01:35:52 -------- d-----w- c:\windows\system32\EventProviders

2013-05-02 01:31:21 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2013-05-02 01:31:11 1081344 ----a-w- c:\windows\system32\SLCExt.dll

2013-05-02 01:31:10 3408896 ----a-w- c:\windows\system32\SLsvc.exe

2013-05-02 01:29:59 619864 ----a-w- c:\windows\system32\icardagt.exe

2013-05-02 01:28:58 88064 ----a-w- c:\windows\system32\fdBth.dll

2013-05-02 01:27:59 323584 ----a-w- c:\windows\system32\certcli.dll

2013-05-02 01:26:59 217088 ----a-w- c:\windows\system32\WerFault.exe

2013-05-02 01:25:59 177152 ----a-w- c:\windows\system32\scecli.dll

2013-05-02 01:24:59 414208 ----a-w- c:\windows\system32\msscp.dll

2013-05-02 01:23:59 93696 ----a-w- c:\windows\system32\eappgnui.dll

2013-05-02 01:20:46 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll

2013-05-02 01:20:45 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2013-05-02 01:20:45 265728 ----a-w- c:\windows\system32\wbem\esscli.dll

2013-05-02 01:20:45 189440 ----a-w- c:\windows\system32\wbem\mofd.dll

2013-05-02 01:20:43 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2013-05-02 01:20:42 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2013-05-02 01:20:42 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll

2013-05-02 01:20:27 705536 ----a-w- c:\windows\system32\SmiEngine.dll

2013-05-02 01:20:04 218624 ----a-w- c:\windows\system32\wdscore.dll

2013-05-02 01:20:04 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2013-05-02 01:19:23 247808 ----a-w- c:\windows\system32\drvstore.dll

2013-04-27 02:14:03 -------- d-----w- c:\programdata\Vectric

2013-04-27 02:13:59 -------- d-----w- c:\program files\Cut2D Trial Edition 1.5

2013-04-25 02:31:45 -------- d-----w- c:\programdata\SoftSafe

2013-04-25 02:29:56 -------- d-----w- c:\programdata\InstallMate

2013-04-19 20:41:14 -------- d-----w- c:\windows\COREL

2013-04-19 20:37:55 -------- d-----w- C:\COREL

2013-04-18 05:06:37 -------- d-----w- c:\users\mark\appdata\local\IsolatedStorage

2013-04-18 04:13:34 -------- d-----w- c:\program files\CamBam plus 0.9.8

2013-04-18 04:13:22 -------- d-----w- c:\programdata\CamBam plus 0.9.8

2013-04-16 05:32:24 -------- d-----w- C:\KMotionCNC

2013-04-15 02:22:07 -------- d-----w- c:\program files\DriveGLEAM

2013-04-13 00:18:55 -------- d-----w- C:\Mach3

2013-04-09 20:01:42 -------- d-----w- c:\users\mark\appdata\roaming\inkscape

2013-04-09 19:40:00 -------- d-----w- c:\program files\Inkscape

.

==================== Find3M ====================

.

2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-03 05:24:07 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-04-02 22:21:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-02 22:21:20 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-02 22:21:20 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-25 18:29:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-25 18:29:09 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-01 15:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 04:40:46 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-02-14 08:52:46 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-02-08 09:37:56 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-02-08 09:37:52 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-02-08 09:37:44 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-02-08 09:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

============= FINISH: 0:15:31.60 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/29/2009 2:26:10 AM

System Uptime: 5/5/2013 8:58:42 PM (4 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD Athlon X2 Dual-Core QL-62 | Socket M2/S1G1 | 2000/1800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 291 GiB total, 163.214 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 3.0

Adobe Reader XI (11.0.02)

AIM 6

Apache HTTP Server 2.2.11

AppCore

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

ATI Catalyst Install Manager

Autodesk 3ds Max 2009 32-bit

Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries

Autodesk 3ds Max 2009 32-bit Architectural Materials Library

Autodesk 3ds Max 2009 32-bit Movies

Autodesk 3ds Max 2009 32-bit ProMaterials™ Library

Autodesk Backburner 2008.1

AVG 2013

AVG SafeGuard toolbar

Backup

Bluerock Technologies Flight Studio 3ds Max 2009 32-bit

BRL-CAD

CamBam plus 0.9.8

Camera Assistant Software for Toshiba

CamStudio

CamStudio Lossless Codec v1.4

Carrara 5 Pro

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ccCommon

CD/DVD Drive Acoustic Silencer

Compatibility Pack for the 2007 Office system

Corel Applications

Cut2D Trial Edition 1.5

DivX Setup

DriveGLEAM V1.12

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2

eMule

FBX Plugin 2009.0 for Max 2009

ffdshow v1.1.4096 [2011-11-29]

FLV Player 2.0 (build 25)

Free NaturalReader

GearDrvs

Google Desktop

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GSpot Codec Information Appliance

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)

Inkscape 0.48.4

InstallShield for Microsoft Visual C++ 6

Java 7 Update 17

Java Auto Updater

KMotion

LazyCam 2.61

LightWave 3D 9.6

LiveUpdate (Symantec Corporation)

Mach3 Mach3VersionR2.63

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

Memeo AutoBackup

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Office 2000 Disc 2

Microsoft Office 2000 Professional

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files (English)

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server VSS Writer

Microsoft VC9 runtime libraries

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 6.0 Professional Edition

Microsoft Web Publishing Wizard 1.53

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft Works

Microsoft Works 4.5

Microsoft Works Setup Launcher

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSDN Library - Visual Studio 6.0

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySQL Server 5.1

Norton 360

Norton 360 (Symantec Corporation)

Norton 360 HTMLHelp

Norton Confidential Core

OpenOffice.org 3.4.1

PHP 5.3.0

Picasa 2

Poser 7

Python 2.4.3

Quest Software Toad for MySQL Freeware 6.3

QuickBooks Financial Center

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Skins

Skype web features

Skype™ 4.1

SPBBC 32bit

SpeedFan (remove only)

Sql Server Customer Experience Improvement Program

SQL Server System CLR Types

Star Downloader Free

Symantec Real Time Storage Protection Component

Symantec Technical Support Controls

SymNet

Synaptics Pointing Device Driver

Tango

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Games

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Unity

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Office 2007 (KB934528)

Update for Office System 2007 Setup (KB929722)

VC80CRTRedist - 8.0.50727.6195

Viewpoint Media Player

VisualCAD 2012

VisualMILL 2012

WinRAR archiver

WinZip

XviD4PSP 5.0

Yahoo! Messenger

Yahoo! Toolbar

YourFileDownloader

YTD Video Downloader 3.9.3

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello markschum and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Link to post
Share on other sites
markschum

markschum

Posted
  • Author
Posted

OK, thanks, that was my thought, to reload the system.

Can I safely back up my data or is that likely to copy a virus ?

There is nothing confidential on this machine , only some links to hobby sites, I have changed passwords on the pharmacy site I use.

If you are prepared to suggest a cleanup to get my data secure I would like to do that.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.