Jump to content

rootkit.agent.h & trojan.agent


Recommended Posts

Hi,

Please post the malwarebytes log and a HijackThislog.

Thanks.

Malwarebytes' Anti-Malware 1.40

Database version: 2697

Windows 5.1.2600 Service Pack 2

8/26/2009 10:37:15 AM

mbam-log-2009-08-26 (10-37-15).txt

Scan type: Quick Scan

Objects scanned: 112483

Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.

C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:36:14 AM, on 8/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe

C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\CMR\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden

O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://webgames.d.tmsrv.com/c=d26bbef8a529...web.1.0.0.9.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.ul.com/InternalSite/WhlCompMgr.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 10444 bytes

Link to post
Share on other sites

  • Staff

Hi,

First of all,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!

This is somewhat suicidal in today's digital world.

That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/

This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Link to post
Share on other sites

Hi,

First of all,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!

This is somewhat suicidal in today's digital world.

That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/

This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

vira AntiVir Personal

Report file date: Wednesday, August 26, 2009 11:09

Scanning for 1664036 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : TOSHIBA-USER

Version information:

BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 19:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 15:21:42

ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 15:54:51

ANTIVIR3.VDF : 7.1.5.167 174592 Bytes 8/26/2009 15:54:53

Engineversion : 8.2.1.7

AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 19:31:50

AESCRIPT.DLL : 8.1.2.26 463227 Bytes 8/26/2009 15:55:07

AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 15:59:39

AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 15:59:39

AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 19:31:50

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 15:59:39

AEHEUR.DLL : 8.1.0.155 1921400 Bytes 8/26/2009 15:55:05

AEHELP.DLL : 8.1.6.0 233846 Bytes 8/26/2009 15:54:56

AEGEN.DLL : 8.1.1.59 356725 Bytes 8/26/2009 15:54:55

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40

AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 15:59:39

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Wednesday, August 26, 2009 11:09

Starting search for hidden objects.

'61564' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'RAMASST.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'msmsgs.exe' - '1' Module(s) have been scanned

Scan process 'uinstaller.exe' - '1' Module(s) have been scanned

Scan process 'uinstaller.exe' - '1' Module(s) have been scanned

Scan process 'aim.exe' - '1' Module(s) have been scanned

Scan process 'MMonitor.exe' - '1' Module(s) have been scanned

Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'QTTask.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned

Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned

Scan process 'CFSServ.exe' - '1' Module(s) have been scanned

Scan process 'SmoothView.exe' - '1' Module(s) have been scanned

Scan process 'PadExe.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'TPSMain.exe' - '1' Module(s) have been scanned

Scan process 'TFncKy.exe' - '1' Module(s) have been scanned

Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned

Scan process 'ltmoh.exe' - '1' Module(s) have been scanned

Scan process 'TvsTray.exe' - '1' Module(s) have been scanned

Scan process 'NDSTray.exe' - '1' Module(s) have been scanned

Scan process 'THotkey.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned

Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sdhelp.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'mbamservice.exe' - '1' Module(s) have been scanned

Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'aoltpspd.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'aoltsmon.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'acs.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

73 processes with 73 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '76' files ).

Starting the file scan:

Begin scan in 'C:\' <SQ003982P01>

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Program Files\Shared\lib.dll

[DETECTION] Is the TR/ExeDot.aez Trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\mst120.dll.vir

[DETECTION] Is the TR/Dldr.DlKroha.N.1 Trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\xwreg32.dll.vir

[DETECTION] Is the TR/Dldr.Calper.aet Trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir

[DETECTION] Is the TR/Vundo.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP361\A0126754.dll

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128605.dll

[DETECTION] Is the TR/ExeDot.aak Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128973.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128984.dll

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128985.sys

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128986.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128987.exe

[DETECTION] Is the TR/Dldr.FraudLo.sxm Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128998.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128999.dll

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0129000.sys

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0129002.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0129052.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP373\A0132178.dll

[DETECTION] Is the TR/Dldr.DlKroha.N.1 Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP373\A0132179.exe

[DETECTION] Is the TR/Vundo.Gen Trojan

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP373\A0132180.dll

[DETECTION] Is the TR/Dldr.Calper.aet Trojan

C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\avc.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\szkg.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

Beginning disinfection:

C:\Program Files\Shared\lib.dll

[DETECTION] Is the TR/ExeDot.aez Trojan

[NOTE] The file was moved to '4af76afe.qua'!

C:\Qoobox\Quarantine\C\WINDOWS\system32\mst120.dll.vir

[DETECTION] Is the TR/Dldr.DlKroha.N.1 Trojan

[NOTE] The file was moved to '4b096b08.qua'!

C:\Qoobox\Quarantine\C\WINDOWS\system32\xwreg32.dll.vir

[DETECTION] Is the TR/Dldr.Calper.aet Trojan

[NOTE] The file was moved to '4b076b0c.qua'!

C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '4b046b07.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP361\A0126754.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '4ac66ac6.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128605.dll

[DETECTION] Is the TR/ExeDot.aak Trojan

[NOTE] The file was moved to '4b57ffbf.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128973.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

[NOTE] The file was moved to '4b672877.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128984.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49a31a2f.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128985.sys

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49a01277.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128986.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

[NOTE] The file was moved to '49a1eabf.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128987.exe

[DETECTION] Is the TR/Dldr.FraudLo.sxm Trojan

[NOTE] The file was moved to '49aee287.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128998.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49affacf.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0128999.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49acfd17.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0129000.sys

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49adf55f.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0129002.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49aacda7.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP370\A0129052.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49abc5ef.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP373\A0132178.dll

[DETECTION] Is the TR/Dldr.DlKroha.N.1 Trojan

[NOTE] The file was moved to '49a8dc37.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP373\A0132179.exe

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was moved to '49a9d47f.qua'!

C:\System Volume Information\_restore{CF8A54B3-00DE-4AA7-AEA8-9EB54C29EA21}\RP373\A0132180.dll

[DETECTION] Is the TR/Dldr.Calper.aet Trojan

[NOTE] The file was moved to '49b6ac47.qua'!

C:\WINDOWS\system32\drivers\szkg.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

[NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\szkg]

[NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_szkg]

[NOTE] The file was moved to '4b006b10.qua'!

End of the scan: Wednesday, August 26, 2009 12:02

Used time: 52:09 Minute(s)

The scan has been done completely.

15175 Scanned directories

333251 Files were scanned

20 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

20 Files were moved to quarantine

0 Files were renamed

3 Files cannot be scanned

333228 Files not concerned

7338 Archives were scanned

3 Warnings

22 Notes

61564 Objects were scanned with rootkit scan

0 Hidden objects were found

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:16 PM, on 8/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe

C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\CMR\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden

O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://webgames.d.tmsrv.com/c=d26bbef8a529...web.1.0.0.9.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://mymail.ul.com/InternalSite/WhlCompMgr.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 10950 bytes

Link to post
Share on other sites

Hi,

I see you have already used Combofix as well. Please rerun it again and post the log.

Please disable your Avira while running Combofix.

ComboFix 09-08-26.03 - CMR 08/26/2009 13:50.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.196 [GMT -5:00]

Running from: c:\documents and settings\CMR\Desktop\cbf.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\proquota.exe . . . is missing!!

.

((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))

.

2009-08-26 15:52 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-26 15:52 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-26 15:52 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-26 15:52 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-26 15:52 . 2009-08-26 15:52 -------- d-----w- c:\program files\Avira

2009-08-26 15:52 . 2009-08-26 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-08-26 04:19 . 2009-08-26 04:23 -------- d-----w- C:\Lop SD

2009-08-25 22:55 . 2009-08-25 22:55 -------- d-----w- c:\documents and settings\CMR\Local Settings\Application Data\Downloaded Installations

2009-08-25 18:56 . 2009-08-25 19:13 7 ----a-w- c:\windows\system32\nar.bin

2009-08-25 18:18 . 2009-08-25 18:18 40960 ----a-w- c:\windows\system32\westkj.dll

2009-08-25 15:14 . 2009-08-25 15:14 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-25 15:13 . 2009-08-25 15:13 -------- d-----w- c:\program files\MSBuild

2009-08-25 15:13 . 2009-08-25 15:13 -------- d-----w- c:\program files\Reference Assemblies

2009-08-25 15:12 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-25 15:12 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-25 15:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-25 15:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-25 15:12 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-25 15:12 . 2009-08-25 15:13 -------- d-----w- C:\5607f525e9a51fc7d90ded4c67f552

2009-08-25 15:12 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-25 15:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-25 14:58 . 2009-08-25 14:58 -------- d-----w- c:\program files\MSXML 6.0

2009-08-19 16:08 . 2009-08-19 16:08 -------- d-----w- c:\program files\iPod

2009-08-19 16:07 . 2009-08-19 16:08 -------- d-----w- c:\program files\iTunes

2009-08-19 16:04 . 2009-08-19 16:05 -------- d-----w- c:\program files\QuickTime

2009-08-19 15:59 . 2009-08-19 15:59 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

2009-08-13 15:24 . 2009-08-13 15:24 -------- d-----w- c:\windows\ServicePackFiles

2009-08-12 18:56 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll

2009-08-06 13:36 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-06 13:36 . 2009-08-06 13:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-06 13:36 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-06 00:39 . 2009-08-26 17:02 -------- d-----w- c:\program files\Shared

2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-26 03:07 . 2009-02-28 06:48 38664 ----a-w- c:\documents and settings\CMR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-26 01:34 . 2006-12-22 02:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-26 00:03 . 2006-05-30 00:40 38664 ----a-w- c:\documents and settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-25 23:45 . 2005-11-05 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-08-25 23:45 . 2005-11-05 04:09 -------- d-----w- c:\program files\Viewpoint

2009-08-19 16:07 . 2007-12-28 23:49 -------- d-----w- c:\program files\Common Files\Apple

2009-08-05 09:11 . 2005-11-05 00:53 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-02 14:13 . 2008-12-27 19:14 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-19 18:16 . 2009-07-19 18:16 -------- d-----w- c:\documents and settings\CMR\Application Data\ScanSoft

2009-07-17 18:55 . 2005-11-05 00:52 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 15:08 . 2005-11-05 00:54 286720 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 15:59 . 2005-11-05 00:53 668160 ------w- c:\windows\system32\wininet.dll

2009-06-26 15:59 . 2005-11-05 00:52 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 08:17 . 2005-11-05 00:53 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:17 . 2005-11-05 00:53 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:17 . 2005-11-05 00:53 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:17 . 2005-11-05 00:52 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:17 . 2005-11-05 00:52 729600 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:17 . 2005-11-05 00:52 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-22 11:35 . 2005-11-05 00:52 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:55 . 2005-11-05 00:53 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:55 . 2005-11-05 00:52 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 11:50 . 2005-11-05 00:53 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2005-11-05 00:52 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2005-11-05 00:53 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2005-11-05 02:26 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:27 . 2005-11-05 00:53 1290752 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-26_03.51.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2009-08-26 15:52 . 2009-05-11 15:12 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2009-08-26 15:50 . 2009-08-26 15:50 228352 c:\windows\Installer\51d163.msi

+ 2009-08-26 14:00 . 2009-08-26 14:00 972800 c:\windows\Installer\1f1e2.msi

+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2008-08-30 01:06 . 2008-08-30 01:06 1350664 c:\windows\system32\msxml6.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-02 95800]

"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]

"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-19 188416]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-11-10 15473664]

"NDSTray.exe"="NDSTray.exe" [bU]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]

"TFncKy"="TFncKy.exe" [bU]

"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

"CFSServ.exe"="CFSServ.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/26/2009 10:52 AM 108289]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/6/2009 8:36 AM 232720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/6/2009 8:36 AM 19096]

S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [10/7/2007 9:24 PM 423576]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-14 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Stephanie.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-08-06 18:36]

2009-07-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for Stephanie.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-08-06 18:36]

2006-05-30 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 12:00]

2006-05-30 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 12:00]

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-szkg.sys

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net/

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://webgames.d.tmsrv.com/c=d26bbef8a5293c083415610405d2bfbf/aff=t_03cm_wg/p/release/playfirst/wg_dreamchronicles/dreamchronicles/dreamweb.1.0.0.9.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 13:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(17940)

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

Completion time: 2009-08-26 14:03

ComboFix-quarantined-files.txt 2009-08-26 19:03

ComboFix2.txt 2009-08-26 04:02

Pre-Run: 18,079,215,616 bytes free

Post-Run: 18,279,301,120 bytes free

238 --- E O F --- 2009-08-26 14:01

Link to post
Share on other sites

  • Staff

Hi,

I see a system file is missing here. Proquota.exe

Since your Windows need to be updated anyway, the update will restore the missing file again.

But that's for afterwards

Please navigate to and delete the following files:

c:\windows\system32\westkj.dll

c:\windows\system32\nar.bin <== before you delete this one, please rightclick it first and select to open with notepad. This because this file may contain passwords and other info being collected from your pc and sent further. So you see what passwords you have to change IF listed ofcourse.

Then, * Go to start > run and copy and paste next command in the field:

"c:\documents and settings\CMR\Desktop\cbf.exe" /u

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

Hi,

I see a system file is missing here. Proquota.exe

Since your Windows need to be updated anyway, the update will restore the missing file again.

But that's for afterwards

Please navigate to and delete the following files:

c:\windows\system32\westkj.dll

c:\windows\system32\nar.bin <== before you delete this one, please rightclick it first and select to open with notepad. This because this file may contain passwords and other info being collected from your pc and sent further. So you see what passwords you have to change IF listed ofcourse.

Then, * Go to start > run and copy and paste next command in the field:

"c:\documents and settings\CMR\Desktop\cbf.exe" /u

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

I no longer see rootkit.agent.h & trojan.agent.

Link to post
Share on other sites

  • Staff

Good to hear :D

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.