Jump to content

Recommended Posts

After downloading an MP3 off the internet I'm experiencing dialog played in the background. They are advertisements but only the audio.

GMER wouldn't run.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6827

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/10/2011 2:48:04 PM

mbam-log-2011-06-10 (14-48-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 410489

Time elapsed: 3 hour(s), 35 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25

Run by Owner at 17:28:41 on 2011-06-10

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1430 [GMT -4:00]

.

AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [sUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [synTPEnh] "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"

mRun: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

mRun: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [smartFaceVWatcher] "%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"

mRun: [TosSENotify] "c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [AVG_TRAY] "c:\program files\avg\avg10\avgtray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe"

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{998F275E-833F-4852-B33C-FC360DAB476C} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297}\46C696E6B60313 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297}\46C696E6B60313 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297}\C696E6B6379737 : DhcpNameServer = 65.32.5.111 65.32.5.112

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos~1.dll c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sonl80lz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\msn toolbar\platform\5.0.1384.0\npwinext.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sonl80lz.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-5-2 19088]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-6-1 122360]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-23 7680]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-10-23 24064]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-3-26 136832]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2011-06-07 10:13:00 -------- d-----w- c:\windows\system32\SPReview

2011-06-05 17:29:04 272 ----a-w- c:\windows\system32\drivers\sfi.dat

2011-06-05 17:27:50 -------- d-----w- c:\program files\COMODO

2011-06-05 13:41:08 -------- d-----w- c:\program files\CCleaner

2011-06-05 13:29:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-05 13:29:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-05 12:54:37 -------- d-----w- c:\programdata\Comodo

2011-06-05 08:49:57 36065608 ----a-w- C:\cispremium_installer_x86.exe

2011-06-02 11:29:45 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-02 07:17:39 -------- d-----w- c:\programdata\Webroot

2011-06-01 23:51:48 -------- d-----w- c:\users\owner\appdata\local\Sophos

2011-06-01 23:41:18 -------- d-----w- c:\programdata\Sophos Web Intelligence

2011-06-01 23:40:34 -------- d-----w- c:\program files\common files\Cisco Systems

2011-06-01 23:40:24 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe

2011-06-01 23:40:12 -------- d-----w- c:\programdata\Sophos

2011-06-01 23:40:12 -------- d-----w- c:\program files\Sophos

2011-06-01 23:37:09 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys

2011-06-01 23:37:08 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys

2011-06-01 23:36:52 -------- d-----w- C:\savw_95_sa

2011-05-21 21:53:39 -------- d-----w- c:\windows\system32\EventProviders

2011-05-19 23:16:29 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-15 18:43:22 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-05-15 18:43:21 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-05-15 18:43:21 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-05-15 18:43:20 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-05-15 18:43:15 153088 ----a-w- c:\windows\system32\unrar3.dll

2011-05-15 18:43:01 -------- d-----w- c:\users\owner\appdata\roaming\Simply Super Software

2011-05-15 18:43:01 -------- d-----w- c:\programdata\Simply Super Software

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-03 00:36:44 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-03 00:36:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-03 00:36:42 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll

2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-30 21:17:06 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-03-21 17:22:06 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2011-03-21 17:22:06 362600 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2011-03-21 17:22:06 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

.

============= FINISH: 17:33:12.43 ===============

Link to post
Share on other sites

  • Replies 102
  • Created
  • Last Reply

Top Posters In This Topic

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

Looks like you're running 3 anti-virus programs.

AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove 2 of the 3

After the above:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

The infection was playing audio in the background, it seemed like it was off a video but there was no video just the audio. A small window pops up connected to the task bar and in that window it say "high risk website blocked" and it gives an IP address the one I copied down was 184.154.163.197 and it states that Mal/HTMLGen-A was found on it.

When I try to load websites it will redirect me to websites that have poor ratings and Firefox tells me I should leave the website. I can't click the new tab button on Firefox is another thing I've noticed.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6840

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/12/2011 11:32:54 AM

mbam-log-2011-06-12 (11-32-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 405525

Time elapsed: 2 hour(s), 39 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I ran the GooredFix. It came back with a wordpad document I'm not sure if you want that.

As for TDSSKiller I download it, extracted to the desktop and tried to run it. A window pops up says it wants to make changes to the computer I click yes. Nothing happened. I redownloaded extracted to the desktop and a folder on the desktop and it still doesn't seem to load all I get is prompt and I click yes and it closes and nothing further happens.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

This one ran fine.

Is it okay that I am in safe mode with networking for this one? I was in the normal boot for the one that wouldn't load and tried it in safemode too. So I just started working from it for combofix. Also! When I reboot window always tries to update two updates when I reboot and when I turn on the computer and load windows it says that the updates failed.

ComboFix 11-06-11.01 - Owner 06/12/2011 14:15:37.1.2 - x86 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1625 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))

.

.

2011-06-12 18:12 . 2011-06-12 18:12 -------- d-----w- C:\32788R22FWJFW

2011-06-12 17:47 . 2011-06-12 17:33 1437488 ----a-w- C:\TDSSKiller.exe

2011-06-12 17:45 . 2011-06-12 17:46 -------- d-----w- c:\users\Owner\AppData\Local\Adobe

2011-06-11 21:31 . 2011-06-11 21:31 -------- d-----w- c:\windows\system32\SPReview

2011-06-11 15:44 . 2011-06-11 15:44 -------- d-----w- c:\windows\CheckSur

2011-06-05 18:36 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-06-05 18:32 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-05 17:29 . 2011-06-05 17:29 272 ----a-w- c:\windows\system32\drivers\sfi.dat

2011-06-05 13:29 . 2011-06-09 15:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-05 13:29 . 2011-06-05 13:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-05 08:49 . 2011-06-04 20:43 36065608 ----a-w- C:\cispremium_installer_x86.exe

2011-06-02 11:29 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-02 07:17 . 2011-06-02 07:18 -------- d-----w- c:\programdata\Webroot

2011-06-01 23:51 . 2011-06-01 23:51 -------- d-----w- c:\users\Owner\AppData\Local\Sophos

2011-06-01 23:41 . 2011-06-01 23:41 -------- d-----w- c:\programdata\Sophos Web Intelligence

2011-06-01 23:40 . 2011-06-01 23:40 -------- d-----w- c:\program files\Common Files\Cisco Systems

2011-06-01 23:40 . 2010-07-23 17:31 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe

2011-06-01 23:40 . 2011-06-01 23:50 -------- d-----w- c:\programdata\Sophos

2011-06-01 23:40 . 2011-06-01 23:50 -------- d-----w- c:\program files\Sophos

2011-06-01 23:37 . 2010-03-03 01:33 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys

2011-06-01 23:37 . 2010-10-08 18:14 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys

2011-06-01 23:36 . 2011-06-01 23:37 -------- d-----w- C:\savw_95_sa

2011-05-21 21:53 . 2011-05-21 21:53 -------- d-----w- c:\windows\system32\EventProviders

2011-05-19 23:16 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-15 19:36 . 2011-05-15 19:36 -------- d-----w- c:\windows\Sun

2011-05-15 18:43 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2011-05-15 18:43 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2011-05-15 18:43 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2011-05-15 18:43 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2011-05-15 18:43 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2011-05-15 18:43 . 2011-05-15 18:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Simply Super Software

2011-05-15 18:43 . 2011-05-15 18:43 -------- d-----w- c:\programdata\Simply Super Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-04-26 02:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-18 13:15 . 2011-04-26 00:44 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2873ACFE-4094-45DD-95BF-095E63C6408A}\mpengine.dll

2011-04-14 09:07 . 2010-07-04 16:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-21 23:33 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-21 17:22 . 2011-03-21 17:22 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2011-03-21 17:22 . 2011-03-21 17:22 362600 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2011-03-21 17:22 . 2009-10-24 02:48 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-15 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO

"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" /minimized

"Steam"="c:\program files\Steam\Steam.exe" -silent

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"<NO NAME>"=

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"IgfxTray"="c:\windows\system32\igfxtray.exe"

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe"

"Persistence"="c:\windows\system32\igfxpers.exe"

"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe"

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe"

"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-14 97520]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [2008-03-26 136832]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-03-03 22536]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-09 691696]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:54]

.

2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A93531BC-A1C0-499F-B31C-33213C16F297}\46C696E6B60313: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sonl80lz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-12 14:23:42

ComboFix-quarantined-files.txt 2011-06-12 18:23

.

Pre-Run: 212,026,699,776 bytes free

Post-Run: 211,791,024,128 bytes free

.

- - End Of File - - D4745BEB83CACA79662E2892B73DAA79

Link to post
Share on other sites

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove if listed:

Ask.com

Now do this:

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Reboot and let me know if the Windows Updates are working

Link to post
Share on other sites

There are still High risk websites blocked I thought they were gone but I am still getting the pop up in the cornor. There was only an ask toolbar to delete. So I unistalled it. For some reason I had two Iexplore.exe running and I had to close the process tree so it would uninstall. I'm not sure how they were started and am concerned. The windows updates did not happen. Nothing updated it just went to a regular reboot.

Link to post
Share on other sites

Nope. Nothing. Still have the high risk website blocked. I'm going to try to load the updates on the reboot. And I am still getting redirected from websites to unsafe ones.

There are two updates to install. As it was trying to configure it got to 35% and then said it failure to configure.

Link to post
Share on other sites

A bubble just like the High Risk Website pops up. It was Threat detected by Sophos

'Adware or Pua' NirCmd has been detected and moved to quarantine

I know you said to disable the antivirus and antispyware and I had thought Sophos had been turned off. I'm looking to try and diable it and I can't figure out how.

Combofix was running and was stopped when Sophos detected it So I just need to disable it and I am not sure how.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.