View Full Version : Fraud.InternetSecurity2011
Hello,
Last week my Netbook was infected by one of the variants of Win 7 Home Security after visiting a website which I have regularly visited before without being infected. I was not able to browse to webpages and several messages popped up in the taskbar. I followed the instructions on the following website to remove the infection: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011. Afterwards I scanned with Spybot S&D as well as with Malwarebytes' Anti Malware, and both scans came up clean. I was again able to browse to webpages and there were no longer pop-ups.
Today I scanned again with Spybot S&D and it found the following infection: Fraud.InternetSecurity2011. I am still able to browse and there are no pop-ups.
I would greatly appreciate any help in removing this infection. Please find the results of the Spybot S&D scan and DDS.txt log below.
Husky_
--------------------------------------------------------------------------
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, nothing done)
C:\Users\Dieter\AppData\Local\dnk.exe
Properties.size=335872
Properties.md5=0BA3FB8171D7F60B2FD1C8187B69F721
Properties.filedate=1301416442
Properties.filedatetext=2011-03-29 17:34:02
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, nothing done)
C:\Users\Dieter\AppData\Local\fsx.exe
Properties.size=335872
Properties.md5=0BA3FB8171D7F60B2FD1C8187B69F721
Properties.filedate=1301416426
Properties.filedatetext=2011-03-29 17:33:46
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, nothing done)
C:\Users\Dieter\AppData\Local\gre.exe
Properties.size=335872
Properties.md5=0BA3FB8171D7F60B2FD1C8187B69F721
Properties.filedate=1301416443
Properties.filedatetext=2011-03-29 17:34:02
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, nothing done)
C:\Users\Dieter\AppData\Local\lud.exe
Properties.size=335872
Properties.md5=0BA3FB8171D7F60B2FD1C8187B69F721
Properties.filedate=1301416428
Properties.filedatetext=2011-03-29 17:33:47
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, nothing done)
C:\Users\Dieter\AppData\Local\mvt.exe
Properties.size=335872
Properties.md5=0BA3FB8171D7F60B2FD1C8187B69F721
Properties.filedate=1301416442
Properties.filedatetext=2011-03-29 17:34:02
Fraud.InternetSecurity2011: [SBI $75AFFB3E] Executable (File, nothing done)
C:\Users\Dieter\AppData\Local\psu.exe
Properties.size=335872
Properties.md5=0BA3FB8171D7F60B2FD1C8187B69F721
Properties.filedate=1301416429
Properties.filedatetext=2011-03-29 17:33:48
Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-03-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-05 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-04-06 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--------------------------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dieter at 19:06:27.59 on 07/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.312 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\Dieter\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {12FB4F37-C77A-4FEC-9919-0A2E572F53BF} = 10.206.65.68 10.206.65.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\pfk4j8za.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content
FF - component: c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\pfk4j8za.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Full Fullscreen: {bfe3406c-6f31-4789-86d5-efa50e12c9eb} - %profile%\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
FF - Ext: Add Bookmark Here ˛: abhere2@moztw.org - %profile%\extensions\abhere2@moztw.org
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Toolbar Buttons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - %profile%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Pimpoflage: pimpoflage@ffpimp.com - %profile%\extensions\pimpoflage@ffpimp.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-29 64512]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-29 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-29 301528]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-29 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-29 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-29 42184]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-4-6 189808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-8-18 8704]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-10-24 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-10-24 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-3-31 685424]
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [2010-5-20 61952]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-3-31 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-3-31 194048]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-29 1405384]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-3-31 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-24 189984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-20 277536]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-2-11 124368]
.
=============== Created Last 30 ================
.
2011-04-07 15:28:27 -------- d-----w- c:\users\dieter\appdata\roaming\Disk Cleaner
2011-03-31 20:32:53 -------- d-----w- c:\users\dieter\appdata\roaming\FLEXnet
2011-03-31 20:25:27 -------- d-----w- c:\users\dieter\appdata\roaming\Vodafone
2011-03-31 20:25:07 194048 ----a-w- c:\windows\system32\drivers\ZTEusbwwan.sys
2011-03-31 20:25:06 105856 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2011-03-31 20:25:02 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-03-31 20:24:58 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-03-31 20:24:56 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-03-31 20:24:55 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-03-31 20:24:09 -------- d-----w- c:\progra~2\Vodafone
2011-03-31 20:24:00 -------- d-----w- c:\program files\Vodafone
2011-03-31 20:22:56 -------- d-----w- c:\users\dieter\appdata\local\{F3E8BCCE-24B6-4737-920E-0D6073630E2A}
2011-03-29 22:41:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-29 22:41:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-29 22:41:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-29 22:41:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-29 22:41:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-29 22:27:36 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-29 22:23:29 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-29 22:23:27 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-03-29 22:23:26 314368 ----a-w- c:\windows\system32\webio.dll
2011-03-29 22:23:11 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-29 22:23:11 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-29 22:23:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-03-29 22:23:09 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-03-29 22:23:04 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-03-29 22:23:02 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-29 22:21:59 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-29 22:19:50 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-03-29 22:19:06 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-29 22:15:22 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-03-29 22:15:22 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-29 22:15:22 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-03-29 22:14:56 101760 ----a-w- c:\windows\system32\consent.exe
2011-03-29 21:45:03 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-29 21:45:03 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 21:44:35 40648 ----a-w- c:\windows\avastSS.scr
2011-03-29 21:44:27 -------- d-----w- c:\program files\AVAST Software
2011-03-29 21:44:27 -------- d-----w- c:\progra~2\AVAST Software
2011-03-29 21:27:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-29 21:21:19 -------- dc-h--w- c:\progra~2\{E45B1D3E-BC46-46CA-AC1B-16932832F73E}
2011-03-29 21:20:54 -------- d-----w- c:\program files\Lavasoft
2011-03-29 19:20:56 -------- d-----w- c:\users\dieter\appdata\roaming\KeePass
2011-03-29 19:18:37 -------- d-----w- c:\program files\KeePass Password Safe
2011-03-29 18:23:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 18:23:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-29 17:42:20 -------- d-----w- c:\users\dieter\appdata\roaming\Malwarebytes
2011-03-29 17:42:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 17:42:14 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-29 17:42:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 17:42:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 16:34:02 335872 --sha-w- c:\users\dieter\appdata\local\mvt.exe
2011-03-29 16:34:02 335872 --sha-w- c:\users\dieter\appdata\local\gre.exe
2011-03-29 16:34:02 335872 --sha-w- c:\users\dieter\appdata\local\dnk.exe
2011-03-29 16:33:48 335872 --sha-w- c:\users\dieter\appdata\local\psu.exe
2011-03-29 16:33:47 335872 --sha-w- c:\users\dieter\appdata\local\lud.exe
2011-03-29 16:33:46 335872 --sha-w- c:\users\dieter\appdata\local\fsx.exe
2011-03-26 10:27:05 -------- d-----w- c:\program files\CleanUp!
2011-03-26 10:26:53 -------- d-----w- c:\program files\Disk Cleaner
2011-03-26 10:26:19 -------- d-----w- c:\program files\CCleaner
2011-03-24 18:53:39 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-24 18:49:57 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc18C1.tmp
2011-03-24 18:46:53 14744 ----a-w- c:\users\dieter\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-03-24 18:46:33 -------- d-----w- c:\users\dieter\Tracing
2011-03-23 17:50:31 -------- d-----w- c:\users\dieter\appdata\local\CutePDF Writer
2011-03-23 08:14:01 -------- d-----w- c:\program files\GPLGS
2011-03-23 08:13:41 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-03-23 08:13:40 -------- d-----w- c:\program files\Acro Software
2011-03-22 18:38:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
2011-03-22 07:56:33 -------- d-----w- c:\program files\SyncToy 2.1
2011-03-20 16:06:27 -------- d-----w- c:\users\dieter\appdata\local\Thunderbird
2011-03-20 14:58:21 -------- d-----w- c:\program files\SopCast
2011-03-12 12:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-09 06:31:28 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-03-09 06:31:27 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-09 06:31:27 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-09 06:31:27 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-09 06:31:27 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-09 06:31:26 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-09 06:31:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-09 06:28:09 -------- d-----w- c:\progra~2\DivX
.
==================== Find3M ====================
.
.
============= FINISH: 19:12:35.27 ===============
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi Blade81, many thanks for your reply!
Which damage can be caused by running Combofix?
Hi,
That warning is mainly for those people who read the topic and try to follow instructions given to the thread owner only (in this case someone else than you). Please familiarize yourself with ComboFix tutorial.
ComboFix 11-04-11.04 - Dieter 12/04/2011 21:50:35.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.391 [GMT 1:00]
Running from: c:\users\Dieter\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 21:03 . 2011-04-12 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-12 21:03 . 2011-04-12 21:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-10 11:25 . 2011-04-10 11:51 -------- d-----w- c:\users\Dieter\AppData\Roaming\Mp3tag
2011-04-10 11:22 . 2011-04-10 11:22 -------- d-----w- c:\program files\Mp3tag
2011-04-09 12:25 . 2011-04-09 12:25 -------- d-----w- c:\programdata\RL Vision
2011-04-09 12:24 . 2010-02-02 18:18 106496 ----a-w- c:\windows\system32\FlashRenHelper.dll
2011-04-09 12:24 . 2006-05-28 12:59 28672 ----a-w- c:\windows\system32\FolderWatcher.dll
2011-04-09 12:24 . 1998-06-23 22:00 164144 ----a-w- c:\windows\system32\COMCT232.ocx
2011-04-09 12:24 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-04-09 12:24 . 2004-03-08 22:00 609824 ----a-w- c:\windows\system32\COMCTL32.ocx
2011-04-09 12:24 . 2004-03-08 22:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-04-09 12:24 . 2011-04-09 12:24 -------- d-----w- c:\program files\Flash Renamer
2011-04-08 07:54 . 1999-12-31 16:00 167704 ----a-w- c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-04-08 07:54 . 2011-04-08 07:54 -------- d-----w- c:\program files\Tracker Software
2011-04-07 15:28 . 2011-04-07 15:29 -------- d-----w- c:\users\Dieter\AppData\Roaming\Disk Cleaner
2011-03-31 20:32 . 2011-03-31 20:32 -------- d-----w- c:\users\Dieter\AppData\Roaming\FLEXnet
2011-03-31 20:25 . 2011-03-31 20:25 -------- d-----w- c:\users\Dieter\AppData\Roaming\Vodafone
2011-03-31 20:25 . 2010-08-11 10:44 194048 ----a-w- c:\windows\system32\drivers\ZTEusbwwan.sys
2011-03-31 20:25 . 2010-08-11 10:44 105856 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2011-03-31 20:25 . 2010-08-11 10:44 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-03-31 20:24 . 2010-08-11 10:44 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-03-31 20:24 . 2010-08-11 10:44 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-03-31 20:24 . 2010-08-11 10:44 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-03-31 20:24 . 2011-03-31 20:24 -------- d-----w- c:\programdata\Vodafone
2011-03-31 20:24 . 2011-03-31 20:24 -------- d-----w- c:\programdata\FLEXnet
2011-03-31 20:24 . 2011-03-31 20:24 -------- d-----w- c:\program files\Vodafone
2011-03-31 20:22 . 2011-03-31 20:22 -------- d-----w- c:\users\Dieter\AppData\Local\{F3E8BCCE-24B6-4737-920E-0D6073630E2A}
2011-03-29 22:41 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-29 22:41 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-29 22:41 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-29 22:41 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-29 22:41 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-29 22:27 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-29 22:23 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-29 22:23 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-29 22:23 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2011-03-29 22:23 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-29 22:23 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-29 22:23 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-03-29 22:23 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-03-29 22:23 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-03-29 22:23 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-29 22:21 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-29 22:19 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-03-29 22:19 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-29 22:15 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-29 22:15 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-03-29 22:15 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-03-29 22:14 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-03-29 21:45 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-29 21:45 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-29 21:45 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-29 21:45 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-29 21:45 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 21:45 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-29 21:44 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-29 21:44 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-29 21:44 . 2011-03-29 21:44 -------- d-----w- c:\programdata\AVAST Software
2011-03-29 21:44 . 2011-03-29 21:44 -------- d-----w- c:\program files\AVAST Software
2011-03-29 21:27 . 2011-03-29 21:27 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-29 21:27 . 2011-03-29 07:05 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-29 21:21 . 2011-03-29 21:21 -------- dc-h--w- c:\programdata\{E45B1D3E-BC46-46CA-AC1B-16932832F73E}
2011-03-29 21:20 . 2011-03-29 21:21 -------- d-----w- c:\programdata\Lavasoft
2011-03-29 21:20 . 2011-03-29 21:20 -------- d-----w- c:\program files\Lavasoft
2011-03-29 19:20 . 2011-03-29 19:20 -------- d-----w- c:\users\Dieter\AppData\Roaming\KeePass
2011-03-29 19:18 . 2011-03-29 19:18 -------- d-----w- c:\program files\KeePass Password Safe
2011-03-29 18:23 . 2011-04-07 15:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-29 18:23 . 2011-03-29 18:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 17:42 . 2011-03-29 17:42 -------- d-----w- c:\users\Dieter\AppData\Roaming\Malwarebytes
2011-03-29 17:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 17:42 . 2011-03-29 17:42 -------- d-----w- c:\programdata\Malwarebytes
2011-03-29 17:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 17:42 . 2011-03-29 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 10:27 . 2011-03-26 10:27 -------- d-----w- c:\program files\CleanUp!
2011-03-26 10:26 . 2011-03-26 10:26 -------- d-----w- c:\program files\Disk Cleaner
2011-03-26 10:26 . 2011-03-26 10:26 -------- d-----w- c:\program files\CCleaner
2011-03-24 18:53 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-24 18:49 . 2011-03-24 18:50 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc18C1.tmp
2011-03-24 18:46 . 2011-03-26 15:31 -------- d-----w- c:\users\Dieter\Tracing
2011-03-23 17:50 . 2011-04-12 19:53 -------- d-----w- c:\users\Dieter\AppData\Local\CutePDF Writer
2011-03-23 08:14 . 2011-03-23 08:14 -------- d-----w- c:\program files\GPLGS
2011-03-23 08:13 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-03-23 08:13 . 2011-03-23 08:13 -------- d-----w- c:\program files\Acro Software
2011-03-22 18:38 . 2011-03-22 18:38 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-03-22 07:56 . 2011-03-22 07:56 -------- d-----w- c:\program files\SyncToy 2.1
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-03-20 16:06 . 2011-03-20 16:06 -------- d-----w- c:\users\Dieter\AppData\Roaming\Thunderbird
2011-03-20 16:06 . 2011-03-20 16:06 -------- d-----w- c:\users\Dieter\AppData\Local\Thunderbird
2011-03-20 16:05 . 2011-03-20 16:05 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-03-20 14:58 . 2011-03-20 14:58 -------- d-----w- c:\program files\SopCast
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 08:00 . 2011-03-09 06:31 80896 ----a-w- c:\windows\system32\ff_vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-13 8555040]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-08-18 272384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-23 00:24 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-09 00:23 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2010-04-19 12:40 136136 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-24 00:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-29 1405384]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-08-11 9216]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 685424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-29 64512]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 189808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-08-18 8704]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [2010-05-20 61952]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-08-11 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-08-11 194048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://toshiba.msn.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: {12FB4F37-C77A-4FEC-9919-0A2E572F53BF} = 10.203.65.68 10.203.65.68
FF - ProfilePath - c:\users\Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\pfk4j8za.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Full Fullscreen: {bfe3406c-6f31-4789-86d5-efa50e12c9eb} - %profile%\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
FF - Ext: Add Bookmark Here ˛: abhere2@moztw.org - %profile%\extensions\abhere2@moztw.org
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Toolbar Buttons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - %profile%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Pimpoflage: pimpoflage@ffpimp.com - %profile%\extensions\pimpoflage@ffpimp.com
FF - Ext: Simple Clocks: simpleClocks@grbradt.org - %profile%\extensions\simpleClocks@grbradt.org
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-04-12 22:20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 21:20
ComboFix2.txt 2011-04-12 20:18
.
Pre-Run: 100,010,786,816 bytes free
Post-Run: 99,959,283,712 bytes free
.
- - End Of File - - C34BDDC3174F8A0C9556764577AE5C41
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dieter at 22:27:52.47 on 12/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.226 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
D:\PC\Netbook\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {12FB4F37-C77A-4FEC-9919-0A2E572F53BF} = 10.203.65.68 10.203.65.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\pfk4j8za.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content
FF - component: c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\pfk4j8za.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Full Fullscreen: {bfe3406c-6f31-4789-86d5-efa50e12c9eb} - %profile%\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
FF - Ext: Add Bookmark Here ˛: abhere2@moztw.org - %profile%\extensions\abhere2@moztw.org
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Toolbar Buttons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - %profile%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Pimpoflage: pimpoflage@ffpimp.com - %profile%\extensions\pimpoflage@ffpimp.com
FF - Ext: Simple Clocks: simpleClocks@grbradt.org - %profile%\extensions\simpleClocks@grbradt.org
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-29 64512]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-29 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-29 301528]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-29 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-29 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-29 42184]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-4-6 189808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-8-18 8704]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-10-24 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-10-24 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [2010-5-20 61952]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-3-31 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-3-31 194048]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-29 1405384]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-3-31 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-24 189984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-20 277536]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-2-11 124368]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-3-31 685424]
.
=============== Created Last 30 ================
.
2011-04-12 21:05:39 -------- d-----w- C:\$RECYCLE.BIN
2011-04-12 20:48:32 -------- d-----w- C:\ComboFix
2011-04-12 19:57:10 98816 ----a-w- c:\windows\sed.exe
2011-04-12 19:57:10 89088 ----a-w- c:\windows\MBR.exe
2011-04-12 19:57:10 256512 ----a-w- c:\windows\PEV.exe
2011-04-12 19:57:10 161792 ----a-w- c:\windows\SWREG.exe
2011-04-10 11:25:26 -------- d-----w- c:\users\dieter\appdata\roaming\Mp3tag
2011-04-10 11:22:09 -------- d-----w- c:\program files\Mp3tag
2011-04-09 12:25:11 -------- d-----w- c:\progra~2\RL Vision
2011-04-09 12:24:49 28672 ----a-w- c:\windows\system32\FolderWatcher.dll
2011-04-09 12:24:49 164144 ----a-w- c:\windows\system32\COMCT232.ocx
2011-04-09 12:24:49 106496 ----a-w- c:\windows\system32\FlashRenHelper.dll
2011-04-09 12:24:48 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-04-09 12:24:48 609824 ----a-w- c:\windows\system32\COMCTL32.ocx
2011-04-09 12:24:48 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-04-09 12:24:45 -------- d-----w- c:\program files\Flash Renamer
2011-04-08 07:54:37 167704 ----a-w- c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
2011-04-08 07:54:25 -------- d-----w- c:\program files\Tracker Software
2011-04-07 15:28:27 -------- d-----w- c:\users\dieter\appdata\roaming\Disk Cleaner
2011-03-31 20:32:53 -------- d-----w- c:\users\dieter\appdata\roaming\FLEXnet
2011-03-31 20:25:27 -------- d-----w- c:\users\dieter\appdata\roaming\Vodafone
2011-03-31 20:25:07 194048 ----a-w- c:\windows\system32\drivers\ZTEusbwwan.sys
2011-03-31 20:25:06 105856 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2011-03-31 20:25:02 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-03-31 20:24:58 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-03-31 20:24:56 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-03-31 20:24:55 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-03-31 20:24:09 -------- d-----w- c:\progra~2\Vodafone
2011-03-31 20:24:00 -------- d-----w- c:\program files\Vodafone
2011-03-31 20:22:56 -------- d-----w- c:\users\dieter\appdata\local\{F3E8BCCE-24B6-4737-920E-0D6073630E2A}
2011-03-29 22:41:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-29 22:41:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-29 22:41:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-29 22:41:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-29 22:41:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-29 22:27:36 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-29 22:23:29 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-29 22:23:27 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-03-29 22:23:26 314368 ----a-w- c:\windows\system32\webio.dll
2011-03-29 22:23:11 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-29 22:23:11 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-29 22:23:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-03-29 22:23:09 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-03-29 22:23:04 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-03-29 22:23:02 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-29 22:21:59 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-29 22:19:50 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-03-29 22:19:06 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-29 22:15:22 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-03-29 22:15:22 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-29 22:15:22 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-03-29 22:14:56 101760 ----a-w- c:\windows\system32\consent.exe
2011-03-29 21:45:03 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-29 21:45:03 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 21:44:35 40648 ----a-w- c:\windows\avastSS.scr
2011-03-29 21:44:27 -------- d-----w- c:\program files\AVAST Software
2011-03-29 21:44:27 -------- d-----w- c:\progra~2\AVAST Software
2011-03-29 21:27:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-29 21:21:19 -------- dc-h--w- c:\progra~2\{E45B1D3E-BC46-46CA-AC1B-16932832F73E}
2011-03-29 21:20:54 -------- d-----w- c:\program files\Lavasoft
2011-03-29 19:20:56 -------- d-----w- c:\users\dieter\appdata\roaming\KeePass
2011-03-29 19:18:37 -------- d-----w- c:\program files\KeePass Password Safe
2011-03-29 18:23:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 18:23:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-29 17:42:20 -------- d-----w- c:\users\dieter\appdata\roaming\Malwarebytes
2011-03-29 17:42:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 17:42:14 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-29 17:42:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 17:42:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 10:27:05 -------- d-----w- c:\program files\CleanUp!
2011-03-26 10:26:53 -------- d-----w- c:\program files\Disk Cleaner
2011-03-26 10:26:19 -------- d-----w- c:\program files\CCleaner
2011-03-24 18:53:39 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-24 18:49:57 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc18C1.tmp
2011-03-24 18:46:53 14744 ----a-w- c:\users\dieter\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-03-24 18:46:33 -------- d-----w- c:\users\dieter\Tracing
2011-03-23 17:50:31 -------- d-----w- c:\users\dieter\appdata\local\CutePDF Writer
2011-03-23 08:14:01 -------- d-----w- c:\program files\GPLGS
2011-03-23 08:13:41 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-03-23 08:13:40 -------- d-----w- c:\program files\Acro Software
2011-03-22 18:38:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
2011-03-22 07:56:33 -------- d-----w- c:\program files\SyncToy 2.1
2011-03-20 16:06:27 -------- d-----w- c:\users\dieter\appdata\local\Thunderbird
2011-03-20 14:58:21 -------- d-----w- c:\program files\SopCast
.
==================== Find3M ====================
.
2011-02-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
.
============= FINISH: 22:33:18.73 ===============
Hi,
Please post attach.txt contents too.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 01/03/2011 21:08:05
System Uptime: 12/04/2011 22:23:04 (0 hours ago)
.
Motherboard: TOSHIBA | | NPVAA DDR3
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | U2E1 | 1316/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 93.162 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 25.867 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 29/03/2011 22:44:02 - avast! Free Antivirus Setup
RP8: 29/03/2011 23:23:41 - Windows Update
RP9: 30/03/2011 07:13:12 - Windows Update
RP10: 31/03/2011 21:23:05 - ##IDS_ERROR_1715##
RP11: 12/04/2011 20:57:35 - ComboFix created restore point
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Advertising Center
Amazon.co.uk
Atheros Driver Installation Program
avast! Free Antivirus
Bejeweled 2 Deluxe
Bluetooth Stack for Windows by Toshiba
CCleaner
Chuzzle Deluxe
CleanUp!
CutePDF Writer 2.8
Diner Dash 2 Restaurant Rescue
Disk Cleaner (remove only)
eBay
FATE
Flash Renamer 6.5
FoxyTunes for Firefox
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 17
Jewel Quest II
Junk Mail filter update
K-Lite Mega Codec Pack 7.0.0
KeePass Password Safe 1.18
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (3.1.9)
Mp3tag v2.48
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Nero 9 Essentials
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero RescueAgent
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
PDF-Viewer
Penguins!
Photo Service - powered by myphotobook
Picasa 3
Plants vs. Zombies
Polar Bowler
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RocketDock 1.3.5
Skype Toolbars
Skype™ 4.2
SopCast 3.3.2
Spybot - Search & Destroy
Synaptics Pointing Device Driver
SyncToy 2.1 (x86)
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Sync Utility
Toshiba TEMPRO
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Utility Common Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
Vodafone Mobile Broadband Lite
WildTangent Games
WildTangent ORB Game Console
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/04/2011 21:56:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/04/2011 19:56:59, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
12/04/2011 19:55:59, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/04/2011 19:55:59, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/04/2011 19:35:56, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
12/04/2011 19:33:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
09/04/2011 15:14:51, Error: Microsoft-Windows-RasSstp [1] - CoId={82D33CCB-FEEB-41A2-A9E6-4383C355C6A6}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
09/04/2011 15:14:48, Error: Microsoft-Windows-RasSstp [1] - CoId={1CCD14B1-C3C8-4909-A4FD-E18D932E35E8}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
06/04/2011 22:44:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
06/04/2011 17:16:10, Error: RasMan [20276] - CoId={281F267B-0A23-4FF8-B7C4-40C81996D1C5}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: VPN3-1 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
.
==== End Of File ===========================
Hi again,
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report & a fresh dds.txt log. Any symptoms present?
No, I have had no symptons since following the instructions on Bleeping Computer (see link in my start post).
I will update Java and run the online test this evening.
Ok. Shall wait for those logs.
I removed the old Java version and installed the latest one.
Ran Eset and manually stopped it after it had scanned the C-partition and part of the D-partition (at that point the scanner had been running for more than ten hours).
C:\Qoobox\Quarantine\C\Users\Dieter\AppData\Local\dnk.exe.vir a variant of Win32/Kryptik.MCK trojan
C:\Qoobox\Quarantine\C\Users\Dieter\AppData\Local\fsx.exe.vir a variant of Win32/Kryptik.MCK trojan
C:\Qoobox\Quarantine\C\Users\Dieter\AppData\Local\gre.exe.vir a variant of Win32/Kryptik.MCK trojan
C:\Qoobox\Quarantine\C\Users\Dieter\AppData\Local\lud.exe.vir a variant of Win32/Kryptik.MCK trojan
C:\Qoobox\Quarantine\C\Users\Dieter\AppData\Local\mvt.exe.vir a variant of Win32/Kryptik.MCK trojan
C:\Qoobox\Quarantine\C\Users\Dieter\AppData\Local\psu.exe.vir a variant of Win32/Kryptik.MCK trojan
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dieter at 8:56:05.39 on 14/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.214 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
D:\PC\Netbook\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {12FB4F37-C77A-4FEC-9919-0A2E572F53BF} = 10.203.65.68 10.203.65.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\pfk4j8za.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content
FF - component: c:\users\dieter\appdata\roaming\mozilla\firefox\profiles\pfk4j8za.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Full Fullscreen: {bfe3406c-6f31-4789-86d5-efa50e12c9eb} - %profile%\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
FF - Ext: Add Bookmark Here ˛: abhere2@moztw.org - %profile%\extensions\abhere2@moztw.org
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Toolbar Buttons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - %profile%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Pimpoflage: pimpoflage@ffpimp.com - %profile%\extensions\pimpoflage@ffpimp.com
FF - Ext: Simple Clocks: simpleClocks@grbradt.org - %profile%\extensions\simpleClocks@grbradt.org
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-29 64512]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-29 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-29 301528]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-29 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-29 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-29 42184]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-4-6 189808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-8-18 8704]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-10-24 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-10-24 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [2010-5-20 61952]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-3-31 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-3-31 194048]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-29 1405384]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-3-31 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-24 189984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-20 277536]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-2-11 124368]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-3-31 685424]
.
=============== Created Last 30 ================
.
2011-04-13 20:55:38 -------- d-----w- c:\program files\ESET
2011-04-13 20:47:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 20:47:49 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-12 21:05:39 -------- d-----w- C:\$RECYCLE.BIN
2011-04-12 20:48:32 -------- d-----w- C:\ComboFix
2011-04-12 19:57:10 98816 ----a-w- c:\windows\sed.exe
2011-04-12 19:57:10 89088 ----a-w- c:\windows\MBR.exe
2011-04-12 19:57:10 256512 ----a-w- c:\windows\PEV.exe
2011-04-12 19:57:10 161792 ----a-w- c:\windows\SWREG.exe
2011-04-10 11:25:26 -------- d-----w- c:\users\dieter\appdata\roaming\Mp3tag
2011-04-10 11:22:09 -------- d-----w- c:\program files\Mp3tag
2011-04-09 12:25:11 -------- d-----w- c:\progra~2\RL Vision
2011-04-09 12:24:49 28672 ----a-w- c:\windows\system32\FolderWatcher.dll
2011-04-09 12:24:49 164144 ----a-w- c:\windows\system32\COMCT232.ocx
2011-04-09 12:24:49 106496 ----a-w- c:\windows\system32\FlashRenHelper.dll
2011-04-09 12:24:48 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2011-04-09 12:24:48 609824 ----a-w- c:\windows\system32\COMCTL32.ocx
2011-04-09 12:24:48 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-04-09 12:24:45 -------- d-----w- c:\program files\Flash Renamer
2011-04-08 07:54:37 167704 ----a-w- c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
2011-04-08 07:54:25 -------- d-----w- c:\program files\Tracker Software
2011-04-07 15:28:27 -------- d-----w- c:\users\dieter\appdata\roaming\Disk Cleaner
2011-03-31 20:32:53 -------- d-----w- c:\users\dieter\appdata\roaming\FLEXnet
2011-03-31 20:25:27 -------- d-----w- c:\users\dieter\appdata\roaming\Vodafone
2011-03-31 20:25:07 194048 ----a-w- c:\windows\system32\drivers\ZTEusbwwan.sys
2011-03-31 20:25:06 105856 ----a-w- c:\windows\system32\drivers\zteusbvoice.sys
2011-03-31 20:25:02 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-03-31 20:24:58 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-03-31 20:24:56 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-03-31 20:24:55 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-03-31 20:24:09 -------- d-----w- c:\progra~2\Vodafone
2011-03-31 20:24:00 -------- d-----w- c:\program files\Vodafone
2011-03-31 20:22:56 -------- d-----w- c:\users\dieter\appdata\local\{F3E8BCCE-24B6-4737-920E-0D6073630E2A}
2011-03-29 22:41:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-29 22:41:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-29 22:41:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-29 22:41:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-29 22:41:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-29 22:27:36 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-29 22:23:29 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-29 22:23:27 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-03-29 22:23:26 314368 ----a-w- c:\windows\system32\webio.dll
2011-03-29 22:23:11 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-29 22:23:11 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-29 22:23:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-03-29 22:23:09 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-03-29 22:23:04 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-03-29 22:23:02 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-29 22:21:59 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-29 22:19:50 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-03-29 22:19:06 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-29 22:15:22 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-03-29 22:15:22 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-29 22:15:22 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-03-29 22:14:56 101760 ----a-w- c:\windows\system32\consent.exe
2011-03-29 21:45:03 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-29 21:45:03 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 21:44:35 40648 ----a-w- c:\windows\avastSS.scr
2011-03-29 21:44:27 -------- d-----w- c:\program files\AVAST Software
2011-03-29 21:44:27 -------- d-----w- c:\progra~2\AVAST Software
2011-03-29 21:27:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-29 21:21:19 -------- dc-h--w- c:\progra~2\{E45B1D3E-BC46-46CA-AC1B-16932832F73E}
2011-03-29 21:20:54 -------- d-----w- c:\program files\Lavasoft
2011-03-29 19:20:56 -------- d-----w- c:\users\dieter\appdata\roaming\KeePass
2011-03-29 19:18:37 -------- d-----w- c:\program files\KeePass Password Safe
2011-03-29 18:23:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 18:23:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-29 17:42:20 -------- d-----w- c:\users\dieter\appdata\roaming\Malwarebytes
2011-03-29 17:42:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 17:42:14 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-29 17:42:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 17:42:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 10:27:05 -------- d-----w- c:\program files\CleanUp!
2011-03-26 10:26:53 -------- d-----w- c:\program files\Disk Cleaner
2011-03-26 10:26:19 -------- d-----w- c:\program files\CCleaner
2011-03-24 18:53:39 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-24 18:49:57 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc18C1.tmp
2011-03-24 18:46:53 14744 ----a-w- c:\users\dieter\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-03-24 18:46:33 -------- d-----w- c:\users\dieter\Tracing
2011-03-23 17:50:31 -------- d-----w- c:\users\dieter\appdata\local\CutePDF Writer
2011-03-23 08:14:01 -------- d-----w- c:\program files\GPLGS
2011-03-23 08:13:41 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-03-23 08:13:40 -------- d-----w- c:\program files\Acro Software
2011-03-22 18:38:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
2011-03-22 07:56:33 -------- d-----w- c:\program files\SyncToy 2.1
2011-03-20 16:06:27 -------- d-----w- c:\users\dieter\appdata\local\Thunderbird
2011-03-20 14:58:21 -------- d-----w- c:\program files\SopCast
.
==================== Find3M ====================
.
2011-02-28 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
.
============= FINISH: 9:01:15.68 ===============
Good. If no issues left let's see the final steps then :) (those ESET findings will be removed when ComboFix is uninstalled)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
- reset system restore
- Windows updated
- I use Mozilla Firefox
- installed and ran Secunia Personal Software Inspector (PSI): updated Adobe Flash Player and Skype, uninstalled Adobe Air
- Avast! already installed, virus database updated automatically (every day)
As I mentioned in my first post, my machine was infected by visiting a website which I have regularly visited before without being infected. I later read on a Dutch blog that 3.8 million URL's have been infected with this particular malware (http://tweakers.net/nieuws/73605/hackers-verspreiden-scareware-via-massale-aanval.html) (also see http://community.websense.com/blogs/securitylabs/archive/2011/03/31/update-on-lizamoon-mass-injection.aspx). How could I have prevented my machine being infected with this particular malware? Do you know whether this particular infection collects sensitive information, such as passwords?
On both partitions, a folder called "$RECYCLE.BIN" was created, I think after running Combofix. Both folders contain files which I can't see. What are these folders, what do they contain, and can I delete them?
How could I have prevented my machine being infected with this particular malware? Do you know whether this particular infection collects sensitive information, such as passwords?
Most infections that come from webpage as a "drive-by" can be avoided by keeping system up-to-date. Changing passwords is a good move after any infection.
On both partitions, a folder called "$RECYCLE.BIN" was created, I think after running Combofix. Both folders contain files which I can't see. What are these folders, what do they contain, and can I delete them? It's there to protect from USB drive infections I think. Leave those there.
Many thanks for your help Blade81!
Husky_
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.