Page 1 of 4 1234 LastLast
Results 1 to 10 of 39

Thread: Can't get rid of Google re-direct malware.

  1. 2010-07-16, 18:21 #1
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default Can't get rid of Google re-direct malware.

    Here are my logs, I have tried Malwarebytes, Spybot, Microsoft Malicious Software Removal, still redirects links after a Google search is complete.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by john at 11:17:14.56 on Fri 07/16/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.86 [GMT -5:00]

    AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
    C:\Program Files\Sharp\Sharpdesk\Indexer.exe
    C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
    C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sharp\Sharpdesk\nsapp.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\Microsoft Reader\msreader.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Dynamics\GP\Dynamics.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\GUQWBNFA\dds[1].com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp?rls=ig
    uSearch Bar = hxxp://www.toshiba.com/search
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.*
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100413232827.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [\\DESKTOP\EPSON Stylus Photo R1800] c:\windows\system32\spool\drivers\w32x86\3\e_fati9la.exe /fu "c:\docume~1\john\locals~1\temp\E_S69.tmp" /EF "HKCU"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
    mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [ZoomingHook] ZoomingHook.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
    mRun: [TCtryIOHook] TCtrlIOHook.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [TDispVol] TDispVol.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON
    mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [IndexTray] "c:\program files\sharp\sharpdesk\IndexTray.exe"
    mRun: [Indexer] "c:\program files\sharp\sharpdesk\Indexer.exe"
    mRun: [SharpTray] "c:\program files\sharp\sharpdesk\SharpTray.exe"
    mRun: [TypeRegChecker] "c:\program files\sharp\sharpdesk\TypeRegChecker.exe"
    mRun: [FtpServer.exe] "c:\program files\sharp\sharpdesk\FtpServer.exe" -usedefault
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.768.dll
    Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: acaptuser32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-29 214664]
    R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-1-29 14144]
    R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-1-29 144704]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-1-29 282824]
    R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2008-1-29 79816]
    R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2008-1-29 35272]
    R3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-1-29 34248]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 FdRedir;FdRedir;\??\c:\program files\common files\protector suite ql\drivers\fdredir.sys --> c:\program files\common files\protector suite ql\drivers\FdRedir.sys [?]
    S2 FileDisk2;FileDisk Protector Kernel Driver;\??\c:\program files\common files\protector suite ql\drivers\filedisk.sys --> c:\program files\common files\protector suite ql\drivers\filedisk.sys [?]
    S2 smihlp;SMI helper driver;\??\c:\program files\protector suite ql\smihlp.sys --> c:\program files\protector suite ql\smihlp.sys [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

    ============== File Associations ===============

    .scr=AutoCADScriptFile

    =============== Created Last 30 ================

    2010-07-12 19:14:00 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-12 19:14:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-07-08 16:45:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-07-08 16:42:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-07-07 13:45:02 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-06 14:10:39 83456 --sha-r- c:\windows\system32\sisbkuph.dll
    2010-07-06 14:10:39 83456 --sha-r- c:\windows\system32\mciaviv.dll
    2010-06-18 15:12:18 0 d-----w- c:\program files\IMSdesign2010
    2010-06-16 21:35:28 0 d-----w- c:\program files\ROSA72
    2010-06-16 19:35:02 57436 ----a-w- c:\windows\DASShp.dll
    2010-06-16 19:35:02 0 d-----w- c:\program files\Microsoft Reader

    ==================== Find3M ====================

    2008-08-25 01:04:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

    ============= FINISH: 11:18:29.36 ===============


    Here is attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/28/2008 3:00:28 PM
    System Uptime: 7/7/2010 9:18:39 AM (218 hours ago)

    Motherboard: TOSHIBA | | HAQAA
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1662/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 3.191 GiB free.
    D: is CDROM ()
    E: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 7/6/2010 12:22:18 PM - System Checkpoint
    RP2: 7/7/2010 8:44:30 AM - Restore Operation
    RP3: 7/8/2010 9:22:59 AM - System Checkpoint
    RP4: 7/9/2010 3:03:58 PM - System Checkpoint
    RP5: 7/10/2010 3:23:01 PM - System Checkpoint
    RP6: 7/11/2010 3:29:46 PM - System Checkpoint
    RP7: 7/12/2010 4:49:03 PM - System Checkpoint
    RP8: 7/13/2010 5:23:02 PM - System Checkpoint
    RP9: 7/14/2010 6:23:03 PM - System Checkpoint
    RP10: 7/15/2010 7:23:07 PM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 9.1.2
    ALPS Touch Pad Driver
    AutoCAD 2010 - English
    AutoCAD 2010 Language Pack - English
    Autodesk Design Review 2010
    BlackBerry Desktop Software 5.0.1
    C-Dilla Licence Management System
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Dexterity Shared Components 10.0
    DocProc
    DVD-RAM Driver
    EPSON Printer Software
    FileOpen Client
    Foxit Reader
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    IMSdesign
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 20
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    McAfee Virus and Spyware Protection Service
    mCore
    mDrWiFi
    Metamail (Toshiba Registration Utility)
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Dynamics GP 10.0
    Microsoft English TTS Engine
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Reader
    Microsoft Silverlight
    Microsoft SQL Server Native Client
    Microsoft Streets & Trips 2008
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works 6-9 Converter
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.0.8)
    mPfMgr
    mPfWiz
    mProSafe
    MSVCSetup
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mXML
    mZConfig
    OCR Software by I.R.I.S. 12.0
    Office 2003 Trial Assistant
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    ROSA6.1
    ROSA72
    SAPI Wrapper
    SD Secure Module
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SHARP AR-351/355/451/455 Series PCL Printer Driver
    Sharpdesk
    SMSC IrCC V5.1.3600.5 SP2
    Sonic DLA
    Sonic RecordNow!
    Spybot - Search & Destroy
    Terminal Services Web Client
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Accessibility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Fn-esse
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    Toshiba Tbiosdrv Driver
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Touch and Launch
    TouchPad On/Off Utility
    TTS Wrapper
    TubeMaster++ 1.3
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Utility Common Driver
    Viewpoint Media Player
    Visual C++ 8.0 x86 Runtime Setup Package
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinPcap 4.0.2
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0

    ==== End Of File ===========================
  2. 2010-07-18, 20:36 #2
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default Still need help with this, please!?????!!!!

    Can someone please take a look at my logs to see if you can help get rid of my re-direct malware???

    Thanks!
  3. 2010-07-18, 21:03 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,964

    Default

    Hello dallak,
    Quote Originally Posted by dallak View Post
    Can someone please take a look at my logs to see if you can help get rid of my re-direct malware???

    Thanks!
    Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    The same link that was provided in your first topic: http://forums.spybot.info/showthread.php?t=58570

    This thread was started Jul 16th, 2010.
    Waiting for help in the Malware Forum FOUR days or longer?

    Best regards.

    Edit

    Your post in the Waiting Room was removed,
    "If you have waited FOUR full days without a response"
    Last edited by tashi; 2010-07-18 at 21:58. Reason: Added
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  4. 2010-07-24, 09:58 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent



    I'd like you to read this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


    After that:

    Post fresh dds logs + run GMER:
    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2010-07-24, 15:21 #5
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default thanks!

    It is my laptop at work, I will do what you ask first thing Monday.
  6. 2010-07-24, 16:29 #6
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    It is my laptop at work
    I'm not sure if you noticed the following part in our BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) sticky:
    Note:
    When the infected computer in question is a company machine in the workplace, or you are an employee.


    The intention of this forum is not to replace a company's IT department, nor can we anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

    The majority of the tools used in this forum are only free for Home Users and only tested on Home machines, they may well change settings that are required for a Company network. Another consideration is that company information may show in the logs.

    More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.

    To prevent any possible loss or corruption of company information, please inform your IT Professional or Supervisor when a workplace computer has been infected, immediately.

    It's not that we don't want to help, but there are too many issues that could arise from a networked company machine that malware forum volunteers are not experienced in dealing with.

     Thank you for your understanding.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  7. 2010-07-24, 16:39 #7
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default laptop

    It's my personal computer, I just left it at work. My employer has nothing to do with it's operation.

    Thanks.
  8. 2010-07-24, 16:46 #8
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok. Thanks for clarification.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  9. 2010-07-26, 16:11 #9
    dallak
    dallak is offline
    Member
    Join Date
    Jul 2010
    Posts
    73

    Default new logs

    Thanks for your help!!!

    Here are my new logs, hopefully the attachment is what you are looking for and that you are able to unzip it.

    DDS logs:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by john at 9:08:04.54 on Mon 07/26/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.438 [GMT -5:00]

    AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Sharp\Sharpdesk\Indexer.exe
    C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
    C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\PROGRA~1\WINZIP\wzqkpick.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\Documents and Settings\john\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp?rls=ig
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.*
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100413232827.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [ZoomingHook] ZoomingHook.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
    mRun: [TCtryIOHook] TCtrlIOHook.exe
    mRun: [TDispVol] TDispVol.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [IndexTray] "c:\program files\sharp\sharpdesk\IndexTray.exe"
    mRun: [Indexer] "c:\program files\sharp\sharpdesk\Indexer.exe"
    mRun: [SharpTray] "c:\program files\sharp\sharpdesk\SharpTray.exe"
    mRun: [TypeRegChecker] "c:\program files\sharp\sharpdesk\TypeRegChecker.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.768.dll
    Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath -
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-29 214664]
    R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-1-29 14144]
    R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-1-29 144704]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-1-29 282824]
    R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2008-1-29 79816]
    R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2008-1-29 35272]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 FdRedir;FdRedir;\??\c:\program files\common files\protector suite ql\drivers\fdredir.sys --> c:\program files\common files\protector suite ql\drivers\FdRedir.sys [?]
    S2 FileDisk2;FileDisk Protector Kernel Driver;\??\c:\program files\common files\protector suite ql\drivers\filedisk.sys --> c:\program files\common files\protector suite ql\drivers\filedisk.sys [?]
    S2 smihlp;SMI helper driver;\??\c:\program files\protector suite ql\smihlp.sys --> c:\program files\protector suite ql\smihlp.sys [?]
    S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-1-29 34248]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

    ============== File Associations ===============

    .scr=AutoCADScriptFile

    =============== Created Last 30 ================

    2010-07-26 13:51:10 0 d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BD.TMP
    2010-07-23 19:58:14 0 d-s---w- C:\ComboFix
    2010-07-23 19:44:28 0 d-sha-r- C:\cmdcons
    2010-07-23 14:59:04 0 d-----w- c:\docume~1\john\applic~1\IObit
    2010-07-23 14:59:03 0 d-----w- c:\program files\IObit
    2010-07-21 16:09:15 1112 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-07-21 16:01:58 16384 ---ha-w- C:\SZKGFS.dat
    2010-07-21 15:58:15 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
    2010-07-21 15:57:00 0 d-----w- c:\program files\common files\iS3
    2010-07-21 15:56:56 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-07-12 19:14:00 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-12 19:14:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-07-08 16:45:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-07-08 16:42:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-07-07 13:45:02 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-06 14:10:39 83456 --sha-r- c:\windows\system32\sisbkuph.dll
    2010-07-06 14:10:39 83456 --sha-r- c:\windows\system32\mciaviv.dll

    ==================== Find3M ====================

    2008-08-25 01:04:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

    ============= FINISH: 9:09:05.07 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/28/2008 3:00:28 PM
    System Uptime: 7/26/2010 8:52:32 AM (1 hours ago)

    Motherboard: TOSHIBA | | HAQAA
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1662/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 3.485 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 7/26/2010 8:53:57 AM - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 9.1.2
    Advanced SystemCare 3
    ALPS Touch Pad Driver
    AutoCAD 2010 - English
    AutoCAD 2010 Language Pack - English
    Autodesk Design Review 2010
    BlackBerry Desktop Software 5.0.1
    C-Dilla Licence Management System
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Dexterity Shared Components 10.0
    DocProc
    DVD-RAM Driver
    EPSON Printer Software
    FileOpen Client
    Foxit Reader
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    IMSdesign
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 20
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    Metamail (Toshiba Registration Utility)
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Dynamics GP 10.0
    Microsoft English TTS Engine
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Reader
    Microsoft Silverlight
    Microsoft SQL Server Native Client
    Microsoft Streets & Trips 2008
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works 6-9 Converter
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.0.8)
    mPfMgr
    mPfWiz
    mProSafe
    MSVCSetup
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mXML
    mZConfig
    OCR Software by I.R.I.S. 12.0
    Office 2003 Trial Assistant
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    ROSA6.1
    ROSA72
    SAPI Wrapper
    SD Secure Module
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SHARP AR-351/355/451/455 Series PCL Printer Driver
    Sharpdesk
    SMSC IrCC V5.1.3600.5 SP2
    Sonic DLA
    Sonic RecordNow!
    Spybot - Search & Destroy
    Terminal Services Web Client
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Accessibility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Fn-esse
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    Toshiba Tbiosdrv Driver
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Touch and Launch
    TouchPad On/Off Utility
    TTS Wrapper
    TubeMaster++ 1.3
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Utility Common Driver
    Viewpoint Media Player
    Visual C++ 8.0 x86 Runtime Setup Package
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinPcap 4.0.2
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    7/26/2010 8:56:21 AM, error: System Error [1003] - Error code d0000144, parameter1 c0000005, parameter2 00350016, parameter3 00000000, parameter4 ffffffff.
    7/23/2010 2:45:49 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
    7/23/2010 2:42:33 PM, error: Service Control Manager [7034] - The C-DillaSrv service terminated unexpectedly. It has done this 1 time(s).
    7/22/2010 8:19:30 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DJ2PKJF1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CCCBBBEE-AC1A-41A8-. The master browser is stopping or an election is being forced.
    7/20/2010 12:12:51 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user JOHN\IWAM_SALES3 SID (S-1-5-21-494008278-1639368426-589388926-1010). This security permission can be modified using the Component Services administrative tool.
    7/19/2010 9:25:54 AM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 3 time(s).
    7/19/2010 11:07:41 AM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 1 time(s).
    7/19/2010 10:05:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    7/19/2010 10:05:37 AM, error: Service Control Manager [7000] - The SMI helper driver service failed to start due to the following error: The system cannot find the path specified.
    7/19/2010 10:05:37 AM, error: Service Control Manager [7000] - The FileDisk Protector Kernel Driver service failed to start due to the following error: The system cannot find the path specified.
    7/19/2010 10:05:37 AM, error: Service Control Manager [7000] - The FdRedir service failed to start due to the following error: The system cannot find the path specified.

    ==== End Of File ===========================
  10. 2010-07-26, 21:23 #10
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    It seems you archived GMER execution file instead of output logfile. Please post GMER output log
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules