Results 1 to 3 of 3

Thread: Infected: CoolWWWSearch.OleHelp

  1. 2010-11-07, 04:03 #1
    DrYattz
    DrYattz is offline
    Junior Member
    Join Date
    Nov 2010
    Posts
    2

    Default Infected: CoolWWWSearch.OleHelp

    I got it, dunno where. I've been trying to follow the instructions at http://forums.spybot.info/showthread.php?t=288, but have had some problems:
    When I try to use ERUNT, I get multiple error messages that look like this:

    > Error saving file:
    > C:\Users\Desktop\ERUNT back\11-6-2010\default !
    > [RegCreateKeyEx:5 - Access is denied]

    It also lists a few other files it can't save:

    > components !
    > BCD !
    > ntuser.dat !
    > UsrClass.dat !

    So, I'm not entirely sure I'm ready to fix anything. . .
    __________________________

    This version of CoolWWWSearch.OleHelp seems particularly nasty. After grinding my internet browser to a halt, it also seems to shut down my mouse driver.

    I've used SpyBot a dozen times or more, in and out of safe mode, and (of course) the damn thing reappears immediately. In safe mode, it tells me ]

    > Some problems couldn't be fixed; the reason could be that the associated
    > files are still in use (in memory). This could be fixed after a restart. May
    > Spybot-S&&D run on your next system startup?

    But after the reboot, it's back immediately.

    I also run Avira, and when I remove it in normal mode, Avira immediately runs a scan and reports:

    >Guard: Malware found
    __________________________

    When I run HJT, I get an error message:

    > For some reason your system denied write access to the Hosts file. If any
    > hijacked domains are in this file, HijackThis may NOT be able to fix this.
    >
    > If this happens. . .

    and I'm told how to do it manually.
    __________________________

    So, I've got a HijackThis log run in safe mode (which didn't give the above error message. I'm going to post it here:

    O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O3 - Toolbar: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
    O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
    O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Rees\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

    --
    End of file - 12450 bytes
    ________________________

    I've also got the DDS log and the Attach file. I'm assuming I should wait until I hear from someone before I post Attach. Here's the DDS:

    DDS (Ver_10-11-05.01) - NTFSx86
    Run by Rees at 22:29:35.57 on Sat 11/06/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1733 [GMT -4:00]

    SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\FileZilla Server\FileZilla Server.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Users\Rees\AppData\Roaming\Microsoft\Windows\shell.exe
    C:\Users\Rees\AppData\Roaming\Microsoft\svchost.exe
    C:\Users\Rees\AppData\Local\Temp\dwm.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Rees\AppData\Local\Temp\dfrgsnapnt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Rees\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    uURLSearchHooks: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    mURLSearchHooks: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    uWinlogon: Shell=explorer.exe,c:\users\rees\appdata\roaming\microsoft\windows\shell.exe
    uWindows: Load=c:\users\rees\appdata\local\temp\dwm.exe
    BHO: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    TB: TranslatorBar 1 Toolbar: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - c:\program files\translatorbar_1\tbTran.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [winsp1up.exe] c:\users\rees\appdata\local\temp\winsp1up.exe
    uRun: [svchost] c:\users\rees\appdata\roaming\microsoft\svchost.exe
    uRun: [mxYgoIBYas.exe] c:\users\rees\appdata\local\temp\mxYgoIBYas.exe
    uRun: [ctfmpgrd] rundll32 "c:\users\rees\appdata\local\temp\ciphl386.dll",DllGetVersion
    uRun: [Iziyujehokoni] rundll32.exe "c:\users\rees\appdata\local\Nl32409.dll",Startup
    uRun: [dfrgsnapnt.exe] c:\users\rees\appdata\local\temp\dfrgsnapnt.exe
    uRun: [Rrikogajeku] rundll32.exe "c:\users\rees\appdata\local\ihafaneyafiseq.dll",Startup
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
    mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
    mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\rees\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2010-4-8 25896]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-10 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-10 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-10 60936]
    R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2010-4-8 20544]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-29 1153368]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
    R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-4-8 22272]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-4-8 346112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-11-06 20:29:43 0 ----a-w- c:\users\rees\appdata\local\Ntiyo.bin
    2010-11-06 20:29:41 -------- d-----w- c:\users\rees\appdata\local\{9DA6E18C-7C96-45DE-ACB9-9B1A4BB6E4E2}
    2010-11-06 02:13:21 189976 ----a-w- c:\windows\system32\mfimgvwr.ocx
    2010-11-05 09:48:15 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{749a28b8-745d-48c2-8344-a6ce88b76e22}\mpengine.dll
    2010-11-03 02:11:14 101888 ----a-w- c:\users\rees\appdata\roaming\microsoft\svchost.exe
    2010-11-01 14:37:00 388096 ----a-r- c:\users\rees\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-11-01 14:37:00 -------- d-----w- c:\program files\Trend Micro
    2010-10-27 04:12:39 117760 ----a-w- c:\users\rees\appdata\roaming\microsoft\windows\shell.exe
    2010-10-27 01:40:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-27 01:40:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-13 07:00:52 231936 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-13 02:09:23 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 02:09:06 7680 ----a-w- c:\windows\system32\spwmp.dll
    2010-10-13 02:09:06 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2010-10-13 02:09:06 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2010-10-13 02:09:06 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-13 02:09:06 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
    2010-10-13 02:09:06 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
    2010-10-13 02:09:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 02:08:39 303616 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-13 02:08:39 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-13 02:08:39 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-13 02:08:38 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-13 02:08:38 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-13 02:08:20 274432 ----a-w- c:\windows\system32\schannel.dll
    2010-10-13 02:08:12 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-13 02:08:12 1315840 ----a-w- c:\windows\system32\ole32.dll
    2010-10-13 01:54:39 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 01:54:39 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 01:53:52 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-10-13 01:46:10 531968 ----a-w- c:\windows\system32\comctl32.dll

    ==================== Find3M ====================

    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 22:30:29.80 ===============
    _______________________

    So, I'll eagerly await some direction?

    THANKS!!!

    DrYattz
    winwinsit at gmail dot com
  2. 2010-11-09, 17:28 #2
    DrYattz
    DrYattz is offline
    Junior Member
    Join Date
    Nov 2010
    Posts
    2

    Default Never mind. . .

    After over a hundred visits and no responses in several days, I decided to have my computer technician clean up the infection.

    Thanks, anyway.

    DrYattz
  3. 2010-11-09, 20:58 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello DrYattz,

    Thank you for letting us know, the thread will be archived,

    This topic was started in my time zone Nov 6th, 2010, 08:03 PM.
    Your last post was Nov 9th, 2010 09:28 AM

    For future reference: The Waiting Room
    If you have waited four days or longer for assistance, please start a topic in this sub-forum and post with a link back to your topic in the Malware forum, so that we know who you are and your topic is not archived.
    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules