Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown virus , need help getting rid

Started by PiggyWIggy , May 26 2008 12:45 AM

  • Please log in to reply

#1
PiggyWIggy
Posted 26 May 2008 - 12:45 AM

PiggyWIggy

    New Member

  • Member
  • Pip
  • 2 posts
I have viruses in my thumbdrive which i do not know what it is , i've scanned it with the anti virus but nothing shows up ... so can someone please help me to get rid of it! i dont want it to infect my new notebook.

Here is a log file scan i did with combofix

ComboFix 08-05-25.3 - TOSHIBA 2008-05-26 14:11:07.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1025 [GMT 8:00]
Running from: F:\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 23:09 . 2008-05-25 23:09 <DIR> d-------- C:\sUBs
2008-05-25 20:46 . 2008-05-25 20:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 18:11 . 2008-05-25 18:15 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\AVG7
2008-05-25 18:11 . 2008-05-25 23:21 <DIR> d-------- C:\Users\All Users\avg7
2008-05-25 18:11 . 2008-05-25 23:21 <DIR> d-------- C:\ProgramData\avg7
2008-05-25 17:41 . 2008-05-25 17:41 <DIR> d-------- C:\Program Files\Audacity
2008-05-25 15:28 . 2008-05-25 15:28 <DIR> d-------- C:\Program Files\Red Kawa
2008-05-25 15:28 . 2008-05-25 15:28 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-05-25 14:56 . 2008-05-26 13:59 <DIR> d-------- C:\Users\TOSHIBA\Incomplete
2008-05-25 00:49 . 2007-08-08 12:07 101,504 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-05-25 00:49 . 2007-08-08 12:06 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2008-05-25 00:47 . 2008-05-25 00:47 <DIR> d-------- C:\Program Files\Huawei technologies
2008-05-24 00:13 . 2008-05-24 00:14 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Media Player Classic
2008-05-23 22:35 . 2008-05-23 22:35 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Datalayer
2008-05-23 22:06 . 2008-05-23 22:41 <DIR> d-------- C:\Users\TOSHIBA\Phone Browser
2008-05-23 22:06 . 2008-05-23 22:06 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Nokia N73
2008-05-23 22:06 . 2008-05-23 22:06 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Nokia Multimedia Player
2008-05-23 22:05 . 2008-05-23 23:02 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Nokia
2008-05-23 22:00 . 2008-05-23 22:01 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\PC Suite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Users\All Users\PC Suite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\ProgramData\PC Suite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-23 21:57 . 2008-05-23 21:57 <DIR> d-------- C:\Users\All Users\Downloaded Installations
2008-05-23 21:57 . 2008-05-23 21:57 <DIR> d-------- C:\ProgramData\Downloaded Installations
2008-05-23 21:57 . 2008-05-23 22:01 <DIR> d-------- C:\Program Files\Nokia
2008-05-23 21:57 . 2006-05-29 08:26 50,688 --a------ C:\Windows\System32\nmwcdcls.dll
2008-05-22 15:02 . 2008-05-23 23:03 <DIR> d-------- C:\Users\TOSHIBA\Ipod Wallie
2008-05-19 14:03 . 2008-05-19 14:03 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-19 14:03 . 2008-05-19 14:03 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-19 14:03 . 2008-05-19 14:03 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-19 14:03 . 2008-05-19 14:03 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-19 14:03 . 2008-05-19 14:03 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-18 19:43 . 2008-05-26 14:10 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\uTorrent
2008-05-18 19:43 . 2008-05-18 19:43 <DIR> d-------- C:\Program Files\uTorrent
2008-05-18 17:29 . 2008-05-18 17:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-18 14:12 . 2008-05-18 14:12 0 --a------ C:\Windows\nsreg.dat
2008-05-18 12:52 . 2008-05-18 16:27 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Apple Computer
2008-05-18 12:52 . 2008-05-18 12:52 <DIR> d-------- C:\Program Files\iTunes
2008-05-18 12:52 . 2008-05-18 12:52 <DIR> d-------- C:\Program Files\iPod
2008-05-18 12:51 . 2008-05-18 12:52 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-05-18 12:51 . 2008-05-18 12:52 <DIR> d-------- C:\ProgramData\Apple Computer
2008-05-18 12:51 . 2008-05-18 12:51 <DIR> d-------- C:\Program Files\QuickTime
2008-05-18 12:51 . 2008-05-18 12:51 <DIR> d-------- C:\Program Files\Bonjour
2008-05-18 12:50 . 2008-05-18 12:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-18 12:49 . 2008-05-18 12:49 <DIR> d-------- C:\Users\All Users\Apple
2008-05-18 12:49 . 2008-05-18 12:49 <DIR> d-------- C:\ProgramData\Apple
2008-05-18 12:49 . 2008-05-18 12:49 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-18 12:25 . 2008-05-25 18:14 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-18 12:25 . 2008-05-25 18:14 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-18 12:11 . 2008-05-18 12:11 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2008-05-18 12:09 . 2008-05-18 12:09 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-18 12:09 . 2008-05-18 12:09 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-18 12:09 . 2008-05-18 12:09 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-18 12:09 . 2008-05-18 12:09 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-18 12:09 . 2008-05-18 12:09 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-18 12:09 . 2008-05-18 12:09 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-18 12:09 . 2008-05-18 12:09 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-18 12:09 . 2008-05-18 12:09 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-18 12:09 . 2008-05-18 12:09 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-18 12:09 . 2008-05-18 12:09 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-18 12:08 . 2008-05-18 12:08 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-18 12:08 . 2008-05-18 12:08 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-18 12:08 . 2008-05-18 12:08 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-18 12:08 . 2008-05-18 12:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-18 12:08 . 2008-05-18 12:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-18 12:08 . 2008-05-18 12:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-18 12:06 . 2008-05-18 12:06 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-18 12:06 . 2008-05-18 12:06 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-18 12:06 . 2008-05-18 12:06 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-18 12:06 . 2008-05-18 12:06 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-18 12:06 . 2008-05-18 12:06 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-18 12:05 . 2008-05-18 12:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-18 12:05 . 2008-05-18 12:05 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-18 12:05 . 2008-05-18 12:05 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-18 12:05 . 2008-05-18 12:05 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-18 12:05 . 2008-05-18 12:05 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-18 12:04 . 2008-05-18 12:04 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-05-18 12:04 . 2008-05-18 12:04 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-18 12:04 . 2008-05-18 12:04 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-18 12:04 . 2008-05-18 12:04 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-18 12:04 . 2008-05-18 12:04 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-18 12:04 . 2008-05-18 12:04 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-18 12:04 . 2008-05-18 12:04 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-18 12:03 . 2008-05-18 12:03 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-18 12:01 . 2008-05-18 12:01 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-18 12:00 . 2008-05-18 12:00 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-17 10:38 . 2008-05-26 13:57 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\LimeWire
2008-05-17 10:35 . 2008-05-17 10:35 <DIR> d-------- C:\Program Files\LimeWire
2008-05-17 10:20 . 2008-05-17 10:20 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-17 10:20 . 2008-05-17 10:20 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-05-17 10:09 . 2008-05-17 10:18 <DIR> d-------- C:\Program Files\Windows Live
2008-05-17 10:09 . 2008-05-17 10:18 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-17 10:08 . 2008-05-17 10:08 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-17 10:08 . 2008-05-17 10:08 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-17 10:08 . 2008-05-17 10:08 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-17 10:08 . 2008-05-17 10:08 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-17 10:08 . 2008-05-17 10:08 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-17 10:08 . 2008-05-17 10:08 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-05-17 10:08 . 2008-05-17 10:08 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-05-17 10:08 . 2008-05-17 10:08 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-05-17 10:08 . 2008-05-17 10:08 43,352 --a------ C:\Windows\System32\wups2.dll
2008-05-17 10:08 . 2008-05-17 10:08 33,624 --a------ C:\Windows\System32\wups.dll
2008-05-17 10:08 . 2008-05-17 10:08 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-05-17 02:27 . 2008-05-17 02:27 <DIR> d-------- C:\Program Files\ltmoh
2008-05-17 02:27 . 2006-10-18 16:39 487,424 --a------ C:\Windows\System32\cselect.exe
2008-05-17 02:27 . 2003-02-25 15:42 128,113 --a------ C:\Windows\System32\csellang.ini
2008-05-17 02:27 . 2003-12-05 09:48 77,824 --a------ C:\Windows\System32\tosmreg.exe
2008-05-17 02:27 . 2003-11-01 03:59 45,056 --a------ C:\Windows\System32\csellang.dll
2008-05-17 02:27 . 2007-02-02 11:17 10,150 --a------ C:\Windows\System32\tosmreg.ini
2008-05-17 02:27 . 2003-02-25 16:01 7,671 --a------ C:\Windows\System32\cseltbl.ini
2008-05-17 02:26 . 2008-05-17 02:26 <DIR> d-------- C:\Windows\Options
2008-05-17 02:26 . 2008-05-17 02:26 <DIR> d-------- C:\Program Files\Synaptics
2008-05-17 02:26 . 2008-05-17 02:26 <DIR> d-------- C:\DOCS
2008-05-17 02:26 . 2008-05-17 02:26 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
2008-05-17 02:26 . 2008-05-17 02:26 0 -rahs---- C:\Windows\System32\drivers\1179_TOSHIBA_Satellite M200_S3A6460D003_PSMC3L-06V004.MRK
2008-05-17 02:24 . 2007-03-14 08:49 936,728 --a------ C:\Windows\System32\imsmudlg.exe
2008-05-17 02:24 . 2007-02-13 05:36 277,784 --a------ C:\Windows\System32\drivers\iaStor.sys
2008-05-16 11:51 . 2008-05-25 14:43 <DIR> d-------- C:\Program Files\ESET
2008-05-16 11:51 . 2008-05-16 11:51 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-05-16 11:51 . 2008-05-16 11:51 298,104 --a------ C:\Windows\System32\imon.dll
2008-05-16 11:51 . 2008-05-16 11:51 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-05-16 11:39 . 2008-05-16 11:39 <DIR> d-------- C:\Program Files\Camera Assistant Software for Toshiba

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-24 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 10:15 174 --sha-w C:\Program Files\desktop.ini
2008-05-19 07:29 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 06:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-19 05:59 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-05-18 04:38 --------- d-----w C:\Program Files\Windows Mail
2008-05-18 04:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-18 04:10 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-18 04:10 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-18 04:10 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-18 04:10 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-18 04:10 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-05-18 04:10 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-18 04:10 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-18 04:10 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-18 04:10 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-18 04:10 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-18 04:10 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-18 04:10 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-18 04:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-18 04:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-18 04:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-18 04:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-18 04:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-18 04:02 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-18 04:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-18 04:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-18 04:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-16 03:38 --------- d-----w C:\ProgramData\Toshiba
2008-05-16 03:38 --------- d-----w C:\Program Files\Toshiba
2008-05-16 03:34 --------- d-----w C:\Program Files\Intel
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-25_23.17.07.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 12:44:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-26 05:56:24 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-25 12:43:17 229,264 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2008-05-25 16:20:30 229,264 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
- 2008-05-25 12:44:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-05-26 05:56:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2008-05-25 12:44:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2008-05-26 05:56:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2008-05-25 12:45:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-26 06:05:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-25 12:45:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-05-26 05:57:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2008-05-25 15:14:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
+ 2008-05-26 06:11:03 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
- 2008-05-25 13:56:33 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-26 06:08:13 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-25 13:56:33 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-26 06:08:13 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-25 12:46:00 4,718 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069671701-3476945987-2273482261-1000_UserData.bin
+ 2008-05-26 05:58:15 4,742 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069671701-3476945987-2273482261-1000_UserData.bin
- 2008-05-25 12:46:00 58,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-05-26 05:58:15 59,224 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-05-25 12:45:58 33,586 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-05-26 05:58:14 33,690 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-18 12:05 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 20:34 2159104 C:\Windows\System32\oobefldr.dll]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 23:59 417792]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"HuaWeiEVDO.exe"="C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe" [2007-10-09 11:58 925696]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 15:50 4399104 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-20 11:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-20 11:07 154136]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2007-09-20 11:07 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 13:36 835584]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 23:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 11:46 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 14:41 538744]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-03-21 17:23 413696]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-16 11:51 949376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP ~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-19 03:21:09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{C902BB4C-47D3-4F0C-8D16-C4F19F126686}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{57714F56-E0CC-4A60-B926-00DE69F5F56F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{488B65FD-EEEF-48F7-9633-FD68B5ADCD5C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8C8B1178-3CD6-446E-B31D-51C9F9BB6A6B}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{6A420FCC-F3A3-47B1-858E-4702BD3B087E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4DB7550B-1C9F-40FA-A163-24BF84A7B229}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5DA34A77-1362-4FB4-B5B6-98E97EF45C60}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AA02A5DC-A07B-4B56-934B-3714CC5FF247}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{18B1B8B1-4E35-4A12-B1CA-944B00BAF1FD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{171F1DD0-1514-4347-A37A-B7655367A0E4}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BFCDE734-DAC6-4B3F-B1DD-1177934F7EA4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{80F1A701-BF14-4F4B-B139-4D831F5390C3}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9F69B517-F7E3-4F8F-8AF9-034AF0FC63CF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{231FD8B2-47D6-4D5B-8619-A8A05C7FF3C7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-09-19 10:59]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 11:01]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 12:55]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 13:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 15:23]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-19 02:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S .SYS [2007-03-12 21:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-10 01:00]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 15:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{60f6bbee-27c7-11dd-9af7-001cbfcdd3e3}]
\shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6ebe81b2-2ae8-11dd-bcd6-001cbfcdd3e3}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7c58070d-2a17-11dd-bbf6-001e3331441a}]
\shell\AutoPlay\command - wscript.exe \saifulfaizan.js
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \saifulfaizan.js
\shell\Explore\command - wscript.exe \saifulfaizan.js -Clicked
\shell\Open\command - wscript.exe \saifulfaizan.js
\shell\Scan for Viruses\command - wscript.exe \saifulfaizan.js
\shell\Scan with AVG\command - wscript.exe \saifulfaizan.js
\shell\Scan with Norton AntiVirus\command - wscript.exe \saifulfaizan.js

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d50ed21-29ab-11dd-a1c0-001cbfcdd3e3}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d50ed4c-29ab-11dd-a1c0-001e3331441a}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db2532ca-272a-11dd-ba7a-001cbfcdd3e3}]
\shell\AutoPlay\command - wscript.exe \saifulfaizan.js
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \saifulfaizan.js
\shell\Explore\command - wscript.exe \saifulfaizan.js -Clicked
\shell\Open\command - wscript.exe \saifulfaizan.js
\shell\Scan for Viruses\command - wscript.exe \saifulfaizan.js
\shell\Scan with AVG\command - wscript.exe \saifulfaizan.js
\shell\Scan with Norton AntiVirus\command - wscript.exe \saifulfaizan.js

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 02:20:35 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-26 06:12:36 C:\Windows\Tasks\User_Feed_Synchronization-{11EA8DFC-B6F5-4624-B338-034E421E2214}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 14:13:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????uP0????(?-?P?-???-???-???

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-26 14:14:07
ComboFix-quarantined-files.txt 2008-05-26 06:13:41
ComboFix2.txt 2008-05-25 15:17:42

Pre-Run: 94,812,381,184 bytes free
Post-Run: 94,786,908,160 bytes free

315 --- E O F --- 2008-05-23 13:30:17
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP