Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't access any online antivirus sites...HELP!


  • Please log in to reply

#1
jnmerrel

jnmerrel

    New Member

  • Member
  • Pip
  • 1 posts
The title says it all.... So now I ask you what I should do.

Here is my Combofix log, and my hijackthis log

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mpix.com/...geUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: webserver - Unknown owner - C:\Program Files\webserver\webserver.exe

--
End of file - 9635 bytes



c:\$recycle.bin\S-1-5-21-3674147146-1519921878-2579127329-500
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1001
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1002
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1003
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1004
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1005
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1006
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1007
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1008
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1009
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1010
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1011
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1012
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1013
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1014
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1015
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1016
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1017
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1018
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1019
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1020
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1021
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-1022
c:\$recycle.bin\S-1-5-21-484854120-407529709-2377210043-500
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\Installer\WMEncoder.msi
c:\windows\ld14.exe
c:\windows\pp12.exe
c:\windows\vkl_1252639977.exe
c:\windows\vkl_1252639981.exe
c:\windows\vkl_1252640041.exe
c:\windows\vkl_1252640057.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX
-------\Service_ddnsfilter


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 05:28 . 2009-09-11 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-11 03:33 . 2009-09-11 03:33 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-09-11 03:32 . 2009-09-11 03:32 -------- d-----w- c:\program files\webserver
2009-09-11 03:32 . 2009-09-11 03:32 18432 ----a-w- c:\windows\srpira1252639976.eXE
2009-09-09 11:51 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 11:51 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 11:51 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 11:51 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 11:51 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 11:51 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 11:51 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 11:51 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 11:51 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 11:51 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 11:50 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 11:50 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 11:50 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 11:50 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 11:50 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-08-29 19:41 . 2009-08-29 20:10 -------- d-----w- c:\users\j
2009-08-27 08:00 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 01:01 . 2009-08-25 01:01 -------- d-----w- c:\programdata\Norton
2009-08-25 01:01 . 2009-08-25 01:01 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-25 01:01 . 2009-08-25 01:01 -------- d-----w- c:\program files\Norton Security Scan
2009-08-25 01:01 . 2009-08-25 01:01 -------- d-----w- c:\programdata\NortonInstaller
2009-08-25 01:01 . 2009-08-25 01:01 -------- d-----w- c:\program files\NortonInstaller
2009-08-24 22:01 . 2009-08-24 22:01 -------- d-----w- c:\windows\system32\Adobe
2009-08-21 21:02 . 2009-08-21 21:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-13 08:01 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 08:01 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 08:01 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 08:01 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 08:01 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 08:01 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 08:01 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 08:01 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-12 21:06 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 21:06 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 21:06 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 21:06 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 21:06 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 21:06 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 21:06 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 21:06 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 08:01 . 2009-06-09 03:05 -------- d-----w- c:\programdata\Microsoft Help
2009-08-25 01:01 . 2008-08-18 18:48 -------- d-----w- c:\programdata\Symantec
2009-08-22 21:26 . 2009-06-23 23:49 114400 ----a-w- c:\users\Merrell's\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-21 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-07-31 12:47 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-31 12:47 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-21 21:52 . 2009-07-28 19:47 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 18:55 . 2008-08-18 17:52 -------- d-----w- c:\programdata\WildTangent
2009-07-18 14:20 . 2008-08-18 17:52 -------- d-----w- c:\program files\TOSHIBA Games
2009-06-24 20:37 . 2009-06-24 20:37 483 ----a-w- c:\windows\eReg.dat
2009-06-24 16:49 . 2008-08-18 18:48 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-23 23:49 . 2009-06-23 23:49 14 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-06-23 23:49 . 2009-06-23 23:49 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-06-15 15:24 . 2009-07-16 00:16 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-16 00:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-16 00:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-16 00:16 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Merrell's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0518F4F-0683-4E51-8601-337ABC2A0A5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5E5B29D-D6C6-40E3-8B8C-84928AE50650}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D3882F6-D969-4996-8345-D62B38A03BE5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CAC31B24-1D30-4BB3-BE07-EB947EF36121}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8C1407AB-D54D-4C19-871D-B42591A7BA15}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 Filter;Filter;c:\windows\System32\drivers\Filter.sys [9/10/2009 10:33 PM 37760]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090811.002\IDSvix86.sys [8/12/2009 4:16 PM 272432]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 7:37 AM 149352]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/18/2008 12:58 PM 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R2 webserver;webserver;c:\program files\webserver\webserver.exe [9/10/2009 10:32 PM 13824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/24/2009 11:50 AM 101936]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/18/2008 12:48 PM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [6/8/2009 10:35 PM 290304]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 8:35 PM 73728]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 1:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 2:32 PM 23888]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/21/2008 1:31 PM 29744]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/21/2008 3:18 PM 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\Norton Security Scan for Merrell's.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-25 01:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 00:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3752)
c:\windows\System32\NLSLexicons0009.dll
c:\windows\system32\ieframe.dll
c:\windows\System32\netshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-11 0:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 05:35

Pre-Run: 235,093,987,328 bytes free
Post-Run: 235,293,880,320 bytes free

258 --- E O F --- 2009-09-10 08:03

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP