1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow computer slow internet response packet loss

Discussion in 'Virus & Other Malware Removal' started by turky, Jan 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    Windows Vista sluggish operation
    Here are logs. Thanks
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:28:45 PM, on 22/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\Program Files\SGPSA\ie3sh.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\JIM\Desktop\HijackThis.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc300.mail.yahoo.com/mc/w...own&tt=847&pSize=25&.rand=844279483&.jsrand=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Users\JIM\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3219355719-923679217-2391776794-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Bear')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
    O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
    O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12205 bytes

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by JIM at 20:38:37.41 on 22/01/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1917.497 [GMT -5:00]

    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\lxbucoms.exe
    C:\Windows\system32\lxcgcoms.exe
    C:\Windows\system32\lxducoms.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\slserv.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\Program Files\SGPSA\ie3sh.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\JIM\Desktop\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\JIM\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://us.mc300.mail.yahoo.com/mc/welcome?.rand=an4agrir032fa#_pg=showFolder&fid=Inbox&order=down&tt=847&pSize=25&.rand=844279483&.jsrand=2
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    uURLSearchHooks: SearchHelper Class: {91c18ed5-5e1c-4ae5-a148-a861de8c8e16} - c:\program files\sgpsa\mtwb3sh.dll
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre2.dll
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre2.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre2.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
    BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre2.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {903C8A6A-2FD1-433F-9950-46386736E88E} - No File
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [cdloader] "c:\users\jim\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
    mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,[email protected]
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Skytel] Skytel.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,[email protected]
    mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
    mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
    mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: tdcanadatrust.com\easyweb
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2011-01-22 17:33:11 -------- d-----w- c:\users\jim\Gazelle
    2011-01-22 13:49:41 388096 ----a-r- c:\users\jim\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-22 13:49:39 -------- d-----w- c:\program files\Trend Micro
    2011-01-22 01:08:45 -------- d-----w- c:\program files\Xirrus
    2011-01-22 01:06:43 -------- d-----w- c:\users\jim\appdata\local\Downloaded Installations
    2011-01-21 17:32:26 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{99e71f71-4dc8-4d87-8c3e-23a105b9697a}\mpengine.dll
    2011-01-21 02:20:31 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-01-15 03:09:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-14 03:38:01 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-14 03:16:37 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-12 22:27:52 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-12 22:27:52 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 22:27:52 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-12 22:27:52 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-12 22:27:51 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-01-12 22:27:51 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-12 22:27:48 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-07 15:34:38 -------- d-----w- c:\program files\Makayama Interactive
    2011-01-06 05:00:44 -------- d-----w- c:\users\jim\appdata\local\Yahoo!
    2010-12-25 19:41:06 -------- d-----w- c:\program files\iPod
    2010-12-25 19:41:02 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-12-25 19:41:01 -------- d-----w- c:\program files\iTunes
    2010-12-25 19:34:56 -------- d-----w- c:\program files\Bonjour
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-12-25 19:27:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    ==================== Find3M ====================

    2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-20 23:07:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

    ============= FINISH: 20:43:42.64 ===============
     

    Attached Files:

  2. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    I have ark.txt but didn't include because I received a message saying the post was too large.
     

    Attached Files:

    • ark.txt
      File size:
      293.3 KB
      Views:
      2
  3. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    Bump
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya turky,

    Proceed as follows please,

    Step 1

    I notice you use Lavasofts Ad-Aware. Please be informed that the latest versions of Ad-Aware now have Anti-virus protection included. It is not recommended to have more than
    one anti-virus installed on a system, doing so does not provide better protection, it can actually cause additional problems. Anti-virus programs patch into the
    system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and can cause crashes! As you are using Avast please do the following to ensure Ad-aware has no Anti-virus component running...

    • Open Ad-Aware
    • Click on switch to advanced mode
    • Click on Settings
    • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is Unchecked
    • Click OK and close Ad-Aware

    Step 2

    Please re-open HiJackThis and scan only.**Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe


    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot

    Step 3

    Unistall the following from Uninstall a Program via Start > Control Panel (if present)

    SGPSA
    Ask.com


    Step 4

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 5

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post the log from Malwarebytes, a fresh HJT log and tell me how your system is responding

    Kevin
     
  5. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    Computer seems a bit better but still sluggish.
    Here are logs:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:44:05 PM, on 26/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Users\JIM\Desktop\HijackThis.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc300.mail.yahoo.com/mc/w...own&tt=847&pSize=25&.rand=844279483&.jsrand=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Users\JIM\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: lxbu_device - - C:\Windows\system32\lxbucoms.exe
    O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
    O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10539 bytes
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5604

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    25/01/2011 11:44:31 PM
    mbam-log-2011-01-25 (23-44-31).txt

    Scan type: Quick scan
    Objects scanned: 159771
    Time elapsed: 23 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya turky,

    Proceed as follows please :-

    We will combofix with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop, do not save to or run from anywhere else. <--Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply please,

    Kevin
     
  7. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    ComboFix 11-01-26.02 - JIM 27/01/2011 10:03:56.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1917.1023 [GMT -5:00]
    Running from: c:\users\JIM\Desktop\Gotcha.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Fast Browser Search
    c:\program files\Fast Browser Search\IE\1.bat
    c:\program files\Fast Browser Search\IE\about.html
    c:\program files\Fast Browser Search\IE\affid.dat
    c:\program files\Fast Browser Search\IE\basis.xml
    c:\program files\Fast Browser Search\IE\basis_br.xml
    c:\program files\Fast Browser Search\IE\basis_de.xml
    c:\program files\Fast Browser Search\IE\basis_en.xml
    c:\program files\Fast Browser Search\IE\basis_es.xml
    c:\program files\Fast Browser Search\IE\basis_fr.xml
    c:\program files\Fast Browser Search\IE\basis_it.xml
    c:\program files\Fast Browser Search\IE\basis_nr.xml
    c:\program files\Fast Browser Search\IE\basis_pt.xml
    c:\program files\Fast Browser Search\IE\basis_ru.xml
    c:\program files\Fast Browser Search\IE\basis_tr.xml
    c:\program files\Fast Browser Search\IE\BHO.dll
    c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
    c:\program files\Fast Browser Search\IE\error.html
    c:\program files\Fast Browser Search\IE\fbsProtection.xml
    c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
    c:\program files\Fast Browser Search\IE\FBStoolbar.dll
    c:\program files\Fast Browser Search\IE\fbstoolbar.jar
    c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
    c:\program files\Fast Browser Search\IE\icons.bmp
    c:\program files\Fast Browser Search\IE\IE3SH.exe
    c:\program files\Fast Browser Search\IE\info.txt
    c:\program files\Fast Browser Search\IE\local.xml
    c:\program files\Fast Browser Search\IE\logobg.bmp
    c:\program files\Fast Browser Search\IE\MTWB3SH.dll
    c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
    c:\program files\Fast Browser Search\IE\search.bmp
    c:\program files\Fast Browser Search\IE\search_br.bmp
    c:\program files\Fast Browser Search\IE\search_de.bmp
    c:\program files\Fast Browser Search\IE\search_es.bmp
    c:\program files\Fast Browser Search\IE\search_fr.bmp
    c:\program files\Fast Browser Search\IE\search_it.bmp
    c:\program files\Fast Browser Search\IE\search_pt.bmp
    c:\program files\Fast Browser Search\IE\search_ru.bmp
    c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
    c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
    c:\program files\Fast Browser Search\IE\SGPU.ico
    c:\program files\Fast Browser Search\IE\sgpUpdater.exe
    c:\program files\Fast Browser Search\IE\sgpUpdater.xml
    c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
    c:\program files\Fast Browser Search\IE\tbhelper.dll
    c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
    c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
    c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
    c:\program files\Fast Browser Search\IE\Toolbar Help.htm
    c:\program files\Fast Browser Search\IE\uninstalSGP.exe
    c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
    c:\program files\Fast Browser Search\IE\update.exe
    c:\program files\Fast Browser Search\IE\version.txt
    c:\program files\IEToolbar
    c:\program files\SGPSA
    c:\program files\SGPSA\BHO.dll
    c:\program files\SGPSA\ie3sh.exe
    c:\program files\SGPSA\mtwb3sh.dll
    c:\users\JIM\AppData\Roaming\inst.exe
    c:\users\Public\RemoveSGP0.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
    .

    2011-01-27 15:30 . 2011-01-27 15:43 -------- d-----w- c:\users\JIM\AppData\Local\temp
    2011-01-26 04:18 . 2011-01-26 04:18 -------- d-----w- c:\users\JIM\AppData\Roaming\Malwarebytes
    2011-01-26 04:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-26 04:17 . 2011-01-26 04:17 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-26 04:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-26 04:17 . 2011-01-26 04:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-26 01:59 . 2011-01-26 01:59 -------- d-----w- c:\users\Bear\AppData\Roaming\Canneverbe Limited
    2011-01-25 13:51 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC66E5E8-42CE-44E6-8076-FF85BCD25988}\mpengine.dll
    2011-01-22 17:33 . 2011-01-22 17:34 -------- d-----w- c:\users\JIM\Gazelle
    2011-01-22 13:49 . 2011-01-22 13:49 388096 ----a-r- c:\users\JIM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-22 13:49 . 2011-01-22 13:49 -------- d-----w- c:\program files\Trend Micro
    2011-01-22 04:29 . 2011-01-22 04:29 -------- d-----w- c:\users\Bear\AppData\Roaming\skypePM
    2011-01-22 04:18 . 2011-01-22 04:33 -------- d-----w- c:\users\Bear\AppData\Roaming\Skype
    2011-01-22 01:08 . 2011-01-22 01:08 -------- d-----w- c:\program files\Xirrus
    2011-01-22 01:06 . 2011-01-22 01:06 -------- d-----w- c:\users\JIM\AppData\Local\Downloaded Installations
    2011-01-21 02:20 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-01-16 18:39 . 2011-01-16 18:39 -------- d-----w- c:\users\JIM\AppData\Roaming\Ulead Systems
    2011-01-15 03:09 . 2011-01-14 03:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-14 03:38 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-14 03:16 . 2011-01-14 03:16 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-12 22:27 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 22:27 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 22:27 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 22:27 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 22:27 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 22:27 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 22:27 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-07 15:34 . 2011-01-07 15:34 -------- d-----w- c:\program files\Makayama Interactive
    2011-01-06 05:00 . 2011-01-06 05:00 -------- d-----w- c:\users\JIM\AppData\Local\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-06-30 02:03 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2009-03-06 17:37 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2009-03-06 17:37 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2009-03-06 17:37 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2009-03-06 17:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2009-03-06 17:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2009-03-06 17:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-03 09:05 . 2010-12-03 09:05 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-16 13:40 . 2010-03-03 03:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-12 23:53 . 2010-06-07 02:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-04 18:56 . 2010-12-16 12:58 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-16 12:58 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-16 12:58 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-16 12:58 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-16 12:58 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-16 12:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-16 12:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-16 12:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-16 12:58 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57 . 2010-12-16 12:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01 . 2010-12-16 12:58 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-16 12:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-16 12:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre2.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\Freecorder\tbFre2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre2.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre2.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "cdloader"="c:\users\JIM\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
    "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "Skytel"="Skytel.exe" [2007-08-03 1826816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2007-04-30 03:57 103344 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
    2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    2007-04-30 03:55 205744 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 133104]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]
    R3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\DRIVERS\slnt7554.sys [2003-10-30 223184]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S1 aswSP;aswSP; [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-16 98392]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-14 1402272]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-12-03 69976]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
    S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 01:55]

    2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 01:55]

    2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{13ACAFEA-952E-4AFC-888B-BF5EBA91C5A1}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]

    2011-01-27 c:\windows\Tasks\User_Feed_Synchronization-{64FAD9B4-A6CE-4667-A4AF-BFE6440C9D89}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://us.mc300.mail.yahoo.com/mc/welcome?.rand=an4agrir032fa#_pg=showFolder&fid=Inbox&order=down&tt=847&pSize=25&.rand=844279483&.jsrand=2
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: tdcanadatrust.com\easyweb
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{903C8A6A-2FD1-433F-9950-46386736E88E} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-27 10:42
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\lxbucoms.exe
    c:\windows\system32\lxcgcoms.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\Toshiba\Power Saver\TPwrMain.exe
    c:\program files\Toshiba\SmoothView\SmoothView.exe
    c:\program files\Toshiba\FlashCards\TCrdMain.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
    c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-27 10:51:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-27 15:50

    Pre-Run: 33,798,144,000 bytes free
    Post-Run: 33,688,489,984 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - BDDA7C544BB4DD70FD0943351D2D7498
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya turky,

    As follows please :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    File::
    c:\windows\system32\drivers\SBREdrv.sys
    Folder::
    Driver::
    SBRE
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:0000000
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    What i`d like in your reply :-

    • Log from Combofix
    • Log from ESET
    • System review, improvements? issues?

    Kevin
     
  9. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    Here is log for combofix. I wasn't able to get the log from eset but it didn't find any threats, I can run again if you want. What was found thus far? Thanks for your help. System seems a bit better
    ComboFix 11-01-26.02 - JIM 27/01/2011 17:20:45.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1917.876 [GMT -5:00]
    Running from: c:\users\JIM\Desktop\Gotcha.exe
    Command switches used :: c:\users\JIM\Desktop\CFSCRIPT.txt
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\drivers\SBREdrv.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\SBREdrv.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SBRE
    -------\Service_SBRE


    ((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
    .

    2011-01-27 22:31 . 2011-01-27 22:39 -------- d-----w- c:\users\JIM\AppData\Local\temp
    2011-01-27 22:31 . 2011-01-27 22:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-01-27 22:31 . 2011-01-27 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-26 04:18 . 2011-01-26 04:18 -------- d-----w- c:\users\JIM\AppData\Roaming\Malwarebytes
    2011-01-26 04:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-26 04:17 . 2011-01-26 04:17 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-26 04:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-26 04:17 . 2011-01-26 04:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-26 01:59 . 2011-01-26 01:59 -------- d-----w- c:\users\Bear\AppData\Roaming\Canneverbe Limited
    2011-01-25 13:51 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC66E5E8-42CE-44E6-8076-FF85BCD25988}\mpengine.dll
    2011-01-22 17:33 . 2011-01-22 17:34 -------- d-----w- c:\users\JIM\Gazelle
    2011-01-22 13:49 . 2011-01-22 13:49 388096 ----a-r- c:\users\JIM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-22 13:49 . 2011-01-22 13:49 -------- d-----w- c:\program files\Trend Micro
    2011-01-22 04:29 . 2011-01-22 04:29 -------- d-----w- c:\users\Bear\AppData\Roaming\skypePM
    2011-01-22 04:18 . 2011-01-22 04:33 -------- d-----w- c:\users\Bear\AppData\Roaming\Skype
    2011-01-22 01:08 . 2011-01-22 01:08 -------- d-----w- c:\program files\Xirrus
    2011-01-22 01:06 . 2011-01-22 01:06 -------- d-----w- c:\users\JIM\AppData\Local\Downloaded Installations
    2011-01-21 02:20 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-01-16 18:39 . 2011-01-16 18:39 -------- d-----w- c:\users\JIM\AppData\Roaming\Ulead Systems
    2011-01-15 03:09 . 2011-01-14 03:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-14 03:38 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-14 03:16 . 2011-01-14 03:16 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-12 22:27 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 22:27 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 22:27 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 22:27 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 22:27 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 22:27 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 22:27 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-07 15:34 . 2011-01-07 15:34 -------- d-----w- c:\program files\Makayama Interactive
    2011-01-06 05:00 . 2011-01-06 05:00 -------- d-----w- c:\users\JIM\AppData\Local\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-06-30 02:03 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2009-03-06 17:37 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2009-03-06 17:37 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2009-03-06 17:37 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2009-03-06 17:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2009-03-06 17:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2009-03-06 17:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-03 09:05 . 2010-12-03 09:05 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-12 23:53 . 2010-06-07 02:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-04 18:56 . 2010-12-16 12:58 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-16 12:58 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-16 12:58 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-16 12:58 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-16 12:58 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-16 12:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-16 12:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-16 12:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-16 12:58 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57 . 2010-12-16 12:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01 . 2010-12-16 12:58 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-16 12:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-16 12:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre2.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\Freecorder\tbFre2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre2.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre2.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "cdloader"="c:\users\JIM\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
    "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "Skytel"="Skytel.exe" [2007-08-03 1826816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2007-04-30 03:57 103344 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
    2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    2007-04-30 03:55 205744 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 133104]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]
    R3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\DRIVERS\slnt7554.sys [2003-10-30 223184]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-14 1402272]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-12-03 69976]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
    S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 01:55]

    2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 01:55]

    2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{13ACAFEA-952E-4AFC-888B-BF5EBA91C5A1}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]

    2011-01-27 c:\windows\Tasks\User_Feed_Synchronization-{64FAD9B4-A6CE-4667-A4AF-BFE6440C9D89}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://us.mc300.mail.yahoo.com/mc/welcome?.rand=an4agrir032fa#_pg=showFolder&fid=Inbox&order=down&tt=847&pSize=25&.rand=844279483&.jsrand=2
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: tdcanadatrust.com\easyweb
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-27 17:39
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\lxbucoms.exe
    c:\windows\system32\lxcgcoms.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\slserv.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\system32\conime.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\RtHDVCpl.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-27 17:47:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-27 22:47
    ComboFix2.txt 2011-01-27 15:51

    Pre-Run: 35,864,526,848 bytes free
    Post-Run: 35,898,744,832 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - 669277B5D89AC543742893FEA120EBD4
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Hiya turky,

    Proceed as follows please :-

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    Folder::
    c:\program files\ConduitEngine
    c:\program files\Freecorder
    File::
    c:\windows\system32\DRIVERS\sbapifs.sys
    Driver::
    sbapifs
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
    [-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Post the log and give update please..

    Kevin
     
  11. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    ComboFix 11-01-26.02 - JIM 28/01/2011 17:13:39.3.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.2.1033.18.1917.965 [GMT -5:00]
    Running from: c:\users\JIM\Desktop\Gotcha.exe
    Command switches used :: c:\users\JIM\Desktop\CFSCRIPT.txt
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\DRIVERS\sbapifs.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ConduitEngine
    c:\program files\ConduitEngine\appContextMenu.xml
    c:\program files\ConduitEngine\ConduitEngine.dll
    c:\program files\ConduitEngine\ConduitEngineHelper.exe
    c:\program files\ConduitEngine\engineContextMenu.xml
    c:\program files\ConduitEngine\EngineSettings.json
    c:\program files\ConduitEngine\toolbar.cfg
    c:\program files\Freecorder
    c:\program files\Freecorder\Applian_Audio_Plugin.dll
    c:\program files\Freecorder\audgopher.dll
    c:\program files\Freecorder\audhook.dll
    c:\program files\Freecorder\FCAudio.exe
    c:\program files\Freecorder\FCConv.exe
    c:\program files\Freecorder\FCSettings.exe
    c:\program files\Freecorder\FCVideos.exe
    c:\program files\Freecorder\ffmpeg.exe
    c:\program files\Freecorder\FLVPlayer.exe
    c:\program files\Freecorder\FLVSrvc.exe
    c:\program files\Freecorder\freecorder.exe
    c:\program files\Freecorder\Freecorder.xpi
    c:\program files\Freecorder\FreecorderToolbarHelper.exe
    c:\program files\Freecorder\FreecorderToolbarHelper1.exe
    c:\program files\Freecorder\INSTALL.LOG
    c:\program files\Freecorder\lame_enc.dll
    c:\program files\Freecorder\OCPromo.exe
    c:\program files\Freecorder\OCSetupHlp.dll
    c:\program files\Freecorder\OpenCandy_Why_Is_This_Here.txt
    c:\program files\Freecorder\sdl.dll
    c:\program files\Freecorder\tbFre0.dll
    c:\program files\Freecorder\tbFre1.dll
    c:\program files\Freecorder\tbFre2.dll
    c:\program files\Freecorder\tbFree.dll
    c:\program files\Freecorder\toolbar.cfg
    c:\program files\Freecorder\Uninstall\IRIMG1.JPG
    c:\program files\Freecorder\Uninstall\IRIMG2.JPG
    c:\program files\Freecorder\Uninstall\uninstall.dat
    c:\program files\Freecorder\Uninstall\uninstall.xml
    c:\program files\Freecorder\UNWISE.EXE
    c:\program files\Freecorder\VistaAudioLib.dll
    c:\windows\system32\DRIVERS\sbapifs.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SBAPIFS
    -------\Service_sbapifs


    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
    .

    2011-01-28 22:25 . 2011-01-28 22:43 -------- d-----w- c:\users\JIM\AppData\Local\temp
    2011-01-28 22:25 . 2011-01-28 22:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-01-28 22:25 . 2011-01-28 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-28 22:25 . 2011-01-28 22:25 -------- d-----w- c:\users\Bear\AppData\Local\temp
    2011-01-28 09:45 . 2011-01-28 09:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-28 06:40 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7ECB47C2-EB8E-45E0-92FF-21468506643B}\mpengine.dll
    2011-01-28 04:00 . 2011-01-28 04:00 -------- d-----w- c:\program files\ESET
    2011-01-26 04:18 . 2011-01-26 04:18 -------- d-----w- c:\users\JIM\AppData\Roaming\Malwarebytes
    2011-01-26 04:17 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-26 04:17 . 2011-01-26 04:17 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-26 04:17 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-26 04:17 . 2011-01-26 04:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-26 01:59 . 2011-01-26 01:59 -------- d-----w- c:\users\Bear\AppData\Roaming\Canneverbe Limited
    2011-01-22 17:33 . 2011-01-22 17:34 -------- d-----w- c:\users\JIM\Gazelle
    2011-01-22 13:49 . 2011-01-22 13:49 388096 ----a-r- c:\users\JIM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-22 13:49 . 2011-01-22 13:49 -------- d-----w- c:\program files\Trend Micro
    2011-01-22 04:29 . 2011-01-22 04:29 -------- d-----w- c:\users\Bear\AppData\Roaming\skypePM
    2011-01-22 04:18 . 2011-01-22 04:33 -------- d-----w- c:\users\Bear\AppData\Roaming\Skype
    2011-01-22 01:08 . 2011-01-22 01:08 -------- d-----w- c:\program files\Xirrus
    2011-01-22 01:06 . 2011-01-22 01:06 -------- d-----w- c:\users\JIM\AppData\Local\Downloaded Installations
    2011-01-21 02:20 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-01-16 18:39 . 2011-01-16 18:39 -------- d-----w- c:\users\JIM\AppData\Roaming\Ulead Systems
    2011-01-15 03:09 . 2011-01-14 03:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2011-01-14 03:38 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-01-14 03:16 . 2011-01-14 03:16 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-12 22:27 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 22:27 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 22:27 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 22:27 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 22:27 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 22:27 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 22:27 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-07 15:34 . 2011-01-07 15:34 -------- d-----w- c:\program files\Makayama Interactive
    2011-01-06 05:00 . 2011-01-06 05:00 -------- d-----w- c:\users\JIM\AppData\Local\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-06-30 02:03 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2009-03-06 17:37 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2009-03-06 17:37 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2009-03-06 17:37 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2009-03-06 17:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2009-03-06 17:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2009-03-06 17:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-12 23:53 . 2010-06-07 02:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-04 18:56 . 2010-12-16 12:58 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-16 12:58 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-16 12:58 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-16 12:58 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-16 12:58 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-16 12:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-16 12:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-16 12:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-16 12:58 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57 . 2010-12-16 12:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01 . 2010-12-16 12:58 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-16 12:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-16 12:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "cdloader"="c:\users\JIM\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
    "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2007-02-22 73728]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "Skytel"="Skytel.exe" [2007-08-03 1826816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2007-04-30 03:57 103344 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
    2007-04-30 03:55 205744 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 133104]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]
    R3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\DRIVERS\slnt7554.sys [2003-10-30 223184]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-01-14 1402272]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
    S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SBAPIFS

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 03:35]

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 01:55]

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 01:55]

    2011-01-28 c:\windows\Tasks\User_Feed_Synchronization-{13ACAFEA-952E-4AFC-888B-BF5EBA91C5A1}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]

    2011-01-28 c:\windows\Tasks\User_Feed_Synchronization-{64FAD9B4-A6CE-4667-A4AF-BFE6440C9D89}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://us.mc300.mail.yahoo.com/mc/welcome?.rand=an4agrir032fa#_pg=showFolder&fid=Inbox&order=down&tt=847&pSize=25&.rand=844279483&.jsrand=2
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: tdcanadatrust.com\easyweb
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
    AddRemove-Freecorder Toolbar - c:\progra~1\FREECO~1\UNWISE.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-28 17:41
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\lxbucoms.exe
    c:\windows\system32\lxcgcoms.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-28 17:49:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-28 22:49
    ComboFix2.txt 2011-01-27 22:47
    ComboFix3.txt 2011-01-27 15:51

    Pre-Run: 38,388,723,712 bytes free
    Post-Run: 38,123,765,760 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - EB4B38767B1DE2655503855161FC8430
    I am not sure that I ran Esat correctly . Should I rerun?
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    ESET will have created a log here - C:\Program Files\ESET\EsetOnlineScanner\log.txt copy to reply. Any improvement with your system? any specific issues?
     
  13. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    [email protected] as CAB hook log:
    OnlineScanner.ocx - registred OK
    Computer seems better. Will see how it goes
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    That is an incomplete log, can you try ESET again?
     
  15. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    19
    Running Eset per your instructions didn't seem to work. Should I just use Cntl with first line or with all
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976382

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice