Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Spy/Malware infestation

Reply
1 2

Join Date: Apr 2005
Posts: 35
Reputation: Hoggy12 is an unknown quantity at this point 
Solved Threads: 0
Hoggy12 Hoggy12 is offline Offline
Light Poster
 
0
  #11
27 Days Ago
Hi there,

OK, finally got it too run (twice it blue screened on me during the scan). Here is the result log for you:

ComboFix 09-11-09.02 - Mark Hogben 11/11/2009 17:27.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2936.1706 [GMT 0:00]
Running from: c:\users\Mark Hogben\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\System32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-11 17:37 . 2009-11-11 17:37 -------- d-----w- c:\users\Mark Hogben\AppData\Local\temp
2009-11-11 17:37 . 2009-11-11 17:37 -------- d-----w- c:\users\Michelle Hardy\AppData\Local\temp
2009-11-11 17:37 . 2009-11-11 17:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-11 17:37 . 2009-11-11 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-10 21:09 . 2009-11-10 21:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-10 20:47 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 20:47 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 20:47 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 20:45 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-10 20:45 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-10 20:45 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-10 20:45 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-10 20:45 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-10 20:45 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-10 20:45 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-10 20:45 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-10 20:45 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-10 20:44 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 20:44 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 20:44 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-10 20:38 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 20:38 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 20:00 . 2009-11-07 20:00 -------- d-----w- c:\users\Mark Hogben\AppData\Roaming\Malwarebytes
2009-11-07 20:00 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 20:00 . 2009-11-07 20:00 -------- d-----w- c:\programdata\Malwarebytes
2009-11-07 20:00 . 2009-11-07 20:00 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 20:00 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 15:39 . 2009-11-07 15:39 -------- d-----w- C:\!KillBox
2009-11-05 19:08 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-05 19:08 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-04 22:10 . 2009-11-04 22:10 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-04 22:08 . 2009-11-10 21:25 -------- d-----w- c:\programdata\Lavasoft
2009-11-04 18:40 . 2009-11-04 20:24 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 00:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 00:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-29 00:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-29 00:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 00:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-29 00:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-29 00:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 00:23 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 00:23 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 16:13 . 2009-11-05 20:03 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-14 21:24 . 2009-10-14 21:24 -------- d-----w- c:\programdata\WindowsSearch
2009-10-14 19:47 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 19:45 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 17:25 . 2009-05-19 10:14 8192 d-----w- c:\program files\Steam
2009-11-11 17:25 . 2009-05-19 10:14 -------- d-----w- c:\program files\Common Files\Steam
2009-11-10 21:09 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-10 21:09 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 21:57 . 2009-05-13 13:34 4096 d---a-w- c:\programdata\Sports Interactive
2009-11-09 20:54 . 2008-07-02 15:04 4096 d-----w- c:\program files\Java
2009-11-09 18:51 . 2009-09-12 15:12 -------- d-----w- c:\program files\Yahoo!
2009-11-09 18:50 . 2008-07-02 16:02 4096 d-----w- c:\program files\Google
2009-11-09 18:46 . 2009-10-11 14:18 8192 d-----w- c:\program files\Counter-Strike 1.6
2009-11-08 09:16 . 2009-08-31 20:36 4096 d-----w- c:\users\Mark Hogben\AppData\Roaming\vlc
2009-11-08 08:48 . 2009-04-28 14:26 81920 d-----w- c:\users\Mark Hogben\AppData\Roaming\uTorrent
2009-10-22 16:48 . 2009-06-16 22:46 4096 d-----w- c:\program files\McAfee
2009-10-11 04:17 . 2009-05-13 20:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 19:08 . 2009-09-28 18:27 4096 d-----w- c:\users\Mark Hogben\AppData\Roaming\HpUpdate
2009-10-04 12:46 . 2009-05-11 10:42 4096 d-----w- c:\users\Mark Hogben\AppData\Roaming\Ahead
2009-10-01 01:02 . 2009-11-10 20:46 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-10 20:46 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-10 20:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-28 18:47 . 2009-04-27 15:43 -------- d-----w- c:\users\Mark Hogben\AppData\Roaming\U3
2009-09-28 18:27 . 2009-09-12 14:56 4096 d-----w- c:\program files\HP
2009-09-25 19:50 . 2008-07-02 15:20 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 19:26 . 2009-09-25 19:26 -------- d-----w- c:\program files\Samsung
2009-09-25 02:10 . 2009-11-10 20:46 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-10 20:46 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-10 20:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-10 20:46 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-10 20:46 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-10 20:46 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-10 20:46 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-10 20:46 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-10 20:46 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-10 20:46 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-10 20:46 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-10 20:46 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-10 20:46 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-10 20:46 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-10 20:46 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-10 20:46 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-10 20:46 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-10 20:46 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-10 20:46 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-10 20:46 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-10 20:46 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-10 20:46 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-10 20:46 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-10 20:46 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-10 20:46 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-10 20:46 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-10 20:46 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-18 17:14 . 2009-09-18 17:14 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-18 17:14 . 2009-09-18 17:14 -------- d-----w- c:\programdata\TomTom
2009-09-18 17:05 . 2009-09-18 17:05 -------- d-----w- c:\users\Mark Hogben\AppData\Roaming\TomTom
2009-09-18 17:05 . 2009-09-18 17:05 -------- d-----w- c:\program files\TomTom International B.V
2009-09-18 17:05 . 2009-09-18 17:05 4096 d-----w- c:\program files\TomTom HOME 2
2009-09-17 20:34 . 2009-08-03 20:37 -------- d-----w- c:\users\Michelle Hardy\AppData\Roaming\Apple Computer
2009-09-17 20:25 . 2009-09-17 20:24 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-17 20:24 . 2009-09-17 20:24 -------- d-----w- c:\program files\iPod
2009-09-17 20:24 . 2009-08-03 20:29 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 20:23 . 2009-09-17 20:23 4096 d-----w- c:\program files\QuickTime
2009-09-17 20:17 . 2009-09-17 20:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-16 09:22 . 2009-06-16 22:47 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-06-16 22:47 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-06-16 22:47 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-03-25 10:06 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-06-16 22:40 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-12 15:13 . 2009-09-12 14:55 150978 ----a-w- c:\windows\hpoins30.dat
2009-09-11 21:35 . 2009-09-11 21:35 97280 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-10 16:48 . 2009-10-14 19:46 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 05:51 . 2009-09-09 05:51 22328 ----a-w- c:\users\Mark Hogben\AppData\Roaming\PnkBstrK.sys
2009-09-09 05:51 . 2009-09-09 05:51 22328 ----a-w- c:\users\Mark Hogben\AppData\Roaming\PnkBstrK.sys
2009-09-09 05:51 . 2009-09-09 05:51 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-09 05:51 . 2009-09-09 05:51 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-04 11:41 . 2009-10-14 19:46 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-09 05:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-09 05:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-14 19:46 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 19:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 19:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 19:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-26 07:23 . 2009-04-27 16:52 97280 ----a-w- c:\users\Michelle Hardy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-24 22:57 . 2009-04-27 14:05 97280 ----a-w- c:\users\Mark Hogben\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 16:27 . 2009-09-12 08:58 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-12 08:58 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-12 08:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-12 08:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-12 08:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-12 08:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-12 08:58 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-12 08:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-12 08:58 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-12 08:58 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-12 08:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MouseDriverD9"="c:\program files\MouseDriver\MouseDriver.exe" [2008-10-09 3092480]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2009-09-08 305440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4b,4d,b4,10,85,e0,c9,01

R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [16/04/2008 23:19 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/06/2009 22:49 203280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [04/11/2009 18:40 1153368]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [21/04/2009 16:36 116104]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 15:05 92008]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 16:03 126976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [05/08/2008 11:52 112128]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 14:40 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 08:13 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 15:13 8192]
R3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\System32\drivers\SysMouseFilterF3.sys [28/04/2009 20:14 12800]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

2009-11-04 c:\windows\Tasks\WebReg HP Photosmart C4500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-16 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-Toshiba TEMPO - c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 17:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????w4K????P?~?x?~???~???~??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3480)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-11-11 17:40
ComboFix-quarantined-files.txt 2009-11-11 17:40

Pre-Run: 49,125,539,840 bytes free
Post-Run: 49,057,816,576 bytes free

- - End Of File - - B574DBAFD64158518783C6C8EA9A06B7

Thanks very much again
Reply With Quote Quick reply to this message  
Join Date: Jul 2008
Posts: 3,056
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 174
Moderator
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Sensei
 
0
  #12
27 Days Ago
Is the computer running better since the run of combofix?
Reply With Quote Quick reply to this message  
Join Date: Apr 2005
Posts: 35
Reputation: Hoggy12 is an unknown quantity at this point 
Solved Threads: 0
Hoggy12 Hoggy12 is offline Offline
Light Poster
 
0
  #13
26 Days Ago
Hi there,
Yes, the computer seems to be working as normal now (if not slightly quicker too).
Thank you both so much.

Is combofix a utility that is safe to use on a regular basis as a backup to normal scanning etc?

Cheers
Reply With Quote Quick reply to this message  
Join Date: Jul 2008
Posts: 3,056
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 174
Moderator
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Sensei
 
0
  #14
26 Days Ago
Originally Posted by Hoggy12 View Post
Hi there,
Yes, the computer seems to be working as normal now (if not slightly quicker too).
Thank you both so much.

Is combofix a utility that is safe to use on a regular basis as a backup to normal scanning etc?

Cheers
Glad the computer is running well.
The answer to your combofix question is a resounding NO. This is a ONE time program to be used only in certain circumstances and NEVER on a regular basis and NEVER run unless first instructed to do so by a helper on a forum such as this.
The program has frequent updates and therefore should never be re-used once all the problems are corrected but it should be uninstalled.
In fact once these final steps are done I will give instructions on how to remove combofix from your computer. For the moment leave it alone.

You need to run a new scan MBA-M, be sure to update it first. Do the Full Scan. Remove anything found.
Reboot the computer.
Then run a new HJT scan and post back here with the MBA-M log and the new HJT log.
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC