Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suffering from trojans. Help please!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suffering from trojans. Help please!

Unread postby morty » August 25th, 2008, 2:13 pm

Dear Chryssi,
Please,Please,Please tell me, am I going to lose all the content of the "Movies"and Ïnbox"folder by doing these steps?
Morty
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am
Advertisement
Register to Remove

Re: Suffering from trojans. Help please!

Unread postby chryssi2001 » August 25th, 2008, 3:18 pm

No only this one which is infected:

C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Suffering from trojans. Help please!

Unread postby morty » August 25th, 2008, 4:09 pm

Oh ok,
:oops: :oops:
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby morty » August 25th, 2008, 4:39 pm

Ok, here is the OTMoveIt log: -

C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\Teens Like It Big - New cock on the block - Stephanie Cane moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\Pornstars Like it Big - The Super Stroker Treatment - Brooke Belle moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\My Sister's Hot Friend - Jenni Lee moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\Lucie Theodorova - Je Me Tape Des Top Models moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\Hunter Bryce - My sister's Hot Friend moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\Rihanna moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\New Folder (2) moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\Bikini Women Wallpapers [Michi80] moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\Bikini Girls Wallpapers moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\Bikini Celebrity Wallpapers [Michi80] moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\Avril bikini pics moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini moved successfully.
C:\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\The.Mist.DVDRip.XviD-DiAMOND\Subs moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\The.Mist.DVDRip.XviD-DiAMOND\Sample moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\The.Mist.DVDRip.XviD-DiAMOND\CD2 moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\The.Mist.DVDRip.XviD-DiAMOND\CD1 moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\The.Mist.DVDRip.XviD-DiAMOND moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Perfect.Feet.German.2007.XXX.DVDRIP.XviD-WTA moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\MAX.PAYNE.2.THE.FALL.OF.MAX.PAYNE-DEViANCE moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\JBVideo - Point of View Footjobs 4 moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Inflagranti.Fetish.Zone.Feet.Club.GERMAN.2007.XXX.DVDRiP.XviD-WTA\Sample moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Inflagranti.Fetish.Zone.Feet.Club.GERMAN.2007.XXX.DVDRiP.XviD-WTA moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Footsie.Babes.E117.Jasmine.Rouge.XXX.WMV-ERGO\Sample moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Footsie.Babes.E117.Jasmine.Rouge.XXX.WMV-ERGO moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Footsie.Babes.E115.Simone.Peach.XXX.WMV-ERGO\Sample moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\Footsie.Babes.E115.Simone.Peach.XXX.WMV-ERGO moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\DAEMON Tools Lite 4.11 moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet\10.000.BC.R5.LiNE.XVID-BaLD moved successfully.
C:\Documents and Settings\USER\My Documents\Downloads Bitcomet moved successfully.
C:\Downloads\Anne_Hoopers_-_Love_Making_Techniques.rar moved successfully.
C:\Downloads\Dick.A.Guide.to.the.Penis.for.Men.and.Women.rar moved successfully.
C:\Program Files\Hijackthis\backups\backup-20080824-120434-725.dll unregistered successfully.
C:\Program Files\Hijackthis\backups\backup-20080824-120434-725.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_220050



And yes, the symantec has incoming and outgoing email scanner and protection.
Regards
Morty
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby chryssi2001 » August 26th, 2008, 12:53 am

Morty,

Please continue with the rest of my instructions here.

We have to remove emails, and we have to be sure there are not infected emails in your inbox any more, otherwise you will get re-infected.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Suffering from trojans. Help please!

Unread postby morty » August 29th, 2008, 10:09 am

Dear Chryssi,
Please accept my apologies as I had my university exams, I just finished looking at the emails and deleted the ones which contained links, but they are still 5000 plus! So, I am going to get an external hard drive tonight to export the emails there, so it is going to be safe right?
The moment it is done, I will get back to you.
God Bless You,
Morty
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby chryssi2001 » August 29th, 2008, 12:09 pm

Hi morty,

I hope you did well with your Exams. Good luck!! :)

Well you had more than 5000 emails in your inbox that can explain why the whole inbox.dbx and the inbox.bak file are infected.

C:\Documents and Settings\Rabi Avvali\Local Settings\Application Data\Identities\{13144B1A-C075-4DA2-AFF2-E7C1B8D04FBC}\Microsoft\Outlook Express\Inbox.dbx

C:\Documents and Settings\Rabi Avvali\Local Settings\Application Data\Identities\{13144B1A-C075-4DA2-AFF2-E7C1B8D04FBC}\Microsoft\Outlook Express\Inbox.bak

Better transfer the contents of both folders above in red colour to the external HDD, scan it, and remove the infected ones.

Let me know, so we can run Kaspersky again.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Suffering from trojans. Help please!

Unread postby morty » August 29th, 2008, 12:11 pm

Thanks very much hehe!
and yes, sure, I shall inform you as soon as it is done.
Regards,
Morty
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby chryssi2001 » August 30th, 2008, 1:02 pm

Ok i'll be here :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Suffering from trojans. Help please!

Unread postby morty » September 3rd, 2008, 9:37 am

Dear Chryssi,
Greetings,
I have removed 5000 emails to an external HDD and kept only 100 of them. Please give me further instructions.
Best regards,
Morty
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby chryssi2001 » September 3rd, 2008, 10:22 am

Hello morty,

Glad to see you back! :)

Run Kaspersky again as per my instructions here, and also post a new HijackThis log.

In case it still shows your inbox files infected, you will have to remove all the emails from there. ;)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Suffering from trojans. Help please!

Unread postby morty » September 3rd, 2008, 10:27 am

Dear chryssi,
Thanks!
I shall do as you say right now.
See you in about 13 hours!!!!!!

Stand By,
Morty
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby chryssi2001 » September 3rd, 2008, 10:45 am

:lol: :lol: No, you will see me sooner than you expect.
Only 100 emails for Kaspersky to scan now, instead of 5000 ;) :P
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Suffering from trojans. Help please!

Unread postby morty » September 4th, 2008, 11:23 am

Dear Chryssi,
Hope you are doing well,

Here is the Kaspersky Log: -


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 04, 2008 08:29:48
Records in database: 1191019
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
Z:\

Scan statistics:
Files scanned: 146923
Threat name: 14
Infected objects: 42
Suspicious objects: 0
Duration of the scan: 02:58:36


File name / Threat name / Threats count
C:\Documents and Settings\Rabi Avvali\Local Settings\Application Data\Identities\{13144B1A-C075-4DA2-AFF2-E7C1B8D04FBC}\Microsoft\Outlook Express\Inbox.bak Infected: Email-Worm.Win32.Bagle.fk 2
C:\Documents and Settings\Rabi Avvali\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Bagle.fk 2
C:\MyBackup\My Documents\2008-07-18\Downloads Bitcomet\Nero-8.3.2.1_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\QooBox\Quarantine\C\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.az 1
C:\QooBox\Quarantine\C\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.az 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ctueyigt.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hdenltjw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\idqkyllg.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\okjakdvf.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qshmjdpc.dll.vir Infected: Trojan.Win32.Monder.khh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\quuiyqgx.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rfkctjed.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rubmvewf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vboneyaq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\viskvarr.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xmfcslov.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000081.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000082.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000083.dll Infected: Trojan-Spy.Win32.BZub.faz 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000084.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000085.dll Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000086.dll Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000087.dll Infected: Trojan.Win32.Monder.khh 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000088.dll Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000089.dll Infected: Trojan.Win32.Monder.giw 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000090.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000091.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000092.dll Infected: Trojan.Win32.Monder.gjp 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000093.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000094.dll Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP2\A0000095.dll Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP4\A0001066.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az 1
C:\System Volume Information\_restore{057EF1DB-699E-460E-A182-554DABF78B4D}\RP4\A0001067.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Documents and Settings\USER\Desktop\New Folder (3)\Music\Movies\Porn\bikini\Bikini Girls Wallpapers\Self-Extract-Gallery.exe Infected: Trojan-Dropper.Win32.KGen.rs 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Documents and Settings\USER\My Documents\Downloads Bitcomet\Nero-8.3.2.1_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Downloads\Anne_Hoopers_-_Love_Making_Techniques.rar Infected: Trojan.Win32.Monderb.fde 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Downloads\Anne_Hoopers_-_Love_Making_Techniques.rar Infected: Trojan.Win32.FraudPack.gen 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Downloads\Dick.A.Guide.to.the.Penis.for.Men.and.Women.rar Infected: Trojan.Win32.Monderb.frd 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Downloads\Dick.A.Guide.to.the.Penis.for.Men.and.Women.rar Infected: Trojan.Win32.FraudPack.gen 1
C:\_OTMoveIt\MovedFiles\08252008_220050\Program Files\Hijackthis\backups\backup-20080824-120434-725.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.az 1

The selected area was scanned.
OVER
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am

Re: Suffering from trojans. Help please!

Unread postby morty » September 4th, 2008, 11:25 am

Dear Chryssi,
Here is the HJT log file: -


Logfile of HijackThis v1.99.1
Scan saved at 7:24:00 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Counter-Strike\hl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\PROG\bmath1.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Back2zip.lnk = C:\Program Files\Back2zip\Back2zip.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1775002859
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27845FBC-99C6-4C0E-B907-FD1D2ED9CF94}: NameServer = 195.229.241.222 213.42.20.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

OVER
morty
Regular Member
 
Posts: 32
Joined: August 19th, 2008, 8:57 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware