Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"AntiVir" Malware/Virus crippling my computer. Please Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"AntiVir" Malware/Virus crippling my computer. Please Help!

Unread postby PleaseHelpFred » August 4th, 2010, 9:44 pm

I run Windows Vista.

Early AM July 31st, all of a sudden this "AntiVir Solution Pro" popped on my computer as well as my taskbar and I couldn't close it. When I tried to go to any website on various browsers, it warned that the website I was trying to access was known to have viruses and the only options it gave all were to download their "virus protection" program, directing you to their website AntiVirFox.com.

It wouldn’t let me open any documents, instead popping up with a message that they have been infected as well, and then asked if I wanted to run their AntiVir. I clicked no. It blocked access to Task Manager and Control Panel. It then would periodically pop up with prompts again indicating some program was infected and offering to run their program again.

Early the next morning (still the 31st), I used a restore point from 2 days previous. It seemed to fix the problem but about 36 hours later, about 11:30PM on August 1st, VirScan popped up again with the same results. Now, alternately, it would load Viagra’s webpage or, alternately, a porn site.

On Monday August 2nd, I started in Safe Mode and ran both (an older version of) Ad-Aware and McAfee On-Demand Scan (DAT files 27 months old). Ad-Aware picked up mostly cookies as well as 29 negligible objects and I deleted them all. Afterwards, McAfee then just picked up 7 additional cookies, which I also deleted.

On Tuesday, August 3rd, I restarted in Safe Mode with Networking but was still unable to connect to the internet. I then activated a restore point, this time the furthest one back on my system--July 11, 2010. This restored my internet capabilities but I immediately shut down and restarted in Safe Mode with Networking.

I then downloaded MalwareBytes, HijackThis, and downloaded the newest Ad-Aware, as well as updated McAfee (or so I thought, it jut downloaded the newer McAfee Security Scan Plus).

I then restarted the computer in Safe Mode only and ran MalwareBytes and reran McAfee. Both programs came up with nothing. I then ran Hijack This the following morning, August 4th, the results of which are attached below.

Also on August 4th, the new Ad-Aware said it wouldn't run without connecting the internet to get Microsoft Visual C++ Runtime 9.0 Service Pack 1. However, when I connected in Safe Mode with Networking, it still couldn't get the file and I couldn't find it on Microsoft’s website.

To run McAfee Security Scan Plus, you must "update now" first but it tells me "error initializing Updater interface"

Windows Update won't work either—won’t even load—( Up until July 31st when the problems began, I had been all up-to-date with my Windows updates).

And if I try to update the McAfee On-Demand Scan, I get “Failed to initialize Common Updater subsystem. Make sure the McAfee Framework Service is running. McAfee Common Framework returned error fffff95b @ 2”

I also noticed when I was activating the Computer Repair Mode at start-up to access the Restore Points, it wouldn’t allow me to log on as the Administrator. I’ve never used that log in so it should either have no password attached, or the password that I use with my Username but access was still denied to me in both cases.

I looked over the Hijack results and saw a few things that I thought may be the problem but, not being all that technical savvy when it comes to computer code, I didn’t want to accidentally delete anything my computer needs.

I look forward to, and am very grateful for, whatever help you can give me to fix this problem. In the meantime, I’ve pretty much stopped using my laptop and when I have it on I only run it in Safe Mode as I await your reply (in an attempt to prevent any further damage).





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:53 AM, on 8/4/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WDCBG] C:\Windows\WDCBG.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\FWS III\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DirectPlayerCore] "C:\Program Files\NBC Direct\DirectPlayerCore.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://mbw.50megs.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 15197 bytes










32 Bit HP CIO Components Installer
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
CinemaNow Media Manager
Desktop Dialer
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DVD MovieFactory for TOSHIBA
DVDFab 6.2.0.5 (11/11/2009)
eMusic Download Manager 3.0
FATE
Google Desktop
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Video Uploader
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Deskjet & Photosmart Printer Driver Software 8.0.A
HP Imaging Device Functions 8.0
HP Photo and Imaging 2.0 - All-in-One
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Internet Offers
iTunes
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
JEOPARDY
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee AntiSpyware Enterprise Module
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pando Media Booster
PDF reDirect (remove only)
PDF Settings
Penguins!
PIXMA Extended Survey Program
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Safari
SCRABBLE
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Storage Adapter FX/AT (WDC)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.2
WD Drive Manager (x86)
Western Digital USB Mass Storage Driver Installation
Winamp (remove only)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
WinMX
Yahoo! Messenger
Yahoo! Music Jukebox
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm
Advertisement
Register to Remove

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby MWR 3 day Mod » August 8th, 2010, 2:37 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby jmw3 » August 9th, 2010, 1:31 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Is there any reason as to why this computer is not updated to Vista Service Pack 2?

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent DNA | WinMX

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 9th, 2010, 10:12 pm

MRU Teacher,

Thank you for taking the time to try and help me.

As mentioned in my original post, as far as I knew, Windows was completely up to date before the problem began on July 31st. (Windows is constantly, automatically downloading updates and when I was selecting a restore point--I choose July 11th because it was the oldest and I was hoping far enough removed from the problem--it showed more recent restore points in which other Windows updates were involved, so I know that feature had still been running).

I deleted the programs you requested (WinMx, BitTorrent).

I downloaded the DDS. That ran fine and the documents are pasted below.

GMER seemed to be running fine for several minutes. I left the room and returned about 5 minutes later to a black screen which I thought was the screensaver (I'm still only using the computer in Safe Mode). I wiggled the Cursor and it didn't return, every once in a while the hourglass briefly showing. After several minutes, the log in screen appeared accompanied by the start up music! My laptop had restarted!

I immediately shut it off and rebooted in Safe Mode.

I opened GMER again and hit save to record the start up information (per my understanding of the directions should the scan not work). I then hit scan again to see if it would work. Within a minute or so, I got:

"Byuksiyq.exe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if there is a solution."

Once I closed that window, I went to open the program once more and got the dreaded BLUE SCREEN OF DEATH which rebooted the computer (and I'm guessing is what happened behind the vail of the black screensaver just prior to that).

That was the first time this lap top has ever experienced the blue screen (My laptop is 3 years old this month).

What is the next step?

Thanks again,

Fred



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by FWS III at 18:00:47.30 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2037.1179 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Outdated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\FWS III\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3UGD96W\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\fws iii\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [WDCBG] c:\windows\WDCBG.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: 50megs.com\mbw
Trusted Zone: adobe.com\www
Trusted Zone: cinemanow.com
Trusted Zone: taxactonline.com\www
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
Hosts: 65.75.216.6 www.winmx.com err.winmx.com
Hosts: 205.238.40.54 www.winmx.com err.winmx.com
Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]
S1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
S2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-1-14 129520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-7-22 104000]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-15 24652]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-28 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-22 72264]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-22 168776]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-04 01:26:35 0 d-----w- c:\users\fwsiii~1\appdata\roaming\Malwarebytes
2010-08-04 01:26:19 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 01:22:40 0 d-----w- c:\program files\Trend Micro
2010-08-04 01:21:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 01:21:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 01:21:48 0 d-----w- c:\programdata\Malwarebytes
2010-08-04 01:21:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 00:02:55 65536 --sha-w- c:\users\fws iii\ntuser.dat{72b6b157-9f5b-11df-919e-0013e8193841}.TM.blf
2010-08-04 00:02:55 524288 --sha-w- c:\users\fws iii\ntuser.dat{72b6b157-9f5b-11df-919e-0013e8193841}.TMContainer00000000000000000002.regtrans-ms
2010-08-04 00:02:55 524288 --sha-w- c:\users\fws iii\ntuser.dat{72b6b157-9f5b-11df-919e-0013e8193841}.TMContainer00000000000000000001.regtrans-ms
2010-07-31 18:40:14 65536 --sha-w- c:\users\fws iii\ntuser.dat{ee545eb6-9cd2-11df-b0f1-00a0d176796e}.TM.blf
2010-07-31 18:40:14 524288 --sha-w- c:\users\fws iii\ntuser.dat{ee545eb6-9cd2-11df-b0f1-00a0d176796e}.TMContainer00000000000000000002.regtrans-ms
2010-07-31 18:40:14 524288 --sha-w- c:\users\fws iii\ntuser.dat{ee545eb6-9cd2-11df-b0f1-00a0d176796e}.TMContainer00000000000000000001.regtrans-ms
2010-07-23 04:36:46 0 d-----w- c:\users\fws iii\Tracing
2010-07-23 04:16:50 0 d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2010-07-04 21:27:05 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-04 21:27:04 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-04 21:27:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-02-13 05:51:10 174 --sha-w- c:\program files\desktop.ini
2009-02-13 05:09:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-23 20:58:13 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-09-10 20:01:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007091020070911\index.dat
2010-04-09 20:20:25 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-04-09 20:20:25 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-04-09 20:20:25 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:05:05.64 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 4/26/2007 4:02:18 AM
System Uptime: 8/9/2010 4:14:24 PM (2 hours ago)

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 185 GiB total, 8.536 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Hosts File Hijack ======================

Hosts: 65.75.216.6 www.winmx.com err.winmx.com
Hosts: 205.238.40.54 www.winmx.com err.winmx.com
Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
Hosts: 82.43.229.238 test2.winmxgroup.net
Hosts: 205.238.40.1 test3.winmxgroup.net
Hosts: 205.238.40.2 test4.winmxgroup.net
Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net

==== Installed Programs ======================


32 Bit HP CIO Components Installer
AC3Filter (remove only)
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutoUpdate
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
Camera Assistant Software for Toshiba
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
CinemaNow Media Manager
CustomerResearchQFolder
D4100
D4100_Help
Desktop Dialer
Destinations
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD MovieFactory for TOSHIBA
DVDFab 6.2.0.5 (11/11/2009)
eMusic Download Manager 3.0
eSupportQFolder
FATE
Google Chrome
Google Desktop
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Video Uploader
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Deskjet & Photosmart Printer Driver Software 8.0.A
HP Imaging Device Functions 8.0
HP Photo and Imaging 2.0 - All-in-One
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
IDM Flash 4.4.0.468
Intel(R) Graphics Media Accelerator Driver
Internet Offers
iTunes
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
JEOPARDY
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
McAfee AntiSpyware Enterprise Module
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Move Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MXpie Patch for WinMX Network/WPNP 3.6.3.6
NBC Direct
Pando Media Booster
PDF reDirect (remove only)
PDF Settings
Penguins!
PIXMA Extended Survey Program
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Safari
SCRABBLE
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SF_CDA_ProductContext
SF_CDA_Software
Skype™ 4.0
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Storage Adapter FX/AT (WDC)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.2
WD Drive Manager (x86)
WebReg
Western Digital USB Mass Storage Driver Installation
Winamp (remove only)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
Yahoo! Messenger
Yahoo! Music Jukebox

==== End Of File ===========================









GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-09 18:45:28
Windows 6.0.6001 Service Pack 1
Running: byuksiyq.exe; Driver: C:\Users\FWSIII~1\AppData\Local\Temp\awlyrkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 9th, 2010, 10:12 pm

MRU Teacher,

Thank you for taking the time to try and help me.

As mentioned in my original post, as far as I knew, Windows was completely up to date before the problem began on July 31st. (Windows is constantly, automatically downloading updates and when I was selecting a restore point--I choose July 11th because it was the oldest and I was hoping far enough removed from the problem--it showed more recent restore points in which other Windows updates were involved, so I know that feature had still been running).

I deleted the programs you requested (WinMx, BitTorrent).

I downloaded the DDS. That ran fine and the documents are pasted below.

GMER seemed to be running fine for several minutes. I left the room and returned about 5 minutes later to a black screen which I thought was the screensaver (I'm still only using the computer in Safe Mode). I wiggled the Cursor and it didn't return, every once in a while the hourglass briefly showing. After several minutes, the log in screen appeared accompanied by the start up music! My laptop had restarted!

I immediately shut it off and rebooted in Safe Mode.

I opened GMER again and hit save to record the start up information (per my understanding of the directions should the scan not work). I then hit scan again to see if it would work. Within a minute or so, I got:

"Byuksiyq.exe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if there is a solution."

Once I closed that window, I went to open the program once more and got the dreaded BLUE SCREEN OF DEATH which rebooted the computer (and I'm guessing is what happened behind the vail of the black screensaver just prior to that).

That was the first time this lap top has ever experienced the blue screen (My laptop is 3 years old this month).

What is the next step?

Thanks again,

Fred



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by FWS III at 18:00:47.30 on Mon 08/09/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2037.1179 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Outdated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\FWS III\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3UGD96W\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\fws iii\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [WDCBG] c:\windows\WDCBG.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: 50megs.com\mbw
Trusted Zone: adobe.com\www
Trusted Zone: cinemanow.com
Trusted Zone: taxactonline.com\www
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
Hosts: 65.75.216.6 www.winmx.com err.winmx.com
Hosts: 205.238.40.54 www.winmx.com err.winmx.com
Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]
S1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
S2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-1-14 129520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-7-22 104000]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-15 24652]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-28 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-22 72264]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-22 168776]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-04 01:26:35 0 d-----w- c:\users\fwsiii~1\appdata\roaming\Malwarebytes
2010-08-04 01:26:19 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 01:22:40 0 d-----w- c:\program files\Trend Micro
2010-08-04 01:21:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 01:21:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 01:21:48 0 d-----w- c:\programdata\Malwarebytes
2010-08-04 01:21:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 00:02:55 65536 --sha-w- c:\users\fws iii\ntuser.dat{72b6b157-9f5b-11df-919e-0013e8193841}.TM.blf
2010-08-04 00:02:55 524288 --sha-w- c:\users\fws iii\ntuser.dat{72b6b157-9f5b-11df-919e-0013e8193841}.TMContainer00000000000000000002.regtrans-ms
2010-08-04 00:02:55 524288 --sha-w- c:\users\fws iii\ntuser.dat{72b6b157-9f5b-11df-919e-0013e8193841}.TMContainer00000000000000000001.regtrans-ms
2010-07-31 18:40:14 65536 --sha-w- c:\users\fws iii\ntuser.dat{ee545eb6-9cd2-11df-b0f1-00a0d176796e}.TM.blf
2010-07-31 18:40:14 524288 --sha-w- c:\users\fws iii\ntuser.dat{ee545eb6-9cd2-11df-b0f1-00a0d176796e}.TMContainer00000000000000000002.regtrans-ms
2010-07-31 18:40:14 524288 --sha-w- c:\users\fws iii\ntuser.dat{ee545eb6-9cd2-11df-b0f1-00a0d176796e}.TMContainer00000000000000000001.regtrans-ms
2010-07-23 04:36:46 0 d-----w- c:\users\fws iii\Tracing
2010-07-23 04:16:50 0 d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2010-07-04 21:27:05 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-04 21:27:04 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-04 21:27:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-02-13 05:51:10 174 --sha-w- c:\program files\desktop.ini
2009-02-13 05:09:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-23 20:58:13 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-09-10 20:01:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007091020070911\index.dat
2010-04-09 20:20:25 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-04-09 20:20:25 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-04-09 20:20:25 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:05:05.64 ===============









UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 4/26/2007 4:02:18 AM
System Uptime: 8/9/2010 4:14:24 PM (2 hours ago)

Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 185 GiB total, 8.536 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Hosts File Hijack ======================

Hosts: 65.75.216.6 www.winmx.com err.winmx.com
Hosts: 205.238.40.54 www.winmx.com err.winmx.com
Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
Hosts: 82.43.229.238 test2.winmxgroup.net
Hosts: 205.238.40.1 test3.winmxgroup.net
Hosts: 205.238.40.2 test4.winmxgroup.net
Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net

==== Installed Programs ======================


32 Bit HP CIO Components Installer
AC3Filter (remove only)
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutoUpdate
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
Camera Assistant Software for Toshiba
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
CinemaNow Media Manager
CustomerResearchQFolder
D4100
D4100_Help
Desktop Dialer
Destinations
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD MovieFactory for TOSHIBA
DVDFab 6.2.0.5 (11/11/2009)
eMusic Download Manager 3.0
eSupportQFolder
FATE
Google Chrome
Google Desktop
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Video Uploader
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Deskjet & Photosmart Printer Driver Software 8.0.A
HP Imaging Device Functions 8.0
HP Photo and Imaging 2.0 - All-in-One
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
IDM Flash 4.4.0.468
Intel(R) Graphics Media Accelerator Driver
Internet Offers
iTunes
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
JEOPARDY
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
McAfee AntiSpyware Enterprise Module
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Move Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MXpie Patch for WinMX Network/WPNP 3.6.3.6
NBC Direct
Pando Media Booster
PDF reDirect (remove only)
PDF Settings
Penguins!
PIXMA Extended Survey Program
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
Safari
SCRABBLE
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SF_CDA_ProductContext
SF_CDA_Software
Skype™ 4.0
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Storage Adapter FX/AT (WDC)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.2
WD Drive Manager (x86)
WebReg
Western Digital USB Mass Storage Driver Installation
Winamp (remove only)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
Yahoo! Messenger
Yahoo! Music Jukebox

==== End Of File ===========================









GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-09 18:45:28
Windows 6.0.6001 Service Pack 1
Running: byuksiyq.exe; Driver: C:\Users\FWSIII~1\AppData\Local\Temp\awlyrkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby jmw3 » August 10th, 2010, 12:08 am

Hi

For future reference, when downloading any programs I ask you to, please download them to your desktop by choosing Save File, and then selecting Desktop as the location.
If you are allowed to choose Run or Save, always choose Save. Choosing Run downloads and executes the process from temporary Internet files... and does not give you a desktop icon so you can run the program a second time.

Remove Programs
Click Start > Control Panel > Programs and Features
Remove these programs by clicking Uninstall

Ask Toolbar
Internet Offers
MarketResearch
MXpie Patch for WinMX Network/WPNP 3.6.3.6


If some programs listed are not present, please do not panic

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Right-click TFC.exe then choose Run as Administrator to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 10th, 2010, 2:00 am

I had been saving them elsewhere on the computer (I have an Installs folder), but if you prefer me saving to the desktop, I can do that instead. I was running GMER from my laptop, not the internet.

I deleted Ask Toolbar, Internet Offers (that had been pre-installed from Toshiba), MXpie Patch for WinMX Network/WPNP 3.6.3.6

However, MarketResearch did not show up in the Program files.

I downloaded and ran TFC. It took 20 minutes but the process completed and there was no need for a reboot. I noticed that afterwards, there was another 7GB now available on my hard drive.

When I go to run ComboFix, it tells me that is has detected the real time scanner(s) to be active:

Antivirus: VirusScan Enterprise + Antispyware Enterprises
Antispyware: VirusScan Enterprise + Antispyware Enterprises

However, in the VirusScan Console both Access Protection and On-Delivery E-mail Scanner are listed as Disabled, the On-Access Scanner is listed as Not Running, and Full Scan and Targeted Scan are Not Scheduled. If I open Windows Task Manager, the McAfee items under Services are all listed as Stopped. I even turned off the Window Firewall.

There are no additional icons in the tray bar (just the time, an icon indicating no sound and an icon indicating an internet connection). The link about how to shut off the programs didn't provide any aditional information in my case.

I X'ed out of the box but that doesn't get out of ComboFix, just brings another promp with:

"Warning!!
Antivirus: VirusScan Enterprise + Antispyware Enterprises
Antispyware: VirusScan Enterprise + Antispyware Enterprises

The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk."

The only option is to hit "OK". I don't want to hit okay if it's going to interact with those scanners and destroy my computer. Is there something I'm missing with turning the scanners off? And is there someway for me to exit out of ComboFix?

When we get past that, you said you would like an update on how my computer is running? In what regards? Do you want me to start running it out of safe mode? Last time it took 36 hours for the problem to manifest again, at which point it completely wipes out my internet capabilities. Having already restored to the furthest restore point back, will I be able to use that tactic again should problems arise to restore the internet and get in touch with you?

I think the fastest way to find out if there is still a problem, may be to restart in safe mode and see if it will allow me to update the virus software since it was blocking me from doing that before. Would you suggest that?

And since Windows just discontinued it's service for Vista (this problem has great timing--haha), is there a way to restore the Service packs I need?

I'm going to leave my computer on till I receive a response since I don't know how to exit ComboFix and don't dare hit "ok" and run it without your approval.

Fred
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby jmw3 » August 10th, 2010, 3:14 am

Hi

If you are running ComboFix while in Safe Mode, then your Anti-virus would not be active. What appears to be happening is even though disabled, the anti-virus is still showing as active in the WMI & it is this that ComboFix is seeing. Just allow ComboFix to run.... it will not destroy your computer. Ideally it would be better if you were running ComboFix in Normal Mode, but if your running it in Safe Mode, make sure you reboot back to Safe Mode if ComboFix reboots the computer. That is important for ComboFix to finish it's routines.

Once ComboFix has finished then reboot into Normal Mode & give me an update on how the computer is behaving.

And since Windows just discontinued it's service for Vista (this problem has great timing--haha), is there a way to restore the Service packs I need?
Micosoft have not discontinued it's service for Vista. They just will no longer support a Vista machine with NO Service Packs installed. You have SP1 & you can still download SP2. But leave that until we are sure the computer is free of malware.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 10th, 2010, 1:56 pm

I ran ComboFix.

4 times during the process, it said "Access Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks"--twice when it first started (before it created a restore point), once after Stage 38, and finally after it said "Deleting Files" (it then proceeded to delete just one file)

It did not require a reboot. But I will be rebooting it in normal mode, per your instructions, shortly.

The log file is below:

ComboFix 10-08-09.02 - FWS III 08/10/2010 10:31:29.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2037.1362 [GMT -7:00]
Running from: c:\users\FWS III\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Outdated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\FWS III\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 05:15 . 2010-08-10 17:27 -------- d-----w- C:\32788R22FWJFW
2010-08-04 01:26 . 2010-08-04 01:26 -------- d-----w- c:\users\FWS III\AppData\Roaming\Malwarebytes
2010-08-04 01:26 . 2010-08-04 01:26 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 01:22 . 2010-08-04 01:22 -------- d-----w- c:\program files\Trend Micro
2010-08-04 01:21 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 01:21 . 2010-08-04 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 01:21 . 2010-08-04 01:21 -------- d-----w- c:\programdata\Malwarebytes
2010-08-04 01:21 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-23 04:36 . 2010-08-02 04:53 -------- d-----w- c:\users\FWS III\Tracing
2010-07-23 04:30 . 2010-07-23 04:33 -------- d-----w- c:\program files\Windows Live
2010-07-23 04:16 . 2010-07-23 04:16 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 17:35 . 2007-08-03 16:58 5676 ----a-w- c:\users\FWS III\AppData\Local\d3d9caps.dat
2010-08-10 00:08 . 2009-10-16 01:08 -------- d-----w- c:\program files\BitTorrent
2010-08-10 00:08 . 2009-10-16 01:09 -------- d-----w- c:\users\FWS III\AppData\Roaming\BitTorrent
2010-08-08 03:18 . 2009-08-06 11:09 -------- d-----w- c:\programdata\FLEXnet
2010-08-04 00:55 . 2009-04-20 01:22 -------- d-----w- c:\users\FWS III\AppData\Roaming\PDF reDirect
2010-08-04 00:55 . 2007-07-23 01:14 -------- d-----w- c:\users\FWS III\AppData\Roaming\Winamp
2010-08-04 00:55 . 2010-06-01 01:50 -------- d-----w- c:\programdata\CinemaNow
2010-08-04 00:55 . 2010-03-24 04:38 -------- d-----w- c:\programdata\PMB Files
2010-08-04 00:55 . 2009-12-11 18:40 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-04 00:55 . 2007-07-25 02:35 -------- d-----w- c:\program files\MSN Messenger
2010-08-04 00:55 . 2008-09-06 19:17 -------- d-----w- c:\program files\DivX
2010-08-04 00:55 . 2009-06-03 23:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-04 00:55 . 2010-05-10 00:21 -------- d-----w- c:\programdata\DivX
2010-08-04 00:45 . 2009-12-11 18:40 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-04 00:23 . 2010-03-24 04:41 -------- d-----w- c:\users\FWS III\AppData\Roaming\NBC Direct
2010-08-03 13:00 . 2008-09-19 19:16 -------- d-----w- c:\program files\Western Digital
2010-08-01 08:02 . 2007-07-25 01:29 -------- d-----w- c:\users\FWS III\AppData\Roaming\Apple Computer
2010-07-09 04:30 . 2008-04-16 07:21 -------- d-----w- c:\programdata\CanonIJPLM
2010-07-04 21:00 . 2009-03-28 18:35 -------- d-----w- c:\program files\Bonjour
2010-06-25 10:12 . 2007-07-30 15:57 -------- d-----w- c:\program files\Microsoft.NET
2010-06-13 01:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-12 22:53 . 2008-04-03 18:55 -------- d-----w- c:\program files\Safari
2010-06-12 22:29 . 2010-06-12 22:29 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-05-26 16:16 . 2010-06-10 01:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 01:39 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-02 23:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-17 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-24 2937528]
"DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2010-03-21 1146880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-04 30192]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"WDCBG"="c:\windows\WDCBG.EXE" [2004-08-02 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-05 1603152]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-17 430080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-5 28672]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-15 129520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 135664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-17 102400]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-04 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc REG_MULTI_SZ usnsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 23:31]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 23:31]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347319068-1503022336-3082595912-1000Core.job
- c:\users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-17 23:39]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347319068-1503022336-3082595912-1000UA.job
- c:\users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-17 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: 50megs.com\mbw
Trusted Zone: adobe.com\www
Trusted Zone: cinemanow.com
Trusted Zone: taxactonline.com\www
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 10:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-08-10 10:46:03
ComboFix-quarantined-files.txt 2010-08-10 17:45

Pre-Run: 16,443,043,840 bytes free
Post-Run: 16,388,268,032 bytes free

- - End Of File - - F892A2A3C40E0E26F463193FA0F99C0D
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby jmw3 » August 10th, 2010, 10:02 pm

Hi

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Folder::
c:\program files\BitTorrent
c:\users\FWS III\AppData\Roaming\BitTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
DDS::
Trusted Zone: 50megs.com\mbw
Trusted Zone: adobe.com\www
Trusted Zone: cinemanow.com
Trusted Zone: taxactonline.com\www
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.

To post in next reply:
ComboFix log
Kaspersky Online Scan log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 11th, 2010, 11:17 pm

Update on my computer before having me update ComboFix and running it a second time: There was a lag between when I clicked on something and when it opened.

Ran CombFix fine, results pasted below . Afterwards the above issue was resolved.

I then removed Java (TM) 6 Update 11 and Java (TM) SE Runtime Environment 6, rebooted, and installed the new Java and wiped out the stored files in the settings.

By the time I started Kaspersky, it was already 1:30AM, so I went to sleep, got up in about an hour after the downloading part was done and then set the actual scanning in motion and went back to bed.

When I got up five and a half hours later, I found that my computer had restarted! Windows had decided to automatically install 18 updates (still no service packs, though) and automatically reboot my computer (incidentally, is there anyway to keep it from doing the automatic reboot? It’s very annoying when you leave the computer for 20 minutes and then come back to find the computer has restarted and any open program you were working on was closed without being saved).

So, this morning, I started the scan again. 9 hours and 10 minutes later, having reached 99%, the program seems to have froze! I waited another 80 minutes hoping it would resume, but it did not. I went ahead and hit the View Scan Report button but it just generated a screen with no content for me to save and send to you.

I know that during the scan, it had found 4 items (I'd say, at least within the first 2 hours of scanning, nothing else after that). I’ll have to leave it running over night again to try and get it to complete the scan.



ComboFix 10-08-10.04 - FWS III 08/11/2010 0:11.1.2 - x86
Running from: c:\users\FWS III\Desktop\ComboFix.exe
Command switches used :: c:\users\FWS III\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Outdated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\users\FWS III\AppData\Roaming\BitTorrent
c:\users\FWS III\AppData\Roaming\BitTorrent\Angel - Complete Season 5 - DVD Rip.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\bittorrent.lng
c:\users\FWS III\AppData\Roaming\BitTorrent\Child's Play 2 Score.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\dht.dat
c:\users\FWS III\AppData\Roaming\BitTorrent\dht.dat.old
c:\users\FWS III\AppData\Roaming\BitTorrent\Earth 2 - Season 1 - DivX SFM PDTV.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\Ewoks - The Complete Series.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\Rare Disney Films And Music.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\resume.dat
c:\users\FWS III\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\FWS III\AppData\Roaming\BitTorrent\rss.dat
c:\users\FWS III\AppData\Roaming\BitTorrent\rss.dat.old
c:\users\FWS III\AppData\Roaming\BitTorrent\settings.dat
c:\users\FWS III\AppData\Roaming\BitTorrent\settings.dat.old
c:\users\FWS III\AppData\Roaming\BitTorrent\Star Trek (2009) DVDRip XviD-MAXSPEED.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\Star Wars I, II, III, IV, V, VI.torrent
c:\users\FWS III\AppData\Roaming\BitTorrent\Walt Disney's Pinocchio OST (digitally remastered + covers).torrent

.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-11 07:28 . 2010-08-11 07:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-11 07:28 . 2010-08-11 07:28 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-08-11 07:28 . 2010-08-11 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 07:01 . 2010-08-11 07:02 -------- d-----w- C:\32788R22FWJFW
2010-08-04 01:26 . 2010-08-04 01:26 -------- d-----w- c:\users\FWS III\AppData\Roaming\Malwarebytes
2010-08-04 01:26 . 2010-08-04 01:26 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-04 01:22 . 2010-08-04 01:22 -------- d-----w- c:\program files\Trend Micro
2010-08-04 01:21 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 01:21 . 2010-08-04 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 01:21 . 2010-08-04 01:21 -------- d-----w- c:\programdata\Malwarebytes
2010-08-04 01:21 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-23 04:36 . 2010-08-02 04:53 -------- d-----w- c:\users\FWS III\Tracing
2010-07-23 04:30 . 2010-07-23 04:33 -------- d-----w- c:\program files\Windows Live
2010-07-23 04:16 . 2010-07-23 04:16 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 05:16 . 2009-12-11 18:40 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-10 19:06 . 2010-03-24 04:41 -------- d-----w- c:\users\FWS III\AppData\Roaming\NBC Direct
2010-08-10 18:05 . 2007-08-03 16:58 5676 ----a-w- c:\users\FWS III\AppData\Local\d3d9caps.dat
2010-08-08 03:18 . 2009-08-06 11:09 -------- d-----w- c:\programdata\FLEXnet
2010-08-04 00:55 . 2009-04-20 01:22 -------- d-----w- c:\users\FWS III\AppData\Roaming\PDF reDirect
2010-08-04 00:55 . 2007-07-23 01:14 -------- d-----w- c:\users\FWS III\AppData\Roaming\Winamp
2010-08-04 00:55 . 2010-06-01 01:50 -------- d-----w- c:\programdata\CinemaNow
2010-08-04 00:55 . 2010-03-24 04:38 -------- d-----w- c:\programdata\PMB Files
2010-08-04 00:55 . 2009-12-11 18:40 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-04 00:55 . 2007-07-25 02:35 -------- d-----w- c:\program files\MSN Messenger
2010-08-04 00:55 . 2008-09-06 19:17 -------- d-----w- c:\program files\DivX
2010-08-04 00:55 . 2009-06-03 23:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-04 00:55 . 2010-05-10 00:21 -------- d-----w- c:\programdata\DivX
2010-08-03 13:00 . 2008-09-19 19:16 -------- d-----w- c:\program files\Western Digital
2010-08-01 08:02 . 2007-07-25 01:29 -------- d-----w- c:\users\FWS III\AppData\Roaming\Apple Computer
2010-07-09 04:30 . 2008-04-16 07:21 -------- d-----w- c:\programdata\CanonIJPLM
2010-07-04 21:00 . 2009-03-28 18:35 -------- d-----w- c:\program files\Bonjour
2010-06-25 10:12 . 2007-07-30 15:57 -------- d-----w- c:\program files\Microsoft.NET
2010-06-13 01:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-12 22:53 . 2008-04-03 18:55 -------- d-----w- c:\program files\Safari
2010-05-26 16:16 . 2010-06-10 01:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 01:39 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-02 23:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-17 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-24 2937528]
"DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2010-03-21 1146880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-04 30192]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"WDCBG"="c:\windows\WDCBG.EXE" [2004-08-02 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-05 1603152]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-17 430080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-5 28672]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-04 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-15 129520]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-17 102400]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc REG_MULTI_SZ usnsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 23:31]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 23:31]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347319068-1503022336-3082595912-1000Core.job
- c:\users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-17 23:39]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347319068-1503022336-3082595912-1000UA.job
- c:\users\FWS III\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-17 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 00:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-11 00:39:52
ComboFix-quarantined-files.txt 2010-08-11 07:39

Pre-Run: 39,512,784,896 bytes free
Post-Run: 39,125,270,528 bytes free

- - End Of File - - D72B083BD3A4DBC2428893F43E6FBAB0
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby jmw3 » August 12th, 2010, 1:35 am

Hi

The Kaspersky scan can take a while. I have seen scans take up to 30 hours to complete. It depends on the amount of data you have on the drive... & looking at yours:
C: is FIXED (NTFS) - 185 GiB total, 8.536 GiB free.
There is a lot of data. Having only that amount of disc space could also could cause you problems down the track. You should consider moving what ever you have saved on the C drive on to an external drive or some other removable media. It is recommended to have at least 15% of free space available for Windows to operate correctly & efficiently.

However if the Kaspersky Online scan is causing problems, try this one:
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 12th, 2010, 7:34 pm

After running ComboFix and the others, my free Hard Drive Space increased to 32.7GB, so I'm within the 15% range with some room to spare. I have a lot of Digital Photography on here eating up a lot of space which I'll remove soon.

I ran Eset over night and reran Kaspersky (succesfully) while I was away at work today. Results for both are below:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c98e3b3466a0854e8a8904ecefd8cdc2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-12 10:15:02
# local_time=2010-08-12 03:15:02 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 118199661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=311022
# found=4
# cleaned=0
# scan_time=16094
C:\Installs\AIM\Install_AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I
C:\Media\Sounds\Music\iMeshV2.exe multiple threats 00000000000000000000000000000000 I
C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan 00000000000000000000000000000000 I
C:\Users\All Users\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan 00000000000000000000000000000000 I





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 12, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 12, 2010 09:04:41
Records in database: 4128472
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 309955
Threats found: 4
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 10:18:54


File name / Threat / Threats count
C:\Media\Sounds\Music\iMeshV2.exe Infected: not-a-virus:AdWare.Win32.TimeSink.h 1
C:\Media\Sounds\Music\iMeshV2.exe Infected: not-a-virus:AdWare.Win32.TimeSinc 1
C:\Media\Sounds\Music\iMeshV2.exe Infected: not-a-virus:AdWare.Win32.TimeSink.k 1
C:\Program Files\AIM6\addressBook.exe Infected: Trojan.Win32.Vilsel.ajgl 1

Selected area has been scanned.
PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby jmw3 » August 13th, 2010, 8:25 am

Hi

View Hidden Files & Folders Windows Vista
To view Hidden Files & Folders do the following:
Click Start
Open Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Click Browse
  • Copy & paste the following File & Path in the text box next to File name: then click Open
    Code: Select all
    C:\Media\Sounds\Music\iMeshV2.exe
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: "AntiVir" Malware/Virus crippling my computer. Please He

Unread postby PleaseHelpFred » August 13th, 2010, 8:33 pm

PleaseHelpFred
Active Member
 
Posts: 10
Joined: August 4th, 2010, 8:42 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 491 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware