1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive computer shuts down?

Discussion in 'Malware and Virus Removal Archive' started by Doug Sheffield, 2010/10/22.

Thread Status:
Not open for further replies.
  1. 2010/10/22
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    [Inactive] computer shuts down?

    My laptop computer shuts down and I've been told by someone in India there is a virus problem I must fix? Here are the DDS.Txt file and the Attach.txt file






    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Douglas Sheffield at 21:46:31.14 on Thu 10/21/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.829 [GMT -7:00]


    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\Adobe\Installers\4db064343401efd6449f33f8411c14b\Adobe Bridge CS4\Bridge.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dual codec internet relative software\cms\EventLogger.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Douglas Sheffield\Local Settings\Temporary Internet Files\Content.IE5\UK07R6N8\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://toshibadirect.com/
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge] "c:\program files\common files\adobe\installers\4db064343401efd6449f33f8411c14b\adobe bridge cs4\Bridge.exe" -stealth
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [CeEPOWER] c:\program files\toshiba\power management\CePMTray.exe
    mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe "
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [EzButton] c:\program files\ezbutton\EzButton.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventl~1.lnk - c:\program files\dual codec internet relative software\cms\EventLogger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251418356806
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\program files\common files\intuit\quickbooks\QBPOSProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: avgrsstarter - avgrsstx.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-2 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-2 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-2 108552]
    R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [2004-5-6 4816]
    R1 SASDIFSV;SASDIFSV;c:\docume~1\dougla~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\docume~1\dougla~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
    R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;c:\program files\common files\intuit\entitlement client\v6.0\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2009-6-2 20480]
    R2 QBPOSDBServiceV9;QBPOS Database Manager v9;c:\program files\intuit\quickbooks point of sale 9.0\databaseserver\QBPOSDBService.exe [2009-9-1 2735480]
    S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
    S2 mrtRate;mrtRate; [x]
    S3 JEPPDRIVE;JeppDrive Service;c:\windows\system32\drivers\JeppDrive.sys [2010-7-20 24408]

    =============== Created Last 30 ================

    2010-10-15 16:45:47 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-15 16:45:47 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-15 16:45:46 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-15 16:45:39 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-09-30 22:54:12 -------- d-----w- c:\docume~1\dougla~1\applic~1\SUPERAntiSpyware.com
    2010-09-30 22:54:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-09-30 22:38:38 -------- d-----w- c:\docume~1\dougla~1\applic~1\Malwarebytes
    2010-09-30 22:38:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-30 22:38:30 -------- d-----w- C:\MalwarebytesPortable
    2010-09-30 22:28:16 -------- d-----w- c:\windows\LMI46.tmp
    2010-09-27 18:46:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9

    ==================== Find3M ====================

    2010-10-06 15:47:21 1409 ----a-w- c:\windows\QTFont.for
    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2003-08-27 22:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll

    ============= FINISH: 21:47:28.90 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/27/2009 3:50:41 PM
    System Uptime: 10/21/2010 9:42:56 PM (0 hours ago)

    Motherboard: TOSHIBA | | EDW10
    Processor: Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz | NWD | 2800/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 199.645 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP278: 7/25/2010 12:16:38 AM - System Checkpoint
    RP279: 7/26/2010 6:51:33 AM - System Checkpoint
    RP280: 8/3/2010 8:33:53 AM - Software Distribution Service 3.0
    RP281: 8/4/2010 8:50:49 AM - System Checkpoint
    RP282: 8/5/2010 9:36:53 AM - System Checkpoint
    RP283: 8/7/2010 9:49:17 AM - System Checkpoint
    RP284: 8/8/2010 4:37:48 PM - System Checkpoint
    RP285: 8/9/2010 4:58:01 PM - System Checkpoint
    RP286: 8/10/2010 4:59:06 PM - System Checkpoint
    RP287: 8/11/2010 5:16:04 PM - System Checkpoint
    RP288: 8/12/2010 7:27:33 AM - Software Distribution Service 3.0
    RP289: 8/13/2010 8:12:01 AM - System Checkpoint
    RP290: 8/14/2010 12:02:22 PM - System Checkpoint
    RP291: 8/16/2010 7:47:59 AM - System Checkpoint
    RP292: 8/17/2010 7:48:17 AM - System Checkpoint
    RP293: 8/18/2010 8:22:29 AM - System Checkpoint
    RP294: 8/20/2010 9:38:16 AM - System Checkpoint
    RP295: 8/22/2010 1:37:05 PM - System Checkpoint
    RP296: 8/23/2010 3:26:35 PM - System Checkpoint
    RP297: 8/24/2010 3:30:16 PM - System Checkpoint
    RP298: 8/27/2010 12:04:11 PM - System Checkpoint
    RP299: 8/30/2010 9:49:50 AM - System Checkpoint
    RP300: 8/31/2010 11:07:08 AM - System Checkpoint
    RP301: 9/2/2010 8:55:46 AM - System Checkpoint
    RP302: 9/3/2010 9:50:57 AM - System Checkpoint
    RP303: 9/4/2010 10:21:53 AM - System Checkpoint
    RP304: 9/5/2010 11:21:53 AM - System Checkpoint
    RP305: 9/6/2010 12:54:43 PM - System Checkpoint
    RP306: 9/7/2010 8:57:08 AM - Installed Windows Internet Explorer 8.
    RP307: 9/7/2010 8:58:12 AM - Software Distribution Service 3.0
    RP308: 9/7/2010 12:36:55 PM - Software Distribution Service 3.0
    RP309: 9/9/2010 7:54:48 AM - System Checkpoint
    RP310: 9/10/2010 9:29:39 AM - System Checkpoint
    RP311: 9/13/2010 10:36:45 AM - System Checkpoint
    RP312: 9/14/2010 2:30:01 PM - System Checkpoint
    RP313: 9/15/2010 2:32:42 PM - System Checkpoint
    RP314: 9/16/2010 11:07:32 AM - Software Distribution Service 3.0
    RP315: 9/16/2010 10:43:06 AM - System Checkpoint
    RP316: 9/19/2010 9:00:24 AM - System Checkpoint
    RP317: 9/20/2010 9:24:17 AM - System Checkpoint
    RP318: 9/22/2010 8:56:13 AM - System Checkpoint
    RP319: 9/24/2010 8:16:25 AM - System Checkpoint
    RP320: 9/27/2010 8:57:01 AM - System Checkpoint
    RP321: 9/27/2010 11:46:26 AM - Installed AVG 9.0
    RP322: 9/30/2010 9:32:46 AM - System Checkpoint
    RP323: 10/1/2010 9:31:40 AM - Software Distribution Service 3.0
    RP324: 10/2/2010 5:48:37 PM - System Checkpoint
    RP325: 10/3/2010 9:48:47 PM - Software Distribution Service 3.0
    RP326: 10/6/2010 8:34:33 AM - Software Distribution Service 3.0
    RP327: 10/7/2010 9:27:52 AM - System Checkpoint
    RP328: 10/8/2010 9:20:37 AM - Software Distribution Service 3.0
    RP329: 10/10/2010 12:56:08 AM - System Checkpoint
    RP330: 10/11/2010 9:45:11 AM - System Checkpoint
    RP331: 10/12/2010 11:12:53 AM - System Checkpoint
    RP332: 10/13/2010 11:26:11 AM - System Checkpoint
    RP333: 10/15/2010 10:00:19 AM - System Checkpoint
    RP334: 10/16/2010 9:14:51 AM - Software Distribution Service 3.0
    RP335: 10/18/2010 11:27:40 AM - System Checkpoint
    RP336: 10/19/2010 2:44:47 PM - System Checkpoint
    RP337: 10/21/2010 9:05:36 AM - System Checkpoint

    ==== Installed Programs ======================

    7-Zip 4.57
    Acrobat.com
    Adobe Acrobat Reader 3.01
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Web Premium
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.3.4
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    ALPS Touch Pad Driver
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20030807.3)
    ArcSoft Software Suite
    AT&T Connection Services Manager
    Atheros Client Utility
    Atheros Wireless LAN MiniPCI card Driver
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG 9.0
    Canon MP Navigator 2.2
    Canon MP530
    Canon MP530 User Registration
    Canon Utilities Easy-PhotoPrint
    CD/DVD Drive Acoustic Silencer
    Connect
    CT-S310 x32 v1581
    Cypress USB Mass Storage Driver Installation
    DeskTop Mailer 7.60c Rev 1
    Dual codec internet relative software
    DVD-RAM Driver
    Easy-WebPrint
    Easy Button
    GNS400W-500W Trainer
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    InterVideo WinDVD for Toshiba
    Japanese Fonts Support For Adobe Reader 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Jeppesen Services
    Jeppesen Services Update Manager
    kuler
    Learn2 Player (Uninstall Only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2000 Small Business
    Microsoft Publisher 97
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works 7.0
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    My.Freeze.com NetAssistant
    Napster
    Notebook Maximizer
    PDF Settings CS4
    Photoshop Camera Raw
    Postalsoft DeskTop Mailer 7.60c Rev 1
    Presto! PageManager 7.15.14
    QuickBooks
    QuickBooks Point of Sale 9.0
    QuickBooks Pro 2010
    Quicken 2004
    QuickTime
    RealFlight G3 R/C Simulator
    RealPlayer Basic
    Realtek AC'97 Audio
    Realtek Fast Ethernet Adapter Driver
    Roxio Burn Engine
    ScanSoft OmniPage SE 4.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SMSC IrCC V5.1.3600.3 SP1
    Sonic DLA
    Sonic RecordNow!
    SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
    Suite Shared Configuration CS4
    The Print Shop® 6.0 Deluxe
    TOSHIBA Access
    TOSHIBA ConfigFree
    TOSHIBA Console
    TOSHIBA Fax Extension
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Management Utility
    Toshiba Registration
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    Toshiba Tbiosdrv Driver
    Touch and Launch
    TouchPad On/Off Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    USB Storage Adapter FX (SM1)
    Viewpoint Media Player
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    WinZip 14.0
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    10/16/2010 9:46:01 AM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the file specified.
    10/16/2010 9:46:01 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 9:46:01 AM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
    Doug Sheffield,
    #1
  2. 2010/10/22
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    I have to leave now will look for answers on 10-22-10.
     
    Doug Sheffield,
    #2


  3. to hide this advert.

  4. 2010/10/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2010/10/25
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    Thanks broni for your help on this matter!!! I'm very grateful
    So the computer shut down while trying to download the MBAM program. Is windows trying to protect the computer from the existing malware? Can I remove the malware through "Hkey_local_machine" so I can down load MBAM?
     
    Doug Sheffield,
    #4
  6. 2010/10/25
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    Note broni I'm replying on a different machine than my laptop. The computer that has the malware.
     
    Doug Sheffield,
    #5
  7. 2010/10/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Can you download our tools on a good computer and move them to bad computer, using USB flash drive?
    See, if running those tools will also shut down bad computer.
    Alternatively, try safe mode.
     
    broni,
    #6
  8. 2010/10/26
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    So I contacted Toshiba and downloaded a more updated Bios and the computer seems to be more stable. I followed your instructions.
    Step 1. I ran MBAM and the mbam log is posted below.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4945

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/25/2010 4:32:26 PM
    mbam-log-2010-10-25 (16-32-26).txt

    Scan type: Quick scan
    Objects scanned: 157087
    Time elapsed: 9 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 11
    Files Infected: 59

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\MalwarebytesPortable (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\AppInfo (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\SysDir (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\SysDir\drivers (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Data (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help\images (Dont.Steal.Our.Software.A) -> No action taken.

    Files Infected:
    C:\MalwarebytesPortable\help.html (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\MalwarebytesPortable.exe (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\MalwarebytesPortable.ini (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\AppInfo\appicon.ico (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\AppInfo\appicon_16.png (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\AppInfo\appicon_32.png (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\AppInfo\appinfo.ini (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\changes.rtf (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\license.txt (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\mbam.chm (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\mbam.dll (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\mbam.exe (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\mbamext.dll (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\mbamgui.exe (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\mbamservice.exe (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\ssubtmr6.dll (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\vbalsgrid6.ocx (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\zlib.dll (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\albanian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\arabic.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\bosnian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\bulgarian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\catalan.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\chineseSI.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\chineseTR.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\croatian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\czech.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\danish.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\dutch.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\english.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\estonian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\finnish.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\french.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\german.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\greek.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\hebrew.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\hungarian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\italian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\korean.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\latvian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\macedonian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\norwegian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\polish.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\portugueseBR.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\portuguesePT.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\romanian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\russian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\serbian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\slovak.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\slovenian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\spanish.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\swedish.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\turkish.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\ukrainian.lng (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help\style.css (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help\images\favicon.ico (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help\images\help_background_footer.png (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help\images\help_background_header.png (Dont.Steal.Our.Software.A) -> No action taken.
    C:\MalwarebytesPortable\Other\Help\images\help_logo_top.png (Dont.Steal.Our.Software.A) -> No action taken.


    step 2. GMER log;

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit quick scan 2010-10-25 22:56:47
    Windows 5.1.2600 Service Pack 3
    Running: 2e861khb[1].exe; Driver: C:\DOCUME~1\DOUGLA~1\LOCALS~1\Temp\pwdorkog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
    Step 3 (I Didn't see MBRCheck.exe) so I ran MBR.exe and it is posted next.

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 5.1.2600

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
     
    Doug Sheffield,
    #7
  9. 2010/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your MBAM log says "No action taken" after each line.
    Re-run MBAM, FIX all issues and post fresh log.

    This is not, what I asked for.
    Please, re-read my previous instructions.
     
    broni,
    #8
  10. 2010/10/26
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    Sorry about that I must have copyied the files before I took action. See below:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4945

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/25/2010 4:35:56 PM
    mbam-log-2010-10-25 (16-35-56).txt

    Scan type: Quick scan
    Objects scanned: 157087
    Time elapsed: 9 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 11
    Files Infected: 59

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\MalwarebytesPortable (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\AppInfo (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\SysDir (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\SysDir\drivers (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Data (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help\images (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.

    Files Infected:
    C:\MalwarebytesPortable\help.html (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\MalwarebytesPortable.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\MalwarebytesPortable.ini (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\AppInfo\appicon.ico (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\AppInfo\appicon_16.png (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\AppInfo\appicon_32.png (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\AppInfo\appinfo.ini (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\changes.rtf (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\license.txt (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\mbam.chm (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\mbam.dll (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\mbam.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\mbamext.dll (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\mbamgui.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\mbamservice.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\ssubtmr6.dll (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\vbalsgrid6.ocx (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\zlib.dll (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\albanian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\arabic.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\bosnian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\bulgarian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\catalan.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\chineseSI.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\chineseTR.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\croatian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\czech.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\danish.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\dutch.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\english.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\estonian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\finnish.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\french.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\german.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\greek.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\hebrew.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\hungarian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\italian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\korean.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\latvian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\macedonian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\norwegian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\polish.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\portugueseBR.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\portuguesePT.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\romanian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\russian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\serbian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\slovak.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\slovenian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\spanish.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\swedish.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\turkish.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\App\Malwarebytes\Languages\ukrainian.lng (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help\style.css (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help\images\favicon.ico (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help\images\help_background_footer.png (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help\images\help_background_header.png (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\MalwarebytesPortable\Other\Help\images\help_logo_top.png (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
     
    Doug Sheffield,
    #9
  11. 2010/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
    broni,
    #10
  12. 2010/10/29
    Doug Sheffield

    Doug Sheffield Inactive Thread Starter

    Joined:
    2010/10/21
    Messages:
    7
    Likes Received:
    0
    Broni I went back to your web page but couldn't find my link? I need to complete step 4. Doug
     
    Doug Sheffield,
    #11
  13. 2010/10/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
    broni,
    #12
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...