1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

antivirus xp 08 removal

Discussion in 'Malware and Virus Removal Archive' started by jimbo3828, 2008/08/08.

  1. 2008/08/08
    jimbo3828

    jimbo3828 Inactive Thread Starter

    Joined:
    2008/08/07
    Messages:
    2
    Likes Received:
    0
    tried to use a program found online to remove antvirus xp 08 and thought I had success, pop ups stopped and I could navigate around my computer. I could not however remove the desktop back ground so I requested help from windowsbbs.com. Here is the result of the malwarebytes scan:
    Malwarebytes' Anti-Malware 1.24
    Database version: 1032
    Windows 5.1.2600 Service Pack 2

    12:27:04 AM 8/8/2008
    mbam-log-8-8-2008 (00-27-04).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 90372
    Time elapsed: 27 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 6
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc99dj0e595 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc99dj0e595 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\rhc99dj0e595 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\rhc99dj0e595\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\rhc99dj0e595.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc99dj0e595\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcc9dj0e595.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcc9dj0e595.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.Deckard's System Scanner v20071014.68
    Run by TMPlaptop3 on 2008-08-08 00:42:06
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    5: 2008-08-08 04:42:12 UTC - RP373 - Deckard's System Scanner Restore Point
    4: 2008-08-08 01:40:48 UTC - RP372 - Made by Registry Mechanic
    3: 2008-08-08 01:38:12 UTC - RP371 - Removed SpyZooka
    2: 2008-08-07 22:30:36 UTC - RP370 - Installed SpyZooka
    1: 2008-08-07 21:52:31 UTC - RP369 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-08-08 00:45:56
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\WINDOWS\agrsmmsg.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
    C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\TouchED\TouchED.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\TOSHIBA\IVP\ISM\pinger.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Apoint2K\ApntEx.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICLA.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\TMPlaptop3\Desktop\dss.exe
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe "
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\WINDOWS\TEMP\E_S5D.tmp" /EF "HKCU "
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
    O16 - DPF: {6C6E003B-9B8C-4CE9-A1D5-A8E3AF0D651A} (Napco Internet Video Viewer) - http://www.videoalert.net/veCamitX.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191601348987
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5390A961-CD04-4C62-8D4F-9CBE1F72095D}: NameServer = 66.174.95.44 66.174.92.14
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    --
    End of file - 14143 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
    R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
    R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
    R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
    R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

    S2 Ca536av (FashionCam Video Camera Device) - c:\windows\system32\drivers\ca536av.sys <Not Verified; Digital Camera; Digital Camera Driver>
    S3 pwi_bus (Curitel PC Card Composite Device driver (WDM)) - c:\windows\system32\drivers\pwi_bus.sys (file missing)
    S3 pwi_mdfl (Curitel PC Card Filter) - c:\windows\system32\drivers\pwi_mdfl.sys (file missing)
    S3 pwi_mdm (Curitel PC Card Drivers) - c:\windows\system32\drivers\pwi_mdm.sys (file missing)
    S3 pwi_oflt (Curitel PC Card OHCI Filter) - c:\windows\system32\drivers\pwi_oflt.sys (file missing)
    S3 pwi_serd (Curitel PC Card Diagnostic Serial Port (WDM)) - c:\windows\system32\drivers\pwi_serd.sys (file missing)
    S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>
    S3 USBCamera (FashionCam Digital Still Camera Device) - c:\windows\system32\drivers\bulk536.sys <Not Verified; USB BULK; Platform SDK Sample Code>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
    R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>
    R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
    R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
    R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe

    S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-07-29 00:16:31 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-07-08 and 2008-08-08 -----------------------------

    2008-08-07 23:40:24 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\Malwarebytes
    2008-08-07 23:40:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-07 23:40:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-07 18:30:38 0 d-------- C:\Program Files\SpyZooka
    2008-08-07 16:39:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\rhc99dj0e595
    2008-08-07 12:07:39 0 d-------- C:\Program Files\Enigma Software Group
    2008-08-06 22:00:49 40960 --a------ C:\WINDOWS\unezfw.exe <Not Verified; Computer Associates International, Inc.; Computer Associates International, Inc. unezfw>
    2008-08-06 22:00:32 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-08-06 22:00:18 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2008-08-06 22:00:18 0 d-------- C:\Program Files\CA
    2008-08-06 22:00:08 0 d-------- C:\WINDOWS\Internet Logs
    2008-08-06 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
    2008-08-06 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
    2008-08-06 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
    2008-08-06 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2008-08-06 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
    2008-08-06 21:54:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2008-08-06 21:54:51 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
    2008-08-06 21:54:51 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-08-06 21:54:51 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-08-06 21:54:51 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-08-06 21:54:51 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-08-06 21:54:51 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-08-06 21:54:51 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-08-06 21:54:51 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2008-08-06 21:54:51 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-08-06 21:54:51 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2008-08-06 21:54:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-08-06 21:54:51 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-08-06 21:54:51 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-08-06 21:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2008-08-06 21:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
    2008-08-06 21:54:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2008-08-06 21:54:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-08-06 21:54:50 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-08-06 20:35:55 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\rhc99dj0e595
    2008-08-06 18:27:03 0 d--h----- C:\WINDOWS\msdownld.tmp
    2008-08-03 23:04:01 0 d-------- C:\Program Files\Common Files\L&H
    2008-08-03 22:53:30 0 d-------- C:\Program Files\Alcohol Soft
    2008-08-03 22:34:07 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-08-03 21:01:51 0 d-------- C:\Program Files\uTorrent
    2008-08-03 21:01:48 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\uTorrent
    2008-08-03 20:53:09 0 d-------- C:\Program Files\Microsoft ActiveSync
    2008-08-03 20:52:26 0 d-------- C:\WINDOWS\SHELLNEW
    2008-08-03 20:52:25 0 d-------- C:\Program Files\Microsoft.NET
    2008-08-03 20:33:42 0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-08-03 20:07:59 0 d-------- C:\Program Files\filehippo.com
    2008-07-31 13:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-07-31 13:41:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2008-07-31 13:41:54 0 d-------- C:\Program Files\Common Files\LogiShrd
    2008-07-31 13:41:53 0 d-------- C:\Program Files\Logitech
    2008-07-29 00:16:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-07-29 00:16:25 0 d-------- C:\Program Files\Apple Software Update
    2008-07-29 00:16:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-07-28 22:14:52 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-07-28 22:14:51 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\skypePM
    2008-07-28 22:13:07 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\Skype
    2008-07-28 22:12:17 0 d-------- C:\Program Files\Skype
    2008-07-28 22:12:17 0 d-------- C:\Program Files\Common Files\Skype
    2008-07-28 22:12:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-08 19:59:05 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\EPSON


    -- Find3M Report ---------------------------------------------------------------

    2008-08-07 21:35:35 0 d-------- C:\Program Files\PokerStars
    2008-08-07 21:34:31 0 d-------- C:\Program Files\Coupons
    2008-08-07 21:30:29 0 d-------- C:\Program Files\Notebook Maximizer
    2008-08-07 20:54:32 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\OpenOffice.org2
    2008-08-07 19:09:18 0 d-------- C:\Program Files\Google
    2008-08-06 12:23:59 5166 --a------ C:\Documents and Settings\TMPlaptop3\Application Data\wklnhst.dat
    2008-08-03 23:04:01 0 d-------- C:\Program Files\Common Files
    2008-07-31 13:44:48 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-29 20:22:51 0 d-------- C:\Program Files\Common Files\DSC303
    2008-07-29 00:33:13 0 d-------- C:\Program Files\Common Files\NewSoft
    2008-07-29 00:17:50 0 d-------- C:\Program Files\QuickTime
    2008-07-27 09:58:01 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\Adobe
    2008-07-19 14:11:41 0 d-------- C:\Documents and Settings\TMPlaptop3\Application Data\Template
    2008-06-04 20:36:24 2547 --a------ C:\WINDOWS\unins000.dat
    2008-06-04 20:03:52 691545 --a------ C:\WINDOWS\unins000.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "00THotkey "= "C:\WINDOWS\system32\00THotkey.exe" [06/28/2004 08:24 PM]
    "000StTHK "= "000StTHK.exe" [06/23/2001 11:28 PM C:\WINDOWS\system32\000StTHK.exe]
    "Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [10/30/2003 07:46 PM]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [01/26/2004 10:03 PM]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [01/26/2004 10:03 PM]
    "SigmaTel StacMon "= "C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [08/03/2003 07:01 PM]
    "AGRSMMSG "= "AGRSMMSG.exe" [02/20/2004 06:00 PM C:\WINDOWS\agrsmmsg.exe]
    "NDSTray.exe "= "NDSTray.exe" []
    "TFNF5 "= "TFNF5.exe" [12/02/2003 05:15 PM C:\WINDOWS\system32\TFNF5.exe]
    "TPSMain "= "TPSMain.exe" [06/01/2004 11:43 PM C:\WINDOWS\system32\TPSMain.exe]
    "PadTouch "= "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [02/03/2004 05:47 PM]
    "SmoothView "= "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [03/02/2004 04:45 PM]
    "TouchED "= "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [01/21/2003 09:00 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [07/20/2004 04:04 AM]
    "Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 07:37 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 AM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/29/2006 12:32 PM]
    "LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 01:12 AM]
    "LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/08/2007 01:13 AM]
    "Zone Labs Client "= "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" [10/12/2004 08:33 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [09/05/2003 06:24 AM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
    "EPSON Stylus Photo RX595 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.exe" [03/30/2007 07:00 AM]
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [06/03/2008 03:08 PM]
    "filehippo.com "= "C:\Program Files\filehippo.com\UpdateChecker.exe" [07/03/2008 01:08 PM]
    "AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [03/20/2008 12:46 PM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/31/2007 10:15 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [7/31/2008 1:44:55 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispBackgroundPage "=0 (0x0)
    "NoDispScrSavPage "=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^TMPlaptop3^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
    backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    8699 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-08-08 00:46:44 ------------


    I then downloaded Deckers system scanner, here are the results
     
    jimbo3828,
    #1
  2. 2008/08/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi jimbo,

    Looks like MBAM did a pretty good job. Desktop back to normal after rebooting?

    Delete the following folder then empty the recycle bin.

    C:\Documents and Settings\TMPlaptop3\Application Data\rhc99dj0e595

    Application Data is a hidden folder, so it will be necessary to unhide system files and folders. Let me know if you need instructions. ;)



    Then, download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Finally, lets get an online scan. Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC now button
    • A new window will open...click the Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, it will begin scanning your computer
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report along with a fresh HijackThis log.
     
    noahdfear,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...