kings45 infection thread

Kings45 · May 28, 2011

Hi, I am having the same problem as everyone else (Desktop icons disappearing, Windows Recovery popup, IDE/SATA disk failure popup, etc). I ran both the Malwarebytes' Anti-Malware scan and the HijackThis scan. Here are the results:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6702

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16386

5/28/2011 10:26:51 AM
mbam-log-2011-05-28 (10-26-51).txt

Scan type: Quick scan
Objects scanned: 139223
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HeypPtdMGKlWj (Trojan.FakeMS) -> Value: HeypPtdMGKlWj -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\heypptdmgklwj.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Monica\AppData\Local\Temp\tmp22FA.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Monica\AppData\Local\Temp\tmp972.tmp.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Users\Monica\local settings\temporary internet files\Content.IE5\NCBD9R2X\Out_![1].exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\programdata\25157392.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:13 PM, on 5/28/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6746 bytes

----------------------

Can anyone help? I'm not sure if I do the ComboFix just yet. Thanks!

johnb35 · May 28, 2011

Kings45,

Please go ahead and run combofix program and post the log. I'm at work right now but will look it over when I get home.

Kings45 · May 28, 2011

Hi John. Thanks so much for doing this. I ran the ComboFix and another HijackThis scan and restarted the computer.

Most of my problems seem to be fixed: I got back all my files and there has not been any popups so far.

However, whenever I do a search using Yahoo or Google and click on one of the result links, the page always redirects me back to the same page with all the result links. This was a problem I've had shortly before starting all the malware scans.

My computer also does not recognize anything I plug into the USB ports or insert into the CD/DVD drive, but this may not be a problem caused by the malware.

Here are the results from the scans:

ComboFix 11-05-27.02 - Monica 05/28/2011 14:33:57.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1521 [GMT -7:00]
Running from: c:\users\Monica\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 21:40 . 2011-05-28 21:41 -------- d-----w- c:\users\Monica\AppData\Local\temp
2011-05-28 21:40 . 2011-05-28 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-28 18:12 . 2011-05-28 18:12 -------- d-----w- c:\program files\Trend Micro
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\users\Monica\AppData\Roaming\SUPERAntiSpyware.com
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 17:40 . 2011-05-28 17:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-28 17:23 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 17:03 . 2011-05-28 17:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-28 17:01 . 2011-05-28 17:01 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-28 17:00 . 2011-05-28 17:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-28 17:00 . 2011-05-28 17:03 -------- d-----w- c:\programdata\Hitman Pro
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\users\Monica\AppData\Roaming\Malwarebytes
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 14:05 . 2011-05-28 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:20 . 2006-11-02 08:51 6144 ----a-w- c:\windows\system32\beep.sys
2011-05-27 19:23 . 2011-05-27 19:23 -------- d--h--w- c:\users\Monica\AppData\Roaming\Lexmark Productivity Studio
2011-05-27 15:31 . 2011-05-18 19:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C393499-1659-4D85-8FBF-CE340B6CEC01}\mpengine.dll
2011-05-25 08:58 . 2011-02-03 01:11 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-25 00:56 . 2011-05-25 00:56 -------- d-----w- c:\users\Monica\AppData\Local\ElevatedDiagnostics
2011-05-25 00:49 . 2011-05-28 16:13 -------- d-----w- c:\program files\Microsoft ATS
2011-05-25 00:24 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 00:24 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-25 00:24 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-25 00:24 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-25 00:24 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-25 00:24 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-25 00:22 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-25 00:22 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-25 00:21 . 2011-05-25 00:21 -------- d--h--w- c:\programdata\AVAST Software
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\program files\AVAST Software
2011-05-22 20:59 . 2011-05-22 20:59 -------- d--h--w- c:\users\Monica\AppData\Roaming\TOSHIBA
2011-05-04 23:13 . 2011-05-04 23:13 -------- d--h--w- c:\programdata\Symantec
2011-05-04 23:13 . 2011-05-04 23:13 -------- d--h--w- c:\programdata\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 19:08 . 2011-04-20 19:08 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-04-20 19:06 . 2011-04-20 19:06 268800 ----a-w- c:\windows\system32\es.dll
2011-04-20 19:03 . 2011-04-20 19:03 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-04-19 01:19 . 2011-04-19 01:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-19 01:19 . 2011-04-19 01:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-04-19 01:19 . 2011-04-19 01:19 24064 ----a-w- c:\windows\system32\lpk.dll
2011-04-19 01:19 . 2011-04-19 01:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-04-19 01:19 . 2011-04-19 01:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-04-19 01:19 . 2011-04-19 01:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-04-19 01:17 . 2011-04-19 01:17 72704 ----a-w- c:\windows\system32\admparse.dll
2011-04-19 01:17 . 2011-04-19 01:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-19 01:17 . 2011-04-19 01:17 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-04-19 01:17 . 2011-04-19 01:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-19 01:17 . 2011-04-19 01:17 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-19 01:17 . 2011-04-19 01:17 389120 ----a-w- c:\windows\system32\html.iec
2011-04-19 01:17 . 2011-04-19 01:17 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-19 01:17 . 2011-04-19 01:17 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-19 01:17 . 2011-04-19 01:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-19 01:17 . 2011-04-19 01:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-04-19 01:14 . 2011-04-19 01:14 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-04-19 01:14 . 2011-04-19 01:14 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-04-19 01:14 . 2011-04-19 01:14 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-04-19 01:14 . 2011-04-19 01:14 272896 ----a-w- c:\windows\system32\polstore.dll
2011-04-19 01:12 . 2011-04-19 01:12 8192 ----a-w- c:\windows\system32\riched32.dll
2011-04-19 01:12 . 2011-04-19 01:12 38400 ----a-w- c:\windows\system32\kmddsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 20480 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-19 01:12 . 2011-04-19 01:12 77824 ----a-w- c:\windows\system32\rascfg.dll
2011-04-19 01:12 . 2011-04-19 01:12 61952 ----a-w- c:\windows\system32\drivers\wanarp.sys
2011-04-19 01:12 . 2011-04-19 01:12 52736 ----a-w- c:\windows\system32\rasdiag.dll
2011-04-19 01:12 . 2011-04-19 01:12 49664 ----a-w- c:\windows\system32\ndptsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-04-19 01:12 . 2011-04-19 01:12 32768 ----a-w- c:\windows\system32\rasmxs.dll
2011-04-19 01:12 . 2011-04-19 01:12 22016 ----a-w- c:\windows\system32\rasser.dll
2011-04-19 01:12 . 2011-04-19 01:12 384000 ----a-w- c:\windows\system32\netcfgx.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\icsunattend.exe
2011-04-19 01:12 . 2011-04-19 01:12 286208 ----a-w- c:\windows\system32\ipnathlp.dll
2011-04-19 01:12 . 2011-04-19 01:12 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-04-19 01:12 . 2011-04-19 01:12 33280 ----a-w- c:\windows\system32\traffic.dll
2011-04-19 01:12 . 2011-04-19 01:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\wshqos.dll
2011-04-19 01:12 . 2011-04-19 01:12 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-19 01:12 . 2011-04-19 01:12 36864 ----a-w- c:\windows\system32\cdd.dll
2011-04-19 01:12 . 2011-04-19 01:12 134656 ----a-w- c:\windows\system32\dps.dll
2011-04-19 01:10 . 2011-04-19 01:10 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-19 01:10 . 2011-04-19 01:10 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-19 01:09 . 2011-04-19 01:09 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-04-19 01:09 . 2011-04-19 01:09 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-04-19 01:09 . 2011-04-19 01:09 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-04-19 01:07 . 2011-04-19 01:07 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-04-19 01:07 . 2011-04-19 01:07 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-04-19 01:07 . 2011-04-19 01:07 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-04-19 01:05 . 2011-04-19 01:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-04-19 01:05 . 2011-04-19 01:05 15360 ----a-w- c:\windows\system32\netevent.dll
2011-04-19 01:05 . 2011-04-19 01:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-04-19 01:05 . 2011-04-19 01:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-04-19 01:05 . 2011-04-19 01:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-04-19 01:05 . 2011-04-19 01:05 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-04-19 01:05 . 2011-04-19 01:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-04-19 01:05 . 2011-04-19 01:05 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-04-19 01:05 . 2011-04-19 01:05 10240 ----a-w- c:\windows\system32\finger.exe
2011-04-19 01:03 . 2011-04-19 01:03 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-04-19 01:03 . 2011-04-19 01:03 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-04-19 01:03 . 2011-04-19 01:03 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-04-19 01:03 . 2011-04-19 01:03 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-04-19 01:03 . 2011-04-19 01:03 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-04-19 01:03 . 2011-04-19 01:03 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-04-19 01:01 . 2011-04-19 01:01 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-04-19 01:01 . 2011-04-19 01:01 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-04-19 01:00 . 2011-04-19 01:00 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-04-19 01:00 . 2011-04-19 01:00 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-04-19 01:00 . 2011-04-19 01:00 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-04-19 01:00 . 2011-04-19 01:00 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-04-19 01:00 . 2011-04-19 01:00 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-04-19 01:00 . 2011-04-19 01:00 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-04-19 00:56 . 2011-04-19 00:56 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-19 00:55 . 2011-04-19 00:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-19 00:55 . 2011-04-19 00:55 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-19 00:55 . 2011-04-19 00:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-19 00:53 . 2011-04-19 00:53 98816 ----a-w- c:\windows\system32\mfps.dll
2011-04-19 00:53 . 2011-04-19 00:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-04-19 00:53 . 2011-04-19 00:53 2855424 ----a-w- c:\windows\system32\mf.dll
2011-04-19 00:53 . 2011-04-19 00:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-04-19 00:53 . 2011-04-19 00:53 2048 ----a-w- c:\windows\system32\mferror.dll
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa(19082).exe
2011-04-19 00:51 . 2011-04-19 00:51 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-19 00:45 . 2011-04-19 00:45 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-04-19 00:44 . 2011-04-19 00:44 71680 ----a-w- c:\windows\system32\atl.dll
2011-04-19 00:41 . 2011-04-19 00:41 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-04-19 00:39 . 2011-04-19 00:39 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-19 00:39 . 2011-04-19 00:39 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-04-19 00:36 . 2011-04-19 00:36 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-04-19 00:36 . 2011-04-19 00:36 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-04-19 00:18 . 2011-04-19 00:18 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-25 17:01 . 2011-04-17 00:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-28 12:20 . B86EBCFC7FCCE2006867E4288BEF2EDB . 116224 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys
[7] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[7] 2006-11-02 . AC3DD1708B22761EBD7CBE14DCC3B5D7 . 6144 . . [6.0.6000.16386] . . c:\windows\System32\beep.sys
.
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2006-11-03 161360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p797l0zq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 14:41
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????g??????~?@?~?x?~???~???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-28 14:45:59
ComboFix-quarantined-files.txt 2011-05-28 21:45
.
Pre-Run: 190,457,131,008 bytes free
Post-Run: 190,037,135,360 bytes free
.
- - End Of File - - E11C03D8BBD483F609F9D0051CAF543F

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:08 PM, on 5/28/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6010 bytes

johnb35 · May 29, 2011

Kings45,

A few things to do yet.

Please navigate to c:\qoobox and in that folder will be a file named "add-remove programs". Open the file and then copy and paste everything in that log back here.

Your usb and cdrom issue is most likely not related to malware, we will work on that shortly. Please follow the next procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Fcopy::
c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a 153079d485b\beep.sys \ c:\windows\System32\drivers\beep.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Now I need a little information from you as far as your cdrom drives and usb ports. Go into device manager and tell me if there are any entries listed under dvd/cdrom drives and Universal serial bus controllers. Are there any yellow or red icons next to any entries in device manager?

Kings45 · May 29, 2011

Thanks for the reply John. Here are the two logs:

QooBox
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
ALPS Touch Pad Driver
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Uninstaller
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Desktop Dialer
Diner Dash - Flo on the Go
DVD MovieFactory for TOSHIBA
FATE
Google Toolbar for Internet Explorer
HiJackThis
Hitman Pro 3.5
Internet Offers
Java(TM) SE Runtime Environment 6
Mah Jong Quest
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
Napster
Napster Burn Engine
oggcodecs 0.71.0946
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Skins
SUPERAntiSpyware
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
TOSHIBA Music
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Utility Common Driver
Windows Media Encoder 9 Series
Yahoo! Music Jukebox

ComboFix 11-05-27.02 - Monica 05/28/2011 21:37:22.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1500 [GMT -7:00]
Running from: c:\users\Monica\Desktop\ComboFix.exe
Command switches used :: c:\users\Monica\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 04:44 . 2011-05-29 04:44 -------- d-----w- c:\users\Monica\AppData\Local\temp
2011-05-29 04:44 . 2011-05-29 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-28 22:23 . 2011-05-28 22:23 -------- d-----w- c:\program files\CCleaner
2011-05-28 19:05 . 2011-05-28 19:05 388096 ----a-r- c:\users\Monica\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 18:12 . 2011-05-28 18:12 -------- d-----w- c:\program files\Trend Micro
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\users\Monica\AppData\Roaming\SUPERAntiSpyware.com
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 17:40 . 2011-05-28 17:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-28 17:23 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 17:03 . 2011-05-28 17:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-28 17:01 . 2011-05-28 22:59 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-28 17:00 . 2011-05-28 17:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-28 17:00 . 2011-05-28 17:03 -------- d-----w- c:\programdata\Hitman Pro
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\users\Monica\AppData\Roaming\Malwarebytes
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 14:05 . 2011-05-28 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:20 . 2006-11-02 08:51 6144 ----a-w- c:\windows\system32\beep.sys
2011-05-27 19:23 . 2011-05-27 19:23 -------- d-----w- c:\users\Monica\AppData\Roaming\Lexmark Productivity Studio
2011-05-27 15:31 . 2011-05-18 19:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C393499-1659-4D85-8FBF-CE340B6CEC01}\mpengine.dll
2011-05-25 08:58 . 2011-02-03 01:11 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-25 00:56 . 2011-05-25 00:56 -------- d-----w- c:\users\Monica\AppData\Local\ElevatedDiagnostics
2011-05-25 00:49 . 2011-05-28 16:13 -------- d-----w- c:\program files\Microsoft ATS
2011-05-25 00:24 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 00:24 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-25 00:24 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-25 00:24 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-25 00:24 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-25 00:24 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-25 00:22 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-25 00:22 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\programdata\AVAST Software
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\program files\AVAST Software
2011-05-22 20:59 . 2011-05-22 20:59 -------- d-----w- c:\users\Monica\AppData\Roaming\TOSHIBA
2011-05-04 23:13 . 2011-05-04 23:13 -------- d-----w- c:\programdata\Symantec
2011-05-04 23:13 . 2011-05-04 23:13 -------- d-----w- c:\programdata\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 19:08 . 2011-04-20 19:08 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-04-20 19:06 . 2011-04-20 19:06 268800 ----a-w- c:\windows\system32\es.dll
2011-04-20 19:03 . 2011-04-20 19:03 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-04-19 01:19 . 2011-04-19 01:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-19 01:19 . 2011-04-19 01:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-04-19 01:19 . 2011-04-19 01:19 24064 ----a-w- c:\windows\system32\lpk.dll
2011-04-19 01:19 . 2011-04-19 01:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-04-19 01:19 . 2011-04-19 01:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-04-19 01:19 . 2011-04-19 01:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-04-19 01:17 . 2011-04-19 01:17 72704 ----a-w- c:\windows\system32\admparse.dll
2011-04-19 01:17 . 2011-04-19 01:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-19 01:17 . 2011-04-19 01:17 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-04-19 01:17 . 2011-04-19 01:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-19 01:17 . 2011-04-19 01:17 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-19 01:17 . 2011-04-19 01:17 389120 ----a-w- c:\windows\system32\html.iec
2011-04-19 01:17 . 2011-04-19 01:17 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-19 01:17 . 2011-04-19 01:17 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-19 01:17 . 2011-04-19 01:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-19 01:17 . 2011-04-19 01:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-04-19 01:14 . 2011-04-19 01:14 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-04-19 01:14 . 2011-04-19 01:14 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-04-19 01:14 . 2011-04-19 01:14 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-04-19 01:14 . 2011-04-19 01:14 272896 ----a-w- c:\windows\system32\polstore.dll
2011-04-19 01:12 . 2011-04-19 01:12 8192 ----a-w- c:\windows\system32\riched32.dll
2011-04-19 01:12 . 2011-04-19 01:12 38400 ----a-w- c:\windows\system32\kmddsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 20480 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-19 01:12 . 2011-04-19 01:12 77824 ----a-w- c:\windows\system32\rascfg.dll
2011-04-19 01:12 . 2011-04-19 01:12 61952 ----a-w- c:\windows\system32\drivers\wanarp.sys
2011-04-19 01:12 . 2011-04-19 01:12 52736 ----a-w- c:\windows\system32\rasdiag.dll
2011-04-19 01:12 . 2011-04-19 01:12 49664 ----a-w- c:\windows\system32\ndptsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-04-19 01:12 . 2011-04-19 01:12 32768 ----a-w- c:\windows\system32\rasmxs.dll
2011-04-19 01:12 . 2011-04-19 01:12 22016 ----a-w- c:\windows\system32\rasser.dll
2011-04-19 01:12 . 2011-04-19 01:12 384000 ----a-w- c:\windows\system32\netcfgx.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\icsunattend.exe
2011-04-19 01:12 . 2011-04-19 01:12 286208 ----a-w- c:\windows\system32\ipnathlp.dll
2011-04-19 01:12 . 2011-04-19 01:12 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-04-19 01:12 . 2011-04-19 01:12 33280 ----a-w- c:\windows\system32\traffic.dll
2011-04-19 01:12 . 2011-04-19 01:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\wshqos.dll
2011-04-19 01:12 . 2011-04-19 01:12 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-19 01:12 . 2011-04-19 01:12 36864 ----a-w- c:\windows\system32\cdd.dll
2011-04-19 01:12 . 2011-04-19 01:12 134656 ----a-w- c:\windows\system32\dps.dll
2011-04-19 01:10 . 2011-04-19 01:10 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-19 01:10 . 2011-04-19 01:10 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-19 01:09 . 2011-04-19 01:09 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-04-19 01:09 . 2011-04-19 01:09 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-04-19 01:09 . 2011-04-19 01:09 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-04-19 01:07 . 2011-04-19 01:07 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-04-19 01:07 . 2011-04-19 01:07 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-04-19 01:07 . 2011-04-19 01:07 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-04-19 01:05 . 2011-04-19 01:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-04-19 01:05 . 2011-04-19 01:05 15360 ----a-w- c:\windows\system32\netevent.dll
2011-04-19 01:05 . 2011-04-19 01:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-04-19 01:05 . 2011-04-19 01:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-04-19 01:05 . 2011-04-19 01:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-04-19 01:05 . 2011-04-19 01:05 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-04-19 01:05 . 2011-04-19 01:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-04-19 01:05 . 2011-04-19 01:05 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-04-19 01:05 . 2011-04-19 01:05 10240 ----a-w- c:\windows\system32\finger.exe
2011-04-19 01:03 . 2011-04-19 01:03 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-04-19 01:03 . 2011-04-19 01:03 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-04-19 01:03 . 2011-04-19 01:03 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-04-19 01:03 . 2011-04-19 01:03 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-04-19 01:03 . 2011-04-19 01:03 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-04-19 01:03 . 2011-04-19 01:03 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-04-19 01:01 . 2011-04-19 01:01 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-04-19 01:01 . 2011-04-19 01:01 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-04-19 01:00 . 2011-04-19 01:00 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-04-19 01:00 . 2011-04-19 01:00 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-04-19 01:00 . 2011-04-19 01:00 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-04-19 01:00 . 2011-04-19 01:00 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-04-19 01:00 . 2011-04-19 01:00 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-04-19 01:00 . 2011-04-19 01:00 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-04-19 00:56 . 2011-04-19 00:56 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-19 00:55 . 2011-04-19 00:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-19 00:55 . 2011-04-19 00:55 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-19 00:55 . 2011-04-19 00:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-19 00:53 . 2011-04-19 00:53 98816 ----a-w- c:\windows\system32\mfps.dll
2011-04-19 00:53 . 2011-04-19 00:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-04-19 00:53 . 2011-04-19 00:53 2855424 ----a-w- c:\windows\system32\mf.dll
2011-04-19 00:53 . 2011-04-19 00:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-04-19 00:53 . 2011-04-19 00:53 2048 ----a-w- c:\windows\system32\mferror.dll
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa(19082).exe
2011-04-19 00:51 . 2011-04-19 00:51 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-19 00:45 . 2011-04-19 00:45 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-04-19 00:44 . 2011-04-19 00:44 71680 ----a-w- c:\windows\system32\atl.dll
2011-04-19 00:41 . 2011-04-19 00:41 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-04-19 00:39 . 2011-04-19 00:39 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-19 00:39 . 2011-04-19 00:39 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-04-19 00:36 . 2011-04-19 00:36 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-04-19 00:36 . 2011-04-19 00:36 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-04-19 00:18 . 2011-04-19 00:18 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-25 17:01 . 2011-04-17 00:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-28 12:20 . B86EBCFC7FCCE2006867E4288BEF2EDB . 116224 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys
[7] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[7] 2006-11-02 . AC3DD1708B22761EBD7CBE14DCC3B5D7 . 6144 . . [6.0.6000.16386] . . c:\windows\System32\beep.sys
.
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2006-11-03 161360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p797l0zq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 21:44
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????g??????~?@?~?x?~???~???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-28 21:46:17
ComboFix-quarantined-files.txt 2011-05-29 04:46
ComboFix2.txt 2011-05-28 21:46
.
Pre-Run: 188,043,206,656 bytes free
Post-Run: 188,052,443,136 bytes free
.
- - End Of File - - 106C0197B2FDB62F7590DB052AF9DA19

------------------------------------------------------------------------------------------------

As for the CD/DVD drive and USB ports, there is no listing for DVD/CDROM drive. Under Universal Serial Bus Controllers, the entries are:

Standard Enhanced PCI to USB Host Controller
Standard OpenHCD USB Host Controller (x5)
USB Composite Device
USB Root Hub (x6)

None of these entries under USB controllers had any yellow exclamation marks.

There are, however, yellow exclamation marks next to:

Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PCI Memory Controller
SM Bus Controller

When I right-clicked each entry and looked at the Device Status, the error for the Texas Instruments OHCI Compliant IEEE 1394 Host Controller was "This device cannot find enough free resources that it can use. (Code 12)"

Both the PCI Memory Controller and SM Bus Controller had the same status: "The drivers for this device are not installed. (Code 28)." I have already tried clicking on the "Reinstall Driver" button, but it came up with the message "Windows could not find driver software for your device"

I do notice that whenever I start my computer, a screen pops up with this message:

IALAA BIOS V1.20
System BIOS shadowed
Video BIOS shadowed
Fixed Disk 0: Fujitsu ****
Mouse initialized
ERROR
Resource Conflict - PCI Serial Bus Controller in slot 01
Bus:1A, Device:04, Function:01
ERROR
Resource Conflict - PCI in slot 01
Bus:1A, Device:04, Function:02
ERROR
Resource Conflict - PCI Serial Bus Controller in slot 01
Bus:1A, Device:04, Function:03

press <F1> to load defaults, <F2> to Setup

johnb35 · May 29, 2011

Kings45,

Please uninstall the following programs in add/remove programs.

Internet Offers
Java(TM) SE Runtime Environment 6

Then go here to download the latest version of java.

http://www.java.com/en/download/index.jsp

Then we need to rerun part of the script that you did last time as I typed the wrong symbol.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Fcopy::
c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a 153079d485b\beep.sys | c:\windows\System32\drivers\beep.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Kings45 · May 29, 2011

Hi John. I removed the two programs (Java and Internet Offers), re-ran ComboFix with the new script, and ran a new HijackThis. I have not noticed any changes to the system since the last update. Here are the ComboFix and HijackThis logs:

ComboFix 11-05-27.02 - Monica 05/29/2011 9:24.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1517 [GMT -7:00]
Running from: c:\users\Monica\Desktop\ComboFix.exe
Command switches used :: c:\users\Monica\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 16:31 . 2011-05-29 16:31 -------- d-----w- c:\users\Monica\AppData\Local\temp
2011-05-29 16:31 . 2011-05-29 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 15:33 . 2011-05-29 15:33 -------- d-----w- c:\program files\Common Files\Java
2011-05-29 15:33 . 2011-05-29 15:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-29 15:33 . 2011-05-29 15:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 15:32 . 2011-05-29 15:32 -------- d-----w- c:\program files\Java
2011-05-28 22:23 . 2011-05-28 22:23 -------- d-----w- c:\program files\CCleaner
2011-05-28 19:05 . 2011-05-28 19:05 388096 ----a-r- c:\users\Monica\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 18:12 . 2011-05-28 18:12 -------- d-----w- c:\program files\Trend Micro
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\users\Monica\AppData\Roaming\SUPERAntiSpyware.com
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 17:40 . 2011-05-28 17:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-28 17:23 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 17:03 . 2011-05-28 17:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-28 17:01 . 2011-05-29 07:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-28 17:00 . 2011-05-28 17:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-28 17:00 . 2011-05-28 17:03 -------- d-----w- c:\programdata\Hitman Pro
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\users\Monica\AppData\Roaming\Malwarebytes
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 14:05 . 2011-05-28 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:20 . 2006-11-02 08:51 6144 ----a-w- c:\windows\system32\beep.sys
2011-05-27 19:23 . 2011-05-27 19:23 -------- d-----w- c:\users\Monica\AppData\Roaming\Lexmark Productivity Studio
2011-05-27 15:31 . 2011-05-18 19:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C393499-1659-4D85-8FBF-CE340B6CEC01}\mpengine.dll
2011-05-25 08:58 . 2011-02-03 01:11 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-25 00:56 . 2011-05-25 00:56 -------- d-----w- c:\users\Monica\AppData\Local\ElevatedDiagnostics
2011-05-25 00:49 . 2011-05-28 16:13 -------- d-----w- c:\program files\Microsoft ATS
2011-05-25 00:24 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 00:24 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-25 00:24 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-25 00:24 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-25 00:24 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-25 00:24 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-25 00:22 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-25 00:22 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\programdata\AVAST Software
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\program files\AVAST Software
2011-05-22 20:59 . 2011-05-22 20:59 -------- d-----w- c:\users\Monica\AppData\Roaming\TOSHIBA
2011-05-04 23:13 . 2011-05-04 23:13 -------- d-----w- c:\programdata\Symantec
2011-05-04 23:13 . 2011-05-04 23:13 -------- d-----w- c:\programdata\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 19:08 . 2011-04-20 19:08 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-04-20 19:06 . 2011-04-20 19:06 268800 ----a-w- c:\windows\system32\es.dll
2011-04-20 19:03 . 2011-04-20 19:03 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-04-19 01:19 . 2011-04-19 01:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-19 01:19 . 2011-04-19 01:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-04-19 01:19 . 2011-04-19 01:19 24064 ----a-w- c:\windows\system32\lpk.dll
2011-04-19 01:19 . 2011-04-19 01:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-04-19 01:19 . 2011-04-19 01:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-04-19 01:19 . 2011-04-19 01:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-04-19 01:17 . 2011-04-19 01:17 72704 ----a-w- c:\windows\system32\admparse.dll
2011-04-19 01:17 . 2011-04-19 01:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-19 01:17 . 2011-04-19 01:17 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-04-19 01:17 . 2011-04-19 01:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-19 01:17 . 2011-04-19 01:17 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-19 01:17 . 2011-04-19 01:17 389120 ----a-w- c:\windows\system32\html.iec
2011-04-19 01:17 . 2011-04-19 01:17 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-19 01:17 . 2011-04-19 01:17 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-19 01:17 . 2011-04-19 01:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-19 01:17 . 2011-04-19 01:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-04-19 01:14 . 2011-04-19 01:14 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-04-19 01:14 . 2011-04-19 01:14 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-04-19 01:14 . 2011-04-19 01:14 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-04-19 01:14 . 2011-04-19 01:14 272896 ----a-w- c:\windows\system32\polstore.dll
2011-04-19 01:12 . 2011-04-19 01:12 8192 ----a-w- c:\windows\system32\riched32.dll
2011-04-19 01:12 . 2011-04-19 01:12 38400 ----a-w- c:\windows\system32\kmddsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 20480 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-19 01:12 . 2011-04-19 01:12 77824 ----a-w- c:\windows\system32\rascfg.dll
2011-04-19 01:12 . 2011-04-19 01:12 61952 ----a-w- c:\windows\system32\drivers\wanarp.sys
2011-04-19 01:12 . 2011-04-19 01:12 52736 ----a-w- c:\windows\system32\rasdiag.dll
2011-04-19 01:12 . 2011-04-19 01:12 49664 ----a-w- c:\windows\system32\ndptsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-04-19 01:12 . 2011-04-19 01:12 32768 ----a-w- c:\windows\system32\rasmxs.dll
2011-04-19 01:12 . 2011-04-19 01:12 22016 ----a-w- c:\windows\system32\rasser.dll
2011-04-19 01:12 . 2011-04-19 01:12 384000 ----a-w- c:\windows\system32\netcfgx.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\icsunattend.exe
2011-04-19 01:12 . 2011-04-19 01:12 286208 ----a-w- c:\windows\system32\ipnathlp.dll
2011-04-19 01:12 . 2011-04-19 01:12 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-04-19 01:12 . 2011-04-19 01:12 33280 ----a-w- c:\windows\system32\traffic.dll
2011-04-19 01:12 . 2011-04-19 01:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\wshqos.dll
2011-04-19 01:12 . 2011-04-19 01:12 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-19 01:12 . 2011-04-19 01:12 36864 ----a-w- c:\windows\system32\cdd.dll
2011-04-19 01:12 . 2011-04-19 01:12 134656 ----a-w- c:\windows\system32\dps.dll
2011-04-19 01:10 . 2011-04-19 01:10 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-19 01:10 . 2011-04-19 01:10 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-19 01:09 . 2011-04-19 01:09 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-04-19 01:09 . 2011-04-19 01:09 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-04-19 01:09 . 2011-04-19 01:09 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-04-19 01:07 . 2011-04-19 01:07 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-04-19 01:07 . 2011-04-19 01:07 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-04-19 01:07 . 2011-04-19 01:07 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-04-19 01:05 . 2011-04-19 01:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-04-19 01:05 . 2011-04-19 01:05 15360 ----a-w- c:\windows\system32\netevent.dll
2011-04-19 01:05 . 2011-04-19 01:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-04-19 01:05 . 2011-04-19 01:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-04-19 01:05 . 2011-04-19 01:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-04-19 01:05 . 2011-04-19 01:05 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-04-19 01:05 . 2011-04-19 01:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-04-19 01:05 . 2011-04-19 01:05 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-04-19 01:05 . 2011-04-19 01:05 10240 ----a-w- c:\windows\system32\finger.exe
2011-04-19 01:03 . 2011-04-19 01:03 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-04-19 01:03 . 2011-04-19 01:03 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-04-19 01:03 . 2011-04-19 01:03 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-04-19 01:03 . 2011-04-19 01:03 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-04-19 01:03 . 2011-04-19 01:03 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-04-19 01:03 . 2011-04-19 01:03 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-04-19 01:01 . 2011-04-19 01:01 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-04-19 01:01 . 2011-04-19 01:01 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-04-19 01:00 . 2011-04-19 01:00 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-04-19 01:00 . 2011-04-19 01:00 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-04-19 01:00 . 2011-04-19 01:00 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-04-19 01:00 . 2011-04-19 01:00 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-04-19 01:00 . 2011-04-19 01:00 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-04-19 01:00 . 2011-04-19 01:00 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-04-19 00:56 . 2011-04-19 00:56 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-19 00:55 . 2011-04-19 00:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-19 00:55 . 2011-04-19 00:55 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-19 00:55 . 2011-04-19 00:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-19 00:53 . 2011-04-19 00:53 98816 ----a-w- c:\windows\system32\mfps.dll
2011-04-19 00:53 . 2011-04-19 00:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-04-19 00:53 . 2011-04-19 00:53 2855424 ----a-w- c:\windows\system32\mf.dll
2011-04-19 00:53 . 2011-04-19 00:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-04-19 00:53 . 2011-04-19 00:53 2048 ----a-w- c:\windows\system32\mferror.dll
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa(19082).exe
2011-04-19 00:51 . 2011-04-19 00:51 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-19 00:45 . 2011-04-19 00:45 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-04-19 00:44 . 2011-04-19 00:44 71680 ----a-w- c:\windows\system32\atl.dll
2011-04-19 00:41 . 2011-04-19 00:41 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-04-19 00:39 . 2011-04-19 00:39 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-19 00:39 . 2011-04-19 00:39 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-04-19 00:36 . 2011-04-19 00:36 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-04-19 00:36 . 2011-04-19 00:36 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-04-19 00:18 . 2011-04-19 00:18 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-25 17:01 . 2011-04-17 00:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[7] 2006-11-02 . AC3DD1708B22761EBD7CBE14DCC3B5D7 . 6144 . . [6.0.6000.16386] . . c:\windows\System32\beep.sys
.
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2006-11-03 161360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p797l0zq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 09:31
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????g??????~?@?~?x?~???~???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-29 09:33:06
ComboFix-quarantined-files.txt 2011-05-29 16:33
ComboFix2.txt 2011-05-29 04:46
ComboFix3.txt 2011-05-28 21:46
.
Pre-Run: 187,749,867,520 bytes free
Post-Run: 187,721,781,248 bytes free
.
- - End Of File - - 06EDD1FA104F82C657A67EF21868A6B6

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:15 AM, on 5/29/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5440 bytes

johnb35 · May 30, 2011

Kings45,

Ok, that one didn't work either. Lets try it a different way. I'm attaching a file for you to download and save to your desktop. It's zipped so you will have to unzip to your desktop. its called Beep.sys. Once the beep.sys file is located on your desktop please do the following.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

Fcopy::

c:\users\monica\desktop\beep.sys | c:\windows\system32\drivers\beep.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Need a little more information about the usb and cdrom drives. Has it always been like this? or was everything working fine and then all of sudden something happened? You have some irq conflicts its seems. Possibly because the correct drivers aren't installed. Can you tell me what is the make and model of pc you have?

Kings45 · May 30, 2011

Hi John,

I have an old Toshiba satellite A215-S4757 (about 5 years old). I never had a problem with my CD drive/USB ports until the beginning of this week. I first realized I had a problem when I was watching a DVD and the DVD suddenly stopped playing. I took out the DVD and reinserted it, but the DVD drive was no longer listed when I checked My Computer.

Here is the new ComboFix log:

ComboFix 11-05-29.01 - Monica 05/29/2011 21:06:34.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1511 [GMT -7:00]
Running from: c:\users\Monica\Desktop\ComboFix.exe
Command switches used :: c:\users\Monica\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\users\monica\desktop\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 04:14 . 2011-05-30 04:14 -------- d-----w- c:\users\Monica\AppData\Local\temp
2011-05-30 04:14 . 2011-05-30 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 04:06 . 2011-05-30 03:37 6144 ----a-w- c:\windows\system32\drivers\beep.sys
2011-05-29 21:08 . 2011-05-29 21:10 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-29 15:33 . 2011-05-29 15:33 -------- d-----w- c:\program files\Common Files\Java
2011-05-29 15:33 . 2011-05-29 15:32 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-29 15:33 . 2011-05-29 15:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 15:32 . 2011-05-29 15:32 -------- d-----w- c:\program files\Java
2011-05-28 22:23 . 2011-05-28 22:23 -------- d-----w- c:\program files\CCleaner
2011-05-28 19:05 . 2011-05-28 19:05 388096 ----a-r- c:\users\Monica\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 18:12 . 2011-05-28 18:12 -------- d-----w- c:\program files\Trend Micro
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\users\Monica\AppData\Roaming\SUPERAntiSpyware.com
2011-05-28 17:41 . 2011-05-28 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 17:40 . 2011-05-28 17:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-28 17:23 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 17:03 . 2011-05-28 17:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-28 17:01 . 2011-05-29 07:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-28 17:00 . 2011-05-28 17:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-28 17:00 . 2011-05-28 17:03 -------- d-----w- c:\programdata\Hitman Pro
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\users\Monica\AppData\Roaming\Malwarebytes
2011-05-28 14:05 . 2011-05-28 14:05 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 14:05 . 2011-05-28 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:20 . 2006-11-02 08:51 6144 ----a-w- c:\windows\system32\beep.sys
2011-05-27 19:23 . 2011-05-27 19:23 -------- d-----w- c:\users\Monica\AppData\Roaming\Lexmark Productivity Studio
2011-05-27 15:31 . 2011-05-18 19:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C393499-1659-4D85-8FBF-CE340B6CEC01}\mpengine.dll
2011-05-25 08:58 . 2011-02-03 01:11 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-25 00:56 . 2011-05-25 00:56 -------- d-----w- c:\users\Monica\AppData\Local\ElevatedDiagnostics
2011-05-25 00:49 . 2011-05-28 16:13 -------- d-----w- c:\program files\Microsoft ATS
2011-05-25 00:24 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-25 00:24 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-25 00:24 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-25 00:24 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-25 00:24 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-25 00:24 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-25 00:22 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-25 00:22 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\programdata\AVAST Software
2011-05-25 00:21 . 2011-05-25 00:21 -------- d-----w- c:\program files\AVAST Software
2011-05-22 20:59 . 2011-05-22 20:59 -------- d-----w- c:\users\Monica\AppData\Roaming\TOSHIBA
2011-05-04 23:13 . 2011-05-04 23:13 -------- d-----w- c:\programdata\Symantec
2011-05-04 23:13 . 2011-05-04 23:13 -------- d-----w- c:\programdata\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 19:08 . 2011-04-20 19:08 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-04-20 19:06 . 2011-04-20 19:06 268800 ----a-w- c:\windows\system32\es.dll
2011-04-20 19:03 . 2011-04-20 19:03 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-04-19 01:19 . 2011-04-19 01:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-19 01:19 . 2011-04-19 01:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-04-19 01:19 . 2011-04-19 01:19 24064 ----a-w- c:\windows\system32\lpk.dll
2011-04-19 01:19 . 2011-04-19 01:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-04-19 01:19 . 2011-04-19 01:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-04-19 01:19 . 2011-04-19 01:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-04-19 01:17 . 2011-04-19 01:17 72704 ----a-w- c:\windows\system32\admparse.dll
2011-04-19 01:17 . 2011-04-19 01:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-19 01:17 . 2011-04-19 01:17 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-04-19 01:17 . 2011-04-19 01:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-19 01:17 . 2011-04-19 01:17 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-19 01:17 . 2011-04-19 01:17 389120 ----a-w- c:\windows\system32\html.iec
2011-04-19 01:17 . 2011-04-19 01:17 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-19 01:17 . 2011-04-19 01:17 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-19 01:17 . 2011-04-19 01:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-19 01:17 . 2011-04-19 01:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-04-19 01:14 . 2011-04-19 01:14 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-04-19 01:14 . 2011-04-19 01:14 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-04-19 01:14 . 2011-04-19 01:14 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-04-19 01:14 . 2011-04-19 01:14 272896 ----a-w- c:\windows\system32\polstore.dll
2011-04-19 01:12 . 2011-04-19 01:12 8192 ----a-w- c:\windows\system32\riched32.dll
2011-04-19 01:12 . 2011-04-19 01:12 38400 ----a-w- c:\windows\system32\kmddsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 20480 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-19 01:12 . 2011-04-19 01:12 77824 ----a-w- c:\windows\system32\rascfg.dll
2011-04-19 01:12 . 2011-04-19 01:12 61952 ----a-w- c:\windows\system32\drivers\wanarp.sys
2011-04-19 01:12 . 2011-04-19 01:12 52736 ----a-w- c:\windows\system32\rasdiag.dll
2011-04-19 01:12 . 2011-04-19 01:12 49664 ----a-w- c:\windows\system32\ndptsp.tsp
2011-04-19 01:12 . 2011-04-19 01:12 48640 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2011-04-19 01:12 . 2011-04-19 01:12 32768 ----a-w- c:\windows\system32\rasmxs.dll
2011-04-19 01:12 . 2011-04-19 01:12 22016 ----a-w- c:\windows\system32\rasser.dll
2011-04-19 01:12 . 2011-04-19 01:12 384000 ----a-w- c:\windows\system32\netcfgx.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\icsunattend.exe
2011-04-19 01:12 . 2011-04-19 01:12 286208 ----a-w- c:\windows\system32\ipnathlp.dll
2011-04-19 01:12 . 2011-04-19 01:12 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-04-19 01:12 . 2011-04-19 01:12 33280 ----a-w- c:\windows\system32\traffic.dll
2011-04-19 01:12 . 2011-04-19 01:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-04-19 01:12 . 2011-04-19 01:12 13824 ----a-w- c:\windows\system32\wshqos.dll
2011-04-19 01:12 . 2011-04-19 01:12 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-19 01:12 . 2011-04-19 01:12 36864 ----a-w- c:\windows\system32\cdd.dll
2011-04-19 01:12 . 2011-04-19 01:12 134656 ----a-w- c:\windows\system32\dps.dll
2011-04-19 01:10 . 2011-04-19 01:10 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-19 01:10 . 2011-04-19 01:10 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-19 01:09 . 2011-04-19 01:09 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-04-19 01:09 . 2011-04-19 01:09 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-04-19 01:09 . 2011-04-19 01:09 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-04-19 01:07 . 2011-04-19 01:07 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-04-19 01:07 . 2011-04-19 01:07 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-04-19 01:07 . 2011-04-19 01:07 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-04-19 01:05 . 2011-04-19 01:05 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-04-19 01:05 . 2011-04-19 01:05 15360 ----a-w- c:\windows\system32\netevent.dll
2011-04-19 01:05 . 2011-04-19 01:05 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-04-19 01:05 . 2011-04-19 01:05 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-04-19 01:05 . 2011-04-19 01:05 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-04-19 01:05 . 2011-04-19 01:05 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-04-19 01:05 . 2011-04-19 01:05 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-04-19 01:05 . 2011-04-19 01:05 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-04-19 01:05 . 2011-04-19 01:05 10240 ----a-w- c:\windows\system32\finger.exe
2011-04-19 01:03 . 2011-04-19 01:03 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-04-19 01:03 . 2011-04-19 01:03 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-04-19 01:03 . 2011-04-19 01:03 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-04-19 01:03 . 2011-04-19 01:03 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-04-19 01:03 . 2011-04-19 01:03 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-04-19 01:03 . 2011-04-19 01:03 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-04-19 01:03 . 2011-04-19 01:03 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-04-19 01:01 . 2011-04-19 01:01 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-04-19 01:01 . 2011-04-19 01:01 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-04-19 01:00 . 2011-04-19 01:00 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-04-19 01:00 . 2011-04-19 01:00 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-04-19 01:00 . 2011-04-19 01:00 502784 ----a-w- c:\windows\system32\wlansvc.dll
2011-04-19 01:00 . 2011-04-19 01:00 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-04-19 01:00 . 2011-04-19 01:00 299520 ----a-w- c:\windows\system32\wlansec.dll
2011-04-19 01:00 . 2011-04-19 01:00 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-04-19 00:58 . 2011-04-19 00:58 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-04-19 00:58 . 2011-04-19 00:58 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-04-19 00:56 . 2011-04-19 00:56 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-19 00:55 . 2011-04-19 00:55 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-19 00:55 . 2011-04-19 00:55 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-19 00:55 . 2011-04-19 00:55 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-19 00:53 . 2011-04-19 00:53 98816 ----a-w- c:\windows\system32\mfps.dll
2011-04-19 00:53 . 2011-04-19 00:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-04-19 00:53 . 2011-04-19 00:53 2855424 ----a-w- c:\windows\system32\mf.dll
2011-04-19 00:53 . 2011-04-19 00:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-04-19 00:53 . 2011-04-19 00:53 2048 ----a-w- c:\windows\system32\mferror.dll
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-19 00:51 . 2011-04-19 00:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa(19082).exe
2011-04-19 00:51 . 2011-04-19 00:51 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-19 00:45 . 2011-04-19 00:45 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-04-19 00:44 . 2011-04-19 00:44 71680 ----a-w- c:\windows\system32\atl.dll
2011-04-19 00:41 . 2011-04-19 00:41 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-04-19 00:39 . 2011-04-19 00:39 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-19 00:39 . 2011-04-19 00:39 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2011-04-19 00:36 . 2011-04-19 00:36 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-04-19 00:36 . 2011-04-19 00:36 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-04-19 00:18 . 2011-04-19 00:18 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-25 17:01 . 2011-04-17 00:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2006-11-03 161360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p797l0zq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 21:14
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????g??????~?@?~?x?~???~???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-29 21:16:37
ComboFix-quarantined-files.txt 2011-05-30 04:16
ComboFix2.txt 2011-05-29 16:33
ComboFix3.txt 2011-05-29 04:46
ComboFix4.txt 2011-05-28 21:46
.
Pre-Run: 186,795,794,432 bytes free
Post-Run: 186,728,222,720 bytes free
.
- - End Of File - - 47AEEC28F6DE8D1CACCFF081BB207694

johnb35 · May 30, 2011

OK good, it worked that time.

When you reboot the pc and get this message

Code:

IALAA BIOS V1.20
System BIOS shadowed
Video BIOS shadowed
Fixed Disk 0: Fujitsu ****
Mouse initialized
ERROR
Resource Conflict - PCI Serial Bus Controller in slot 01
Bus:1A, Device:04, Function:01
ERROR
Resource Conflict - PCI in slot 01
Bus:1A, Device:04, Function:02
ERROR
Resource Conflict - PCI Serial Bus Controller in slot 01
Bus:1A, Device:04, Function:03

press <F1> to load defaults, <F2> to Setup

Press the f1 button to load defaults and see if that fixes it. However, it seems you have some sort of hardware failure on the pc.

Kings45 · May 30, 2011

Hi John, thanks for your help with the malware!

I always press F1 when I see the message but it doesn't seem to do anything. It just takes me to my desktop and whenever I turn on the computer, that message always pops up again.

johnb35 · May 30, 2011

Then I would definately say that you have a hardware issue with the system. And especially if you say the cdrom drive just upped and quit on you one day. It may only be a driver issue and I doubt a fresh install of windows will fix it, but you can always try and see.

kings45 infection thread

Kings45

New Member

johnb35

Administrator

Kings45

New Member

johnb35

Administrator

Kings45

New Member

johnb35

Administrator

Kings45

New Member

johnb35

Administrator

Attachments

Kings45

New Member

johnb35

Administrator

Kings45

New Member

johnb35

Administrator