fonzy

I made the changes, thank you for your help.

now with the file ComboFix.txt

Hi, here is the log file.

this is what I see in the remover window now: Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: 6def5ffcbcdbdb4082f1015625e597bd Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Press any key to quit... fonzy

Hi, tanx for your reply. I already run bootkit_remover to fix this problem, and I think that is Ok now, do you see another problem in my logs? for your question: 1. there is only one operation system 2. toshiba laptop 3. I think that No 4. just 1

Bootkit Remover version 1.0.0.1 © 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: 33651d4929a84a7ab9d65c115ce1bdc0 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Press any key to quit...

Hi everyone I need help to fix my computer. it starts when I saw iexplore starts to opens by itself and also running in background all the time, it slows the computer and i tried to shut it down, but nothings happen. I follow the instructions on - I'm infected - What do I do now?, Please follow these instructions to clean your system I have eset nod32 antivirus, and I tried also Malwarebytes, but i still have some trojan that cant be deleted. here is my post files, please help me. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4255 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/06/2010 18:53:35 mbam-log-2010-06-29 (18-53-35).txt Scan type: Quick scan Objects scanned: 149548 Time elapsed: 35 minute(s), 11 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\System Volume Information\Microsoft\smss.exe (Trojan.Cycler) -> Failed to unload process. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> Delete on reboot. DDS (Ver_10-03-17.01) - NTFSx86 Run by boaz at 19:02:05.37 on Tue 06/29/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.358 [GMT 2:00] AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe svchost.exe svchost.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\box\chrome-win32\chrome.exe C:\Documents and Settings\boaz\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ynet.co.il/ uSearch Bar = hxxp://www.toshiba.com/search uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [TFncKy] TFncKy.exe mRun: [TFNF5] TFNF5.exe mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe IE: &????? ?? Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {C153B3D7-FC2F-4BE8-A5A1-63A8E3E774DB} - hxxp://www.technion.ac.il/GG/Iplugin.cab DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\boaz\applic~1\mozilla\firefox\profiles\ts3dpl4r.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.skip-search.com/?cfg=2-82-0-zDnV\n FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\boaz\application data\mozilla\firefox\profiles\ts3dpl4r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\boaz\application data\mozilla\firefox\profiles\ts3dpl4r.default\extensions\{5dc2c36d-747c-4fee-8bc3-e86c21981440}\components\FFExternalAlert.dll FF - component: c:\documents and settings\boaz\application data\mozilla\firefox\profiles\ts3dpl4r.default\extensions\{5dc2c36d-747c-4fee-8bc3-e86c21981440}\components\RadioWMPCore.dll FF - component: c:\documents and settings\boaz\application data\mozilla\firefox\profiles\ts3dpl4r.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll FF - plugin: c:\documents and settings\boaz\application data\mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-3-21 104000] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992] R3 ttv300x;TOSHIBA PCI TV Tuner;c:\windows\system32\drivers\ttv300x.sys [2005-4-2 126592] S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\ec168bda.sys --> c:\windows\system32\drivers\EC168BDA.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512] S3 SDTHelper;Helper driver for SDT-Tool;c:\box\_downloads\radix_installer\SDTHLPR.sys [2010-6-23 14873] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?] =============== Created Last 30 ================ 2010-06-29 17:00:44 0 ----a-w- c:\documents and settings\boaz\defogger_reenable 2010-06-29 16:04:36 0 d-----w- c:\docume~1\boaz\applic~1\Malwarebytes 2010-06-29 16:03:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-29 16:03:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-29 16:03:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-29 16:03:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-29 14:36:09 0 d-----w- c:\program files\ESET 2010-06-29 14:15:07 77312 ----a-w- c:\windows\MBR.exe 2010-06-29 14:15:07 256512 ----a-w- c:\windows\PEV.exe 2010-06-29 14:15:07 161792 ----a-w- c:\windows\SWREG.exe 2010-06-29 14:15:06 98816 ----a-w- c:\windows\sed.exe 2010-06-29 12:03:33 0 d-----w- c:\program files\CCleaner 2010-06-24 15:37:47 0 d-----w- c:\program files\Freeware PDF Unlocker 2010-06-23 10:42:15 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-06-23 09:21:43 0 d-sh--w- c:\documents and settings\boaz\IECompatCache 2010-06-23 09:10:00 0 d-----w- c:\windows\pss 2010-06-22 19:09:30 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-06-22 19:09:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-10 16:11:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-25 14:53:58 323624 ----a-w- c:\windows\system32\wiaaut.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-13 12:59:42 98304 ----a-w- c:\windows\DUMP2da2.tmp 2010-04-10 19:13:22 98304 ----a-w- c:\windows\DUMP0db6.tmp ============= FINISH: 19:04:19.12 ===============