Jump to content

wisdomatical

Honorary Members
 View Profile  See their activity

  • Posts

    38

  • Joined

  • Last visited

 Content Type 

Everything posted by wisdomatical

  1. wisdomatical
    I was able to run HJT from the task manager. Here is the log. I could not find the log for combofix in the C:\combofix directory. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36, on 2009-03-06 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.exe /min O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF7892.exe /c C:\aComboFix\Combobatch.bat O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\CF7892.exe /c C:\aComboFix\Combobatch.bat O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://curtis1.axiscam.net/activex/AMC.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 7644 bytes
  2. wisdomatical
    Safe mode did the same thing. Any suggestions? How late will you be on the forum today? Thank you, Cliff
  3. wisdomatical
    Should I try to boot in safe-mode to see if combofix will finish?
  4. wisdomatical
    Correct. If I press ctrl-alt-del I can get to the task manager, but that is it...
  5. wisdomatical
    I am somewhat technical, but you have stumped me. If I do not have a GUI interface to work with, how do I get to the other drives? Thank you for your patience and help, Cliff
  6. wisdomatical
    Yes, I am on my other computer right now. The infected computer is in a state where I do not have the ability, or do not know how, to run any programs. All that is available is the task manager, no other icons on the desktop or windows task bar at the bottom of the screen, just a blank background with the mouse pointer. Cliff
  7. wisdomatical
    I am not able to do anything on the infected computer. I do not have anything but a mouse pointer... Please advise. Thank you, Cliff
  8. wisdomatical
    I was able to do a crtl-del and gracefully shut down. It did the same thing. I can do a crtl-del and see that processes are loaded. Please advise. Thank you, Cliff
  9. wisdomatical
    I ran combofix and let it reboot. When it rebooted, it froze at the desktop. No icons, no windows taskbar, nothing but background and mouse pointer. Mouse is movable. No disk activity. What should I do? Thanks, Cliff
  10. wisdomatical
    Thank you for your quick reply. I uninstalled Mcafee. I ran RSIT. I thought I ran it too quickly after reboot because I recieved errors about the registry not being available so I ran it again. It only produced the single log below. Please let me know if I need do something different. Logfile of random's system information tool 1.05 (written by random/random) Run by Colleen at 2009-03-05 20:15:41 Microsoft Windows XP Professional Service Pack 3 System drive C: has 71 GB (74%) free of 95 GB Total RAM: 1014 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:43 PM, on 3/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\QNAP\NetBak\NetBak.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\Colleen\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Colleen.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.exe /min O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://curtis1.axiscam.net/activex/AMC.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 10133 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-17 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-05 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-05 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624] "THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256] "TFncKy"=TFncKy.exe [] "TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945] "SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880] "QNAP_NASNetBak"=C:\Program Files\QNAP\NetBak\NetBak.exe [2008-03-04 716800] "Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552] "OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880] "NDSTray.exe"=NDSTray.exe [] "MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824] "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940] "CFSServ.exe"=CFSServ.exe -NoClient [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-05 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\hgGwWmLF [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoSetActiveDesktop"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine" "C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Toshiba Games\Wheel of Fortune\Wheel of Fortune.exe"="C:\Program Files\Toshiba Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune" "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Disabled:Microsoft Office Word" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager" "C:\Program Files\QNAP\Finder\Finder.exe"="C:\Program Files\QNAP\Finder\Finder.exe:*:Enabled:QNAP Finder" "D:\setup\HPZNUI01.EXE"="D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Documents and Settings\Colleen\Local Settings\Temp\7zS19.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Colleen\Local Settings\Temp\7zS19.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Documents and Settings\Colleen\Local Settings\Temp\7zS7A.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Colleen\Local Settings\Temp\7zS7A.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe" "C:\WINDOWS\system32\javawu.exe"="C:\WINDOWS\system32\javawu.exe:*:Enabled:Explorer" "C:\Program Files\McAfee\MSC\mcuimgr.exe"="C:\Program Files\McAfee\MSC\mcuimgr.exe:LocalSubNet:Disabled:McAfee User Interface Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c87d8c-92e7-11dc-b645-0018de4f257d}] shell\AutoRun\command - E:\TVCenterPro.exe -autorun [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c87d8d-92e7-11dc-b645-0018de4f257d}] shell\AutoRun\command - F:\TVCenterPro.exe -autorun ======List of files/folders created in the last 1 months====== 2009-03-05 20:05:27 ----D---- C:\rsit 2009-03-05 17:41:05 ----D---- C:\Program Files\Trend Micro 2009-03-05 14:59:23 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-03-05 14:59:22 ----A---- C:\WINDOWS\system32\javaws.exe 2009-03-05 14:59:22 ----A---- C:\WINDOWS\system32\javaw.exe 2009-03-05 14:59:22 ----A---- C:\WINDOWS\system32\java.exe 2009-03-05 11:02:55 ----D---- C:\Documents and Settings\Colleen\Application Data\Malwarebytes 2009-03-05 09:39:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-05 09:39:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-03-04 12:11:34 ----SHD---- C:\WINDOWS\CSC 2009-03-04 11:52:10 ----D---- C:\Program Files\Microsoft Windows OneCare Live 2009-03-04 09:48:22 ----ASH---- C:\WINDOWS\system32\FLmWwGgh.ini2 2009-03-03 23:18:45 ----A---- C:\WINDOWS\system32\tgiersns.exe 2009-03-03 22:56:15 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-03 22:56:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-03 22:02:58 ----D---- C:\Program Files\Common Files\Java 2009-03-03 21:42:00 ----D---- C:\Program Files\Windows Defender 2009-03-02 22:18:38 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-02 06:50:38 ----A---- C:\WINDOWS\system32\730e0803-.txt 2009-03-02 06:49:52 ----ASH---- C:\WINDOWS\system32\FLmWwGgh.ini 2009-03-02 06:44:11 ----RASH---- C:\WINDOWS\system32\javawu.exe 2009-02-25 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-02-25 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-12 07:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-10 16:16:58 ----D---- C:\temp 2009-02-08 16:20:37 ----D---- C:\WINDOWS\system32\XPSViewer 2009-02-08 16:20:27 ----D---- C:\Program Files\MSBuild 2009-02-08 16:20:04 ----D---- C:\Program Files\Reference Assemblies 2009-02-08 16:18:57 ----A---- C:\WINDOWS\system32\xpssvcs.dll 2009-02-08 16:18:57 ----A---- C:\WINDOWS\system32\xpsshhdr.dll 2009-02-08 16:18:57 ----A---- C:\WINDOWS\system32\prntvpt.dll 2009-02-08 16:18:55 ----D---- C:\2fdc4c858c131456371338864c2a0b5f ======List of files/folders modified in the last 1 months====== 2009-03-05 20:05:36 ----D---- C:\WINDOWS\Prefetch 2009-03-05 20:02:28 ----D---- C:\WINDOWS\Temp 2009-03-05 20:02:13 ----D---- C:\WINDOWS 2009-03-05 20:01:14 ----D---- C:\WINDOWS\Registration 2009-03-05 19:59:43 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt 2009-03-05 19:59:39 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-05 19:59:29 ----D---- C:\WINDOWS\system32\DLA 2009-03-05 19:58:23 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-05 19:48:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee 2009-03-05 19:47:24 ----D---- C:\Program Files\McAfee 2009-03-05 19:47:20 ----D---- C:\Program Files 2009-03-05 19:47:08 ----D---- C:\Program Files\Common Files 2009-03-05 19:43:17 ----AD---- C:\WINDOWS\system32 2009-03-05 19:43:08 ----SD---- C:\WINDOWS\Tasks 2009-03-05 19:42:54 ----AD---- C:\WINDOWS\system32\drivers 2009-03-05 15:21:05 ----D---- C:\Documents and Settings 2009-03-05 15:18:02 ----SHD---- C:\System Volume Information 2009-03-05 15:18:02 ----D---- C:\WINDOWS\system32\Restore 2009-03-05 15:09:48 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-05 14:59:34 ----SHD---- C:\WINDOWS\Installer 2009-03-05 14:59:29 ----HD---- C:\Config.Msi 2009-03-05 14:58:46 ----D---- C:\Program Files\Java 2009-03-05 10:03:26 ----D---- C:\Program Files\Lavasoft 2009-03-05 09:24:40 ----SHD---- C:\RECYCLER 2009-03-04 23:25:07 ----RASH---- C:\boot.ini 2009-03-04 23:25:07 ----A---- C:\WINDOWS\win.ini 2009-03-04 23:25:07 ----A---- C:\WINDOWS\system.ini 2009-03-04 23:23:36 ----D---- C:\WINDOWS\pss 2009-03-04 23:15:01 ----D---- C:\WINDOWS\Minidump 2009-03-04 22:27:45 ----A---- C:\WINDOWS\OEWABLog.txt 2009-03-04 13:45:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-04 12:41:31 ----SD---- C:\WINDOWS\system32\Microsoft 2009-03-04 12:37:09 ----D---- C:\WINDOWS\system32\config 2009-03-04 11:59:52 ----HD---- C:\WINDOWS\inf 2009-03-04 11:59:49 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-04 00:10:11 ----A---- C:\WINDOWS\wininit.ini 2009-03-03 23:19:35 ----A---- C:\WINDOWS\system32\userinit.exe 2009-03-03 22:18:35 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-03 22:05:26 ----D---- C:\WINDOWS\system32\wbem 2009-03-03 22:03:43 ----D---- C:\WINDOWS\Retail Forms 2009-03-03 22:02:13 ----D---- C:\Documents and Settings\Colleen\Application Data\GTek 2009-03-03 22:00:10 ----D---- C:\Program Files\Windows Live Safety Center 2009-03-02 23:58:14 ----SD---- C:\Documents and Settings\Colleen\Application Data\Microsoft 2009-02-28 17:50:57 ----D---- C:\Documents and Settings\Colleen\Application Data\ZoomBrowser EX 2009-02-25 03:01:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-25 03:01:21 ----A---- C:\WINDOWS\imsins.BAK 2009-02-25 02:16:00 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-24 10:28:37 ----D---- C:\Documents and Settings\Colleen\Application Data\NetBak 2009-02-12 07:15:17 ----D---- C:\Program Files\Internet Explorer 2009-02-12 07:14:55 ----D---- C:\WINDOWS\ie7updates 2009-02-11 20:56:18 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-10 21:23:52 ----D---- C:\WINDOWS\SxsCaPendDel 2009-02-10 17:19:43 ----D---- C:\WINDOWS\system32\FxsTmp 2009-02-10 16:15:32 ----D---- C:\WINDOWS\Downloaded Installations 2009-02-08 17:09:41 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-08 17:09:36 ----RSD---- C:\WINDOWS\assembly 2009-02-08 16:29:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-08 16:28:23 ----D---- C:\WINDOWS\WinSxS 2009-02-08 16:20:21 ----D---- C:\WINDOWS\system32\en-US 2009-02-08 16:20:17 ----RSD---- C:\WINDOWS\Fonts ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384] R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-17 21419] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060] R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-25 1707776] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936] R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560] R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2007-07-05 679936] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 IO_Memory;IO_Memory; \??\c:\sysprep\Drivers\ioport.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SVRPEDRV;SVRPEDRV; \??\C:\DOCUME~1\Colleen\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [] S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-11-25 28800] S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344] S3 USB28xxBGA;PCTV 330e/8x0e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 476288] S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 38656] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-05 152984] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968] R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984] R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960] R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328] R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe [2007-11-27 181784] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  11. wisdomatical
    I had a bad infection of viri and have been able to eliminate all but the userinit keeps showing up in MBAM. Below is a copy of my log, anyhelp would be appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:41:26 PM, on 3/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\QNAP\NetBak\NetBak.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {95BBF92A-F063-4E0A-9E1F-6662C281F8AA} - C:\WINDOWS\system32\hgGwWmLF.dll (file missing) O2 - BHO: Java
  12. wisdomatical
    Will do. First time doing this, sorry. Thanks, Cliff
  13. wisdomatical
    I had a bad infection of viri and have been able to eliminate all but the userinit keeps showing up in MBAM. Below is a copy of my log, anyhelp would be appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:41:26 PM, on 3/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\QNAP\NetBak\NetBak.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {95BBF92A-F063-4E0A-9E1F-6662C281F8AA} - C:\WINDOWS\system32\hgGwWmLF.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.exe /min O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://curtis1.axiscam.net/activex/AMC.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 10686 bytes first run of MBAM Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 5.1.2600 Service Pack 3 3/5/2009 11:41:33 AM mbam-log-2009-03-05 (11-41-33).txt Scan type: Full Scan (C:\|Z:\|) Objects scanned: 160942 Time elapsed: 37 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Colleen\Local Settings\Temp\UAC8809.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACyavuvwwg.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACbgixudpm.sys (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACexromlml.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\UAChdtqoxwn.log (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\UACksnmvvye.dat (Trojan.Agent) -> Delete on reboot. 2nd run of MBAM Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 5.1.2600 Service Pack 3 3/5/2009 2:32:50 PM mbam-log-2009-03-05 (14-32-50).txt Scan type: Full Scan (C:\|) Objects scanned: 160703 Time elapsed: 1 hour(s), 45 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 3rd run of MBAM Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 5.1.2600 Service Pack 3 3/5/2009 5:39:08 PM mbam-log-2009-03-05 (17-39-08).txt Scan type: Quick Scan Objects scanned: 78563 Time elapsed: 29 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.