Jump to content

Psymon

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry its taken so long for a reply. But all i wanted to say was thank you for all you effort and time to help me out. I really appreciate it.
  2. Is there anyway for that back door to be found and the exploit fixed? If it can't, or can't be done easily, ill just reformat and reinstall xp.
  3. Oh wow. looks like I did a real good job in getting a nasty. I have no problems with reformatting my computer if its the fastest and safest route. Its been reformatted recently so there isnt anything important on here i need to worry about. here the MBAM log Malwarebytes' Anti-Malware 1.44 Database version: 3831 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 3/7/2010 12:23:31 AM mbam-log-2010-03-07 (00-23-31).txt Scan type: Full Scan (C:\|) Objects scanned: 197718 Time elapsed: 28 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. ComboFix 10-03-06.01 - Admin 03/06/2010 15:02:28.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1456 [GMT -8:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100306-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-3868997124-911790988-508925577-500 c:\windows\system32\Thumbs.db Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 ))))))))))))))))))))))))))))))) . 2010-03-06 08:03 . 2010-03-06 08:03 -------- d-----w- c:\program files\Common Files\Java 2010-03-06 08:03 . 2010-03-06 08:03 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56eaef87-n\decora-sse.dll 2010-03-06 08:03 . 2010-03-06 08:03 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\msvcp71.dll 2010-03-06 08:03 . 2010-03-06 08:03 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\jmc.dll 2010-03-06 08:03 . 2010-03-06 08:03 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\msvcr71.dll 2010-03-06 08:03 . 2010-03-06 08:03 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56eaef87-n\decora-d3d.dll 2010-03-06 05:07 . 2010-03-06 05:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth 2010-03-06 05:07 . 2010-03-06 05:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-03-05 06:47 . 2010-03-05 06:20 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-05 05:08 . 2010-03-05 05:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-05 05:08 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-03-05 05:05 . 2010-03-05 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-03-05 05:05 . 2010-03-05 05:08 -------- d-----w- c:\program files\Lavasoft 2010-03-05 04:57 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-05 04:35 . 2010-03-05 04:36 -------- d-----w- c:\program files\SpeedFan 2010-03-05 04:33 . 2010-03-05 04:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities 2010-03-05 04:32 . 2010-03-05 04:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-05 03:23 . 2010-03-05 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-05 03:23 . 2010-03-05 03:24 -------- d-----w- c:\program files\SpywareBlaster 2010-03-05 03:15 . 2010-03-05 03:15 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-03-05 03:15 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-03-05 03:15 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-02-28 06:46 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-02-28 06:46 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-02-28 06:46 . 2001-08-17 22:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-02-28 06:46 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-02-28 06:46 . 2004-08-04 07:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2010-02-28 06:46 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-02-26 18:05 . 2010-02-28 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-02-26 18:05 . 2010-02-26 18:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-22 09:57 . 2010-02-22 09:57 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-02-19 09:00 . 2010-02-19 09:00 -------- d-s---w- c:\documents and settings\Admin\UserData 2010-02-19 01:03 . 2010-02-19 01:05 967 ----a-w- c:\windows\ScUnin.pif 2010-02-19 01:03 . 2010-02-19 01:05 32930 ----a-w- c:\windows\scunin.dat 2010-02-19 01:03 . 2010-02-19 01:05 94208 ----a-w- c:\windows\ScUnin.exe 2010-02-19 01:03 . 2010-02-28 06:25 -------- d-----w- c:\program files\Starcraft 2010-02-19 00:26 . 2010-02-19 00:26 -------- d-----w- c:\program files\Elaborate Bytes 2010-02-18 04:52 . 2010-02-18 04:52 -------- d-----w- c:\windows\system32\Adobe 2010-02-12 05:01 . 2010-02-22 09:41 -------- d-----w- c:\program files\MaxiVista Demo Viewer 2010-02-06 06:05 . 2010-02-06 06:05 -------- d-----w- c:\program files\Microsoft Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-06 08:05 . 2010-01-16 19:33 69 ----a-w- c:\documents and settings\Admin\jagex_runescape_preferences2.dat 2010-03-06 08:05 . 2010-01-16 19:29 41 ----a-w- c:\documents and settings\Admin\jagex_runescape_preferences.dat 2010-03-06 08:03 . 2010-01-16 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-06 08:03 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java 2010-03-06 06:24 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-03-05 06:31 . 2010-01-27 00:32 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc 2010-03-05 06:19 . 2010-03-05 05:09 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-03-05 06:19 . 2010-03-05 05:09 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-03-05 06:19 . 2010-03-05 05:09 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-03-05 06:19 . 2010-03-05 05:09 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-03-05 06:19 . 2010-03-05 05:09 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-03-05 06:19 . 2010-03-05 05:09 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-03-05 06:18 . 2006-02-18 15:00 -------- d-----w- c:\program files\GemMaster 2010-03-05 06:13 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2010-03-05 04:54 . 2010-01-30 06:31 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-05 04:49 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works 2010-02-26 03:16 . 2010-01-28 04:21 1 ----a-w- c:\documents and settings\Admin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-23 08:31 . 2006-02-16 16:59 41384 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-04 15:53 . 2010-03-05 05:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-02-04 08:59 . 2010-02-04 08:59 143872 ------w- c:\windows\system32\iacenc.dll 2010-02-04 07:27 . 2010-02-04 07:27 56832 ------w- c:\windows\system32\iyvu9_32.dll 2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-30 06:31 . 2010-01-30 06:28 -------- d-----w- c:\program files\MSN Toolbar Installer 2010-01-30 06:31 . 2010-01-30 06:31 -------- d-----w- c:\program files\Microsoft 2010-01-30 06:31 . 2010-01-30 06:31 -------- d-----w- c:\program files\MSN Toolbar 2010-01-28 04:20 . 2010-01-28 04:20 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org 2010-01-28 04:17 . 2010-01-28 04:17 -------- d-----w- c:\program files\JRE 2010-01-28 04:17 . 2010-01-28 04:17 -------- d-----w- c:\program files\OpenOffice.org 3 2010-01-27 23:27 . 2010-01-27 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent 2010-01-27 23:21 . 2010-01-27 23:19 -------- d-----w- c:\program files\WildGames 2010-01-27 00:31 . 2010-01-27 00:31 -------- d-----w- c:\program files\VideoLAN 2010-01-26 23:52 . 2010-01-26 23:51 -------- d-----w- c:\program files\DivX 2010-01-26 23:51 . 2010-01-26 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-01-25 08:28 . 2010-01-25 08:28 -------- d-----w- c:\program files\Veoh Networks 2010-01-15 11:33 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-09 07:37 . 2010-01-08 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-01-08 19:26 . 2006-02-16 09:55 -------- d-----w- c:\program files\Pure Networks 2010-01-08 19:26 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL 2010-01-08 18:49 . 2010-01-08 18:49 -------- d-----w- c:\program files\MSXML 4.0 2010-01-08 06:14 . 2010-01-08 06:13 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-01-08 06:04 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google 2010-01-08 06:02 . 2010-01-08 06:02 -------- d-----w- c:\program files\Alwil Software 2010-01-08 05:44 . 2006-02-15 16:25 -------- d-----w- c:\program files\TOSHIBA 2010-01-08 05:43 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2010-01-08 05:41 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2010-01-08 05:40 . 2010-01-08 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\AOL 2010-01-08 05:40 . 2006-02-16 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2010-01-08 05:29 . 2010-01-08 05:29 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-01-08 05:28 . 2010-01-08 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel 2010-01-08 05:28 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel 2010-01-08 05:28 . 2010-01-08 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Intel 2010-01-08 05:28 . 2010-01-08 05:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel 2010-01-08 05:15 . 2010-01-08 05:15 -------- d-----w- c:\program files\AVerMedia 2010-01-08 05:15 . 2010-01-08 05:30 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe 2010-01-08 05:15 . 2010-01-08 05:15 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe 2010-01-08 05:15 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-08 05:15 . 2010-01-08 05:15 -------- d-----w- c:\program files\Common Files\InterVideo 2010-01-08 05:14 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo 2010-01-08 00:07 . 2010-01-30 06:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 00:07 . 2010-01-30 06:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:14 . 2006-02-15 14:04 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-22 05:35 . 2006-02-15 14:04 668672 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:35 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys 2009-12-16 12:58 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:35 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 18:11 . 2006-02-15 14:03 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:35 . 2004-08-03 22:59 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" [2005-03-11 73728] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Documents and Settings\\Admin\\Desktop\\Game\\Battlegrounds.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6100:UDP"= 6100:UDP:MaxiVista Demo Viewer R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 9:09 PM 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/7/2010 10:02 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2010 10:02 PM 20560] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 10:02 PM 133104] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 7:52 AM 1229232] . Contents of the 'Scheduled Tasks' folder 2010-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 06:19] 2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:02] 2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:02] 2010-03-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02] 2010-01-08 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\svh7qyzu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.qj.net/psp.html FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3608) c:\windows\system32\TDispVol.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\dllhost.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\windows\system32\TDispVol.exe c:\windows\eHome\ehmsas.exe c:\windows\AGRSMMSG.exe c:\windows\system32\TPSMain.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2010-03-06 16:41:44 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-07 00:41 Pre-Run: 100,981,739,520 bytes free Post-Run: 101,545,816,064 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - F2F1F52EC43F3897BC4662D78F7A8D32
  5. I had some problems when running GMER. It first got stuck on the scan when it tried scanning atapi.sys. I tried running GMER in both normal and safe mode and both times it got stuck on the file rendering my computer unresponsive except for the mouse. After reading up on it, I saw a suggestion to run the scanner with both sections and devices UNCHECKED. Running it this way allowed the scan to finish, and so the following GMER log report is with both those settings unchecked. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-05 23:07:57 Windows 5.1.2600 Service Pack 2 Running: 5kunkoos.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fgtdipod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA0256B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA025574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA025A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA02514C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA02564E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA02508C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA0250F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA02576E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA02572E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA0258AE] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002 IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000 ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) 01D00000-03949000 (29659136 bytes) ---- EOF - GMER 1.0.15 ---- OTL Extras logfile created on: 3/5/2010 8:58:48 PM - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Admin\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 94.39 Gb Free Space | 84.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: X935 Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-3044861070-3496676187-97246136-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "6100:UDP" = 6100:UDP:*:Enabled:MaxiVista Demo Viewer ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found "C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found "C:\Documents and Settings\Admin\Desktop\bgb\bgb.exe" = C:\Documents and Settings\Admin\Desktop\bgb\bgb.exe:*:Enabled:bgb -- File not found "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc -- (Intel Corporation) "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks) "C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation) "C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment) "C:\Documents and Settings\Admin\Desktop\Game\Battlegrounds.exe" = C:\Documents and Settings\Admin\Desktop\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds -- (LucasArts Entertainment Company LLC) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility "{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8 "{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Empires 2.0" = Microsoft Age of Empires II "avast!" = avast! Antivirus "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Google Chrome" = Google Chrome "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8) "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool "Power Saver" = TOSHIBA Power Saver "ProInst" = Intel® PROSet/Wireless Software "PROSet" = Intel® PRO Network Connections Drivers "QuickTime" = QuickTime "RealPlayer 6.0" = RealPlayer Basic "SpeedFan" = SpeedFan (remove only) "SpywareBlaster_is1" = SpywareBlaster 4.2 "Starcraft" = Starcraft "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Game Console" = TOSHIBA Game Console "TOSHIBA Software Modem" = TOSHIBA Software Modem "TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73 "Veoh Web Player Beta" = Veoh Web Player "ViewpointMediaPlayer" = Viewpoint Media Player "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.3 "WildTangent CDA" = WildTangent Web Driver "WildTangent wildgames Master Uninstall" = WildGames "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = WinRAR archiver "WT004722" = Bejeweled 2 Deluxe "WT004723" = Blasterball 2 Revolution "WT004725" = SCRABBLE "WT004829" = Polar Golfer "WT006066" = FATE ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/5/2010 1:08:52 AM | Computer Name = X935 | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 3/5/2010 2:11:57 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 0.0.0.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/5/2010 2:12:19 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/5/2010 2:12:20 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/5/2010 2:12:22 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/5/2010 2:12:23 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 passthrough, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/5/2010 2:12:24 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/5/2010 4:30:35 AM | Computer Name = X935 | Source = Application Error | ID = 1000 Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b. Error - 3/5/2010 11:34:31 PM | Computer Name = X935 | Source = Application Hang | ID = 1002 Description = Hanging application msseces.exe, version 1.0.1961.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/6/2010 12:19:31 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. [ System Events ] Error - 3/6/2010 12:52:11 AM | Computer Name = X935 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 3/6/2010 12:52:19 AM | Computer Name = X935 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 3/6/2010 12:55:44 AM | Computer Name = X935 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 3/6/2010 12:56:51 AM | Computer Name = X935 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 3/6/2010 12:56:51 AM | Computer Name = X935 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. < End of report > OTL logfile created on: 3/5/2010 8:58:48 PM - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Admin\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 94.39 Gb Free Space | 84.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: X935 Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/03/05 19:38:16 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe PRC - [2009/11/24 15:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/06/17 03:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe PRC - [2006/01/05 14:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe PRC - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe PRC - [2005/12/16 00:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe PRC - [2005/12/05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005/11/30 12:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe PRC - [2005/11/28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005/11/28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2005/10/06 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005/08/16 11:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe PRC - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe PRC - [2005/05/31 21:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005/04/26 16:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2005/03/17 17:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe PRC - [2005/03/11 15:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe PRC - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2004/12/30 00:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/03/05 19:38:16 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe MOD - [2004/08/10 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2002/03/03 04:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state) SRV - [2010/03/04 22:19:43 | 001,229,232 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) ========== Driver Services (SafeList) ========== DRV - [2010/02/04 07:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/12/17 14:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/11/24 15:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2006/09/24 05:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006/02/16 01:56:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/12/16 00:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/12/09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/12/04 09:55:30 | 001,428,096 | ---- | M] (Intel
  6. Thank you for taking the time to read this. Every time I click on a link from Google, it takes me to a completely different website. I have run avg, avast, search and destroy, ad aware, SpywareBlaster, malewarebytes and even Microsoft security essentials multiple times with nothing ever coming up. I'm scared to know what can hide from all these scanners. Thankfully i found the post on what to do and hope you can help me. DDS (Ver_09-12-01.01) - NTFSx86 Run by Admin at 23:19:34.15 on Thu 03/04/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.732 [GMT -8:00] AV: avast! antivirus 4.8.1368 [VPS 100304-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe svchost.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart uSearch Bar = hxxp://search.live.com/sphome.aspx uSearch Page = hxxp://search.live.com mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart mSearchAssistant = hxxp://search.live.com/sphome.aspx BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [TFncKy] TFncKy.exe mRun: [TDispVol] TDispVol.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [TPSMain] TPSMain.exe mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll AppInit_DLLs: kigozosi.dll c:\windows\system32\hapevapu.dll LSA: Notification Packages = scecli vaseyure.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\svh7qyzu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.qj.net/psp.html FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-7 114768] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-7 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-7 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-7 352920] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 133104] =============== Created Last 30 ================ 2010-03-05 07:15:41 0 ----a-w- c:\documents and settings\admin\defogger_reenable 2010-03-05 06:47:34 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-05 05:09:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-03-05 05:08:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-05 05:05:01 0 d-----w- c:\program files\Lavasoft 2010-03-05 04:57:41 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-05 04:35:54 0 d-----w- c:\program files\SpeedFan 2010-03-05 04:35:52 45 ----a-w- c:\windows\system32\initdebug.nfo 2010-03-05 04:32:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-05 03:23:17 0 d-----w- c:\program files\SpywareBlaster 2010-03-05 03:15:20 0 d-----w- c:\program files\Microsoft Security Essentials 2010-03-05 03:15:05 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-03-05 03:15:05 215920 ----a-w- c:\windows\system32\muweb.dll 2010-03-05 03:15:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2010-02-28 06:46:18 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-02-28 06:46:18 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-02-28 06:46:08 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-02-28 06:46:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-02-28 06:46:03 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2010-02-28 06:46:03 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-02-26 18:05:37 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-02-26 18:05:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-02-19 09:00:12 0 d-s---w- c:\documents and settings\admin\UserData 2010-02-19 01:03:14 967 ----a-w- c:\windows\ScUnin.pif 2010-02-19 01:03:14 94208 ----a-w- c:\windows\ScUnin.exe 2010-02-19 01:03:14 32930 ----a-w- c:\windows\scunin.dat 2010-02-19 01:03:01 0 d-----w- c:\program files\Starcraft 2010-02-19 00:26:21 0 d-----w- c:\program files\Elaborate Bytes 2010-02-18 04:52:06 0 d-----w- c:\windows\system32\Adobe 2010-02-12 05:01:41 0 d-----w- c:\program files\MaxiVista Demo Viewer 2010-02-06 06:05:25 0 d-----w- c:\program files\Microsoft Games 2010-02-04 08:59:48 143872 ------w- c:\windows\system32\iacenc.dll 2010-02-04 07:27:10 56832 ------w- c:\windows\system32\iyvu9_32.dll ==================== Find3M ==================== 2010-02-27 22:31:38 95360 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-02-27 01:34:58 69 ----a-w- c:\documents and settings\admin\jagex_runescape_preferences2.dat 2010-02-27 01:34:58 41 ----a-w- c:\documents and settings\admin\jagex_runescape_preferences.dat 2010-02-04 08:44:10 71280 ------w- c:\windows\fonts\POORICH.TTF 2010-02-04 08:44:10 65728 ------w- c:\windows\fonts\LBRITEDI.TTF 2010-02-04 08:44:10 65208 ------w- c:\windows\fonts\LBRITEI.TTF 2010-02-04 08:44:10 64976 ------w- c:\windows\fonts\LBRITE.TTF 2010-02-04 08:44:10 100104 ------w- c:\windows\fonts\VINERITC.TTF 2010-02-04 07:23:10 61040 ------w- c:\windows\fonts\LBRITED.TTF 2010-02-04 07:23:10 58480 ------w- c:\windows\fonts\LBLACK.TTF 2010-02-04 07:23:10 51848 ------w- c:\windows\fonts\LCALLIG.TTF 2010-01-16 19:27:26 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-08 05:29:11 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-22 05:35:11 668672 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:35:05 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 18:11:44 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:35:25 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe ============= FINISH: 23:20:41.35 =============== Malwarebytes' Log: Malwarebytes' Anti-Malware 1.44 Database version: 3825 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 3/5/2010 12:59:41 AM mbam-log-2010-03-05 (00-59-41).txt Scan type: Quick Scan Objects scanned: 128915 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.