Psymon Posted March 5, 2010 ID:209901 Share Posted March 5, 2010 Thank you for taking the time to read this. Every time I click on a link from Google, it takes me to a completely different website. I have run avg, avast, search and destroy, ad aware, SpywareBlaster, malewarebytes and even Microsoft security essentials multiple times with nothing ever coming up. I'm scared to know what can hide from all these scanners. Thankfully i found the post on what to do and hope you can help me.DDS (Ver_09-12-01.01) - NTFSx86 Run by Admin at 23:19:34.15 on Thu 03/04/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.732 [GMT -8:00]AV: avast! antivirus 4.8.1368 [VPS 100304-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TDispVol.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\AGRSMMSG.exesvchost.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\WINDOWS\system32\dla\DLACTRLW.exeC:\toshiba\ivp\ism\pinger.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Synaptics\SynTP\Toshiba.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exesvchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\dllhost.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Documents and Settings\Admin\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.toshibadirect.com/dpdstartuSearch Bar = hxxp://search.live.com/sphome.aspxuSearch Page = hxxp://search.live.commDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstartuInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstartmSearchAssistant = hxxp://search.live.com/sphome.aspxBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dllBHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dllTB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exeuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [TFncKy] TFncKy.exemRun: [TDispVol] TDispVol.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exemRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [AGRSMMSG] AGRSMMSG.exemRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exemRun: [TPSMain] TPSMain.exemRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exemRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exemRun: [dla] c:\windows\system32\dla\DLACTRLW.exemRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runmRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exemRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /smRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeyStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exeIE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlIE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.htmlIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabNotify: igfxcui - igfxdev.dllAppInit_DLLs: kigozosi.dll c:\windows\system32\hapevapu.dllLSA: Notification Packages = scecli vaseyure.dllHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\svh7qyzu.default\FF - prefs.js: browser.startup.homepage - hxxp://www.qj.net/psp.htmlFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dllFF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);============= SERVICES / DRIVERS ===============R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-7 114768]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 20560]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-7 138680]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-7 254040]R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-7 352920]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 133104]=============== Created Last 30 ================2010-03-05 07:15:41 0 ----a-w- c:\documents and settings\admin\defogger_reenable2010-03-05 06:47:34 15880 ----a-w- c:\windows\system32\lsdelete.exe2010-03-05 05:09:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys2010-03-05 05:08:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}2010-03-05 05:05:01 0 d-----w- c:\program files\Lavasoft2010-03-05 04:57:41 181632 ------w- c:\windows\system32\MpSigStub.exe2010-03-05 04:35:54 0 d-----w- c:\program files\SpeedFan2010-03-05 04:35:52 45 ----a-w- c:\windows\system32\initdebug.nfo2010-03-05 04:32:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2010-03-05 03:23:17 0 d-----w- c:\program files\SpywareBlaster2010-03-05 03:15:20 0 d-----w- c:\program files\Microsoft Security Essentials2010-03-05 03:15:05 274288 ----a-w- c:\windows\system32\mucltui.dll2010-03-05 03:15:05 215920 ----a-w- c:\windows\system32\muweb.dll2010-03-05 03:15:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2010-02-28 06:46:18 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2010-02-28 06:46:18 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2010-02-28 06:46:08 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2010-02-28 06:46:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys2010-02-28 06:46:03 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2010-02-28 06:46:03 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys2010-02-26 18:05:37 0 d-----w- c:\program files\Spybot - Search & Destroy2010-02-26 18:05:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2010-02-19 09:00:12 0 d-s---w- c:\documents and settings\admin\UserData2010-02-19 01:03:14 967 ----a-w- c:\windows\ScUnin.pif2010-02-19 01:03:14 94208 ----a-w- c:\windows\ScUnin.exe2010-02-19 01:03:14 32930 ----a-w- c:\windows\scunin.dat2010-02-19 01:03:01 0 d-----w- c:\program files\Starcraft2010-02-19 00:26:21 0 d-----w- c:\program files\Elaborate Bytes2010-02-18 04:52:06 0 d-----w- c:\windows\system32\Adobe2010-02-12 05:01:41 0 d-----w- c:\program files\MaxiVista Demo Viewer2010-02-06 06:05:25 0 d-----w- c:\program files\Microsoft Games2010-02-04 08:59:48 143872 ------w- c:\windows\system32\iacenc.dll2010-02-04 07:27:10 56832 ------w- c:\windows\system32\iyvu9_32.dll==================== Find3M ====================2010-02-27 22:31:38 95360 ----a-w- c:\windows\system32\drivers\atapi.sys2010-02-27 01:34:58 69 ----a-w- c:\documents and settings\admin\jagex_runescape_preferences2.dat2010-02-27 01:34:58 41 ----a-w- c:\documents and settings\admin\jagex_runescape_preferences.dat2010-02-04 08:44:10 71280 ------w- c:\windows\fonts\POORICH.TTF2010-02-04 08:44:10 65728 ------w- c:\windows\fonts\LBRITEDI.TTF2010-02-04 08:44:10 65208 ------w- c:\windows\fonts\LBRITEI.TTF2010-02-04 08:44:10 64976 ------w- c:\windows\fonts\LBRITE.TTF2010-02-04 08:44:10 100104 ------w- c:\windows\fonts\VINERITC.TTF2010-02-04 07:23:10 61040 ------w- c:\windows\fonts\LBRITED.TTF2010-02-04 07:23:10 58480 ------w- c:\windows\fonts\LBLACK.TTF2010-02-04 07:23:10 51848 ------w- c:\windows\fonts\LCALLIG.TTF2010-01-16 19:27:26 411368 ----a-w- c:\windows\system32\deploytk.dll2010-01-08 05:29:11 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-22 05:35:11 668672 ----a-w- c:\windows\system32\wininet.dll2009-12-22 05:35:05 81920 ----a-w- c:\windows\system32\ieencode.dll2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll2009-12-08 18:11:44 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe2009-12-08 17:35:25 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe============= FINISH: 23:20:41.35 ===============Malwarebytes' Log:Malwarebytes' Anti-Malware 1.44Database version: 3825Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.21803/5/2010 12:59:41 AMmbam-log-2010-03-05 (00-59-41).txtScan type: Quick ScanObjects scanned: 128915Time elapsed: 5 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Attach.zip Link to post Share on other sites More sharing options...
Elise Posted March 5, 2010 ID:209931 Share Posted March 5, 2010 Hello , and welcome to Malwarebytes forum!First of all I need to see some more information.GMER-------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedIn your next reply, please include the following:GMER logOTL report Link to post Share on other sites More sharing options...
Psymon Posted March 6, 2010 Author ID:210313 Share Posted March 6, 2010 I had some problems when running GMER. It first got stuck on the scan when it tried scanning atapi.sys. I tried running GMER in both normal and safe mode and both times it got stuck on the file rendering my computer unresponsive except for the mouse. After reading up on it, I saw a suggestion to run the scanner with both sections and devices UNCHECKED. Running it this way allowed the scan to finish, and so the following GMER log report is with both those settings unchecked.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-03-05 23:07:57Windows 5.1.2600 Service Pack 2Running: 5kunkoos.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fgtdipod.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA0256B8]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA025574]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA025A52]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA02514C]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA02564E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA02508C]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA0250F0]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA02576E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA02572E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA0258AE]---- User IAT/EAT - GMER 1.0.15 ----IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000---- Modules - GMER 1.0.15 ----Module (noname) (*** hidden *** ) 01D00000-03949000 (29659136 bytes) ---- EOF - GMER 1.0.15 ----OTL Extras logfile created on: 3/5/2010 8:58:48 PM - Run 1OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Admin\DesktopWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 111.79 Gb Total Space | 94.39 Gb Free Space | 84.44% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: X935Current User Name: AdminLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-21-3044861070-3496676187-97246136-1005\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"6100:UDP" = 6100:UDP:*:Enabled:MaxiVista Demo Viewer========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found"C:\Documents and Settings\Admin\Desktop\bgb\bgb.exe" = C:\Documents and Settings\Admin\Desktop\bgb\bgb.exe:*:Enabled:bgb -- File not found"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc -- (Intel Corporation)"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)"C:\Documents and Settings\Admin\Desktop\Game\Battlegrounds.exe" = C:\Documents and Settings\Admin\Desktop\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds -- (LucasArts Entertainment Company LLC)"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe"Ad-Aware" = Ad-Aware"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"Age of Empires 2.0" = Microsoft Age of Empires II"avast!" = avast! Antivirus"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters"Google Chrome" = Google Chrome"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers."Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft Security Essentials" = Microsoft Security Essentials"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool"Power Saver" = TOSHIBA Power Saver"ProInst" = Intel® PROSet/Wireless Software"PROSet" = Intel® PRO Network Connections Drivers"QuickTime" = QuickTime"RealPlayer 6.0" = RealPlayer Basic"SpeedFan" = SpeedFan (remove only)"SpywareBlaster_is1" = SpywareBlaster 4.2"Starcraft" = Starcraft"SynTPDeinstKey" = Synaptics Pointing Device Driver"TOSHIBA Game Console" = TOSHIBA Game Console"TOSHIBA Software Modem" = TOSHIBA Software Modem"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73"Veoh Web Player Beta" = Veoh Web Player"ViewpointMediaPlayer" = Viewpoint Media Player"VirtualCloneDrive" = VirtualCloneDrive"VLC media player" = VLC media player 1.0.3"WildTangent CDA" = WildTangent Web Driver"WildTangent wildgames Master Uninstall" = WildGames"Windows Media Format Runtime" = Windows Media Format Runtime"WinRAR archiver" = WinRAR archiver"WT004722" = Bejeweled 2 Deluxe"WT004723" = Blasterball 2 Revolution"WT004725" = SCRABBLE"WT004829" = Polar Golfer"WT006066" = FATE========== Last 10 Event Log Errors ==========[ Application Events ]Error - 3/5/2010 1:08:52 AM | Computer Name = X935 | Source = Lavasoft Ad-Aware Service | ID = 0Description = Error - 3/5/2010 2:11:57 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 0.0.0.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.Error - 3/5/2010 2:12:19 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.Error - 3/5/2010 2:12:20 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.Error - 3/5/2010 2:12:22 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.Error - 3/5/2010 2:12:23 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 passthrough, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.Error - 3/5/2010 2:12:24 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.Error - 3/5/2010 4:30:35 AM | Computer Name = X935 | Source = Application Error | ID = 1000Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.Error - 3/5/2010 11:34:31 PM | Computer Name = X935 | Source = Application Hang | ID = 1002Description = Hanging application msseces.exe, version 1.0.1961.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/6/2010 12:19:31 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.[ System Events ]Error - 3/6/2010 12:52:11 AM | Computer Name = X935 | Source = DCOM | ID = 10005Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}Error - 3/6/2010 12:52:19 AM | Computer Name = X935 | Source = DCOM | ID = 10005Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcdRdbssTcpipError - 3/6/2010 12:55:44 AM | Computer Name = X935 | Source = DCOM | ID = 10005Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}Error - 3/6/2010 12:56:51 AM | Computer Name = X935 | Source = Ftdisk | ID = 262189Description = The system could not sucessfully load the crash dump driver.Error - 3/6/2010 12:56:51 AM | Computer Name = X935 | Source = Ftdisk | ID = 262193Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physicalmemory.< End of report >OTL logfile created on: 3/5/2010 8:58:48 PM - Run 1OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Admin\DesktopWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 111.79 Gb Total Space | 94.39 Gb Free Space | 84.44% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: X935Current User Name: AdminLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/03/05 19:38:16 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exePRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exePRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exePRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exePRC - [2009/11/24 15:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exePRC - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exePRC - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exePRC - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exePRC - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exePRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEPRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXEPRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exePRC - [2009/06/17 03:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exePRC - [2006/01/05 14:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exePRC - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exePRC - [2005/12/16 00:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exePRC - [2005/12/05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exePRC - [2005/11/30 12:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exePRC - [2005/11/28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exePRC - [2005/11/28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exePRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exePRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exePRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exePRC - [2005/10/06 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXEPRC - [2005/08/16 11:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exePRC - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exePRC - [2005/05/31 21:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exePRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exePRC - [2005/04/26 16:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exePRC - [2005/03/17 17:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exePRC - [2005/03/11 15:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exePRC - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exePRC - [2004/12/30 00:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exePRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exePRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exePRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (SafeList) ==========MOD - [2010/03/05 19:38:16 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exeMOD - [2004/08/10 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dllMOD - [2002/03/03 04:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)SRV - [2010/03/04 22:19:43 | 001,229,232 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)SRV - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)========== Driver Services (SafeList) ==========DRV - [2010/02/04 07:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)DRV - [2009/12/17 14:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)DRV - [2009/11/24 15:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)DRV - [2006/09/24 05:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)DRV - [2006/02/16 01:56:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)DRV - [2005/12/16 00:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2005/12/09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2005/12/04 09:55:30 | 001,428,096 | ---- | M] (Intel Link to post Share on other sites More sharing options...
Elise Posted March 6, 2010 ID:210509 Share Posted March 6, 2010 Hello again,COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
Psymon Posted March 7, 2010 Author ID:210683 Share Posted March 7, 2010 ComboFix 10-03-06.01 - Admin 03/06/2010 15:02:28.1.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1456 [GMT -8:00]Running from: c:\documents and settings\Admin\Desktop\ComboFix.exeAV: avast! antivirus 4.8.1368 [VPS 100306-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\recycler\S-1-5-21-3868997124-911790988-508925577-500c:\windows\system32\Thumbs.dbInfected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it .((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 ))))))))))))))))))))))))))))))).2010-03-06 08:03 . 2010-03-06 08:03 -------- d-----w- c:\program files\Common Files\Java2010-03-06 08:03 . 2010-03-06 08:03 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56eaef87-n\decora-sse.dll2010-03-06 08:03 . 2010-03-06 08:03 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\msvcp71.dll2010-03-06 08:03 . 2010-03-06 08:03 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\jmc.dll2010-03-06 08:03 . 2010-03-06 08:03 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\msvcr71.dll2010-03-06 08:03 . 2010-03-06 08:03 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56eaef87-n\decora-d3d.dll2010-03-06 05:07 . 2010-03-06 05:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth2010-03-06 05:07 . 2010-03-06 05:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth2010-03-05 06:47 . 2010-03-05 06:20 15880 ----a-w- c:\windows\system32\lsdelete.exe2010-03-05 05:08 . 2010-03-05 05:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}2010-03-05 05:08 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe2010-03-05 05:05 . 2010-03-05 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft2010-03-05 05:05 . 2010-03-05 05:08 -------- d-----w- c:\program files\Lavasoft2010-03-05 04:57 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe2010-03-05 04:35 . 2010-03-05 04:36 -------- d-----w- c:\program files\SpeedFan2010-03-05 04:33 . 2010-03-05 04:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities2010-03-05 04:32 . 2010-03-05 04:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2010-03-05 03:23 . 2010-03-05 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP2010-03-05 03:23 . 2010-03-05 03:24 -------- d-----w- c:\program files\SpywareBlaster2010-03-05 03:15 . 2010-03-05 03:15 -------- d-----w- c:\program files\Microsoft Security Essentials2010-03-05 03:15 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-03-05 03:15 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-02-28 06:46 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2010-02-28 06:46 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2010-02-28 06:46 . 2001-08-17 22:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys2010-02-28 06:46 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys2010-02-28 06:46 . 2004-08-04 07:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2010-02-28 06:46 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys2010-02-26 18:05 . 2010-02-28 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-02-26 18:05 . 2010-02-26 18:09 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-02-22 09:57 . 2010-02-22 09:57 -------- d-s---w- c:\documents and settings\NetworkService\UserData2010-02-19 09:00 . 2010-02-19 09:00 -------- d-s---w- c:\documents and settings\Admin\UserData2010-02-19 01:03 . 2010-02-19 01:05 967 ----a-w- c:\windows\ScUnin.pif2010-02-19 01:03 . 2010-02-19 01:05 32930 ----a-w- c:\windows\scunin.dat2010-02-19 01:03 . 2010-02-19 01:05 94208 ----a-w- c:\windows\ScUnin.exe2010-02-19 01:03 . 2010-02-28 06:25 -------- d-----w- c:\program files\Starcraft2010-02-19 00:26 . 2010-02-19 00:26 -------- d-----w- c:\program files\Elaborate Bytes2010-02-18 04:52 . 2010-02-18 04:52 -------- d-----w- c:\windows\system32\Adobe2010-02-12 05:01 . 2010-02-22 09:41 -------- d-----w- c:\program files\MaxiVista Demo Viewer2010-02-06 06:05 . 2010-02-06 06:05 -------- d-----w- c:\program files\Microsoft Games.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-03-06 08:05 . 2010-01-16 19:33 69 ----a-w- c:\documents and settings\Admin\jagex_runescape_preferences2.dat2010-03-06 08:05 . 2010-01-16 19:29 41 ----a-w- c:\documents and settings\Admin\jagex_runescape_preferences.dat2010-03-06 08:03 . 2010-01-16 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll2010-03-06 08:03 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java2010-03-06 06:24 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys2010-03-05 06:31 . 2010-01-27 00:32 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc2010-03-05 06:19 . 2010-03-05 05:09 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll2010-03-05 06:19 . 2010-03-05 05:09 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe2010-03-05 06:19 . 2010-03-05 05:09 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe2010-03-05 06:19 . 2010-03-05 05:09 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe2010-03-05 06:19 . 2010-03-05 05:09 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe2010-03-05 06:19 . 2010-03-05 05:09 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe2010-03-05 06:18 . 2006-02-18 15:00 -------- d-----w- c:\program files\GemMaster2010-03-05 06:13 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime2010-03-05 04:54 . 2010-01-30 06:31 -------- d-----w- c:\program files\Microsoft Silverlight2010-03-05 04:49 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works2010-02-26 03:16 . 2010-01-28 04:21 1 ----a-w- c:\documents and settings\Admin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2010-02-23 08:31 . 2006-02-16 16:59 41384 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-02-04 15:53 . 2010-03-05 05:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys2010-02-04 08:59 . 2010-02-04 08:59 143872 ------w- c:\windows\system32\iacenc.dll2010-02-04 07:27 . 2010-02-04 07:27 56832 ------w- c:\windows\system32\iyvu9_32.dll2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-01-30 06:31 . 2010-01-30 06:28 -------- d-----w- c:\program files\MSN Toolbar Installer2010-01-30 06:31 . 2010-01-30 06:31 -------- d-----w- c:\program files\Microsoft2010-01-30 06:31 . 2010-01-30 06:31 -------- d-----w- c:\program files\MSN Toolbar2010-01-28 04:20 . 2010-01-28 04:20 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org2010-01-28 04:17 . 2010-01-28 04:17 -------- d-----w- c:\program files\JRE2010-01-28 04:17 . 2010-01-28 04:17 -------- d-----w- c:\program files\OpenOffice.org 32010-01-27 23:27 . 2010-01-27 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent2010-01-27 23:21 . 2010-01-27 23:19 -------- d-----w- c:\program files\WildGames2010-01-27 00:31 . 2010-01-27 00:31 -------- d-----w- c:\program files\VideoLAN2010-01-26 23:52 . 2010-01-26 23:51 -------- d-----w- c:\program files\DivX2010-01-26 23:51 . 2010-01-26 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared2010-01-25 08:28 . 2010-01-25 08:28 -------- d-----w- c:\program files\Veoh Networks2010-01-15 11:33 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat2010-01-09 07:37 . 2010-01-08 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-01-08 19:26 . 2006-02-16 09:55 -------- d-----w- c:\program files\Pure Networks2010-01-08 19:26 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL2010-01-08 18:49 . 2010-01-08 18:49 -------- d-----w- c:\program files\MSXML 4.02010-01-08 06:14 . 2010-01-08 06:13 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe2010-01-08 06:04 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google2010-01-08 06:02 . 2010-01-08 06:02 -------- d-----w- c:\program files\Alwil Software2010-01-08 05:44 . 2006-02-15 16:25 -------- d-----w- c:\program files\TOSHIBA2010-01-08 05:43 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com2010-01-08 05:41 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL2010-01-08 05:40 . 2010-01-08 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\AOL2010-01-08 05:40 . 2006-02-16 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL2010-01-08 05:29 . 2010-01-08 05:29 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys2010-01-08 05:28 . 2010-01-08 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel2010-01-08 05:28 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel2010-01-08 05:28 . 2010-01-08 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Intel2010-01-08 05:28 . 2010-01-08 05:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel2010-01-08 05:15 . 2010-01-08 05:15 -------- d-----w- c:\program files\AVerMedia2010-01-08 05:15 . 2010-01-08 05:30 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe2010-01-08 05:15 . 2010-01-08 05:15 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe2010-01-08 05:15 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information2010-01-08 05:15 . 2010-01-08 05:15 -------- d-----w- c:\program files\Common Files\InterVideo2010-01-08 05:14 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo2010-01-08 00:07 . 2010-01-30 06:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-01-08 00:07 . 2010-01-30 06:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-31 16:14 . 2006-02-15 14:04 352640 ----a-w- c:\windows\system32\drivers\srv.sys2009-12-22 05:35 . 2006-02-15 14:04 668672 ----a-w- c:\windows\system32\wininet.dll2009-12-22 05:35 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys2009-12-16 12:58 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe2009-12-14 07:35 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll2009-12-08 18:11 . 2006-02-15 14:03 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe2009-12-08 17:35 . 2004-08-03 22:59 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TFncKy"="TFncKy.exe" [bU]"TDispVol"="TDispVol.exe" [2005-03-11 73728]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]"TPSMain"="TPSMain.exe" [2005-06-01 282624]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"="c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Starcraft\\StarCraft.exe"="c:\\Documents and Settings\\Admin\\Desktop\\Game\\Battlegrounds.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"6100:UDP"= 6100:UDP:MaxiVista Demo ViewerR0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 9:09 PM 64288]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/7/2010 10:02 PM 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2010 10:02 PM 20560]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 10:02 PM 133104]S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 7:52 AM 1229232].Contents of the 'Scheduled Tasks' folder2010-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 06:19]2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:02]2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:02]2010-03-06 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02]2010-01-08 c:\windows\Tasks\Registration reminder 3.job- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00]..------- Supplementary Scan -------.uStart Page = hxxp://www.toshibadirect.com/dpdstartuInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstartIE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.htmlIE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.htmlIE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.htmlFF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\svh7qyzu.default\FF - prefs.js: browser.startup.homepage - hxxp://www.qj.net/psp.htmlFF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dllFF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.- - - - ORPHANS REMOVED - - - -HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe**************************************************************************scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(3608)c:\windows\system32\TDispVol.dllc:\windows\system32\TPwrCfg.DLLc:\windows\system32\TPwrReg.dllc:\windows\system32\TPSTrace.DLL.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Essentials\MsMpEng.exec:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\TOSHIBA\ConfigFree\CFSvcs.exec:\windows\system32\DVDRAMSV.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\toshiba\IVP\swupdate\swupdtmr.exec:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\windows\ehome\mcrdsvc.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\windows\system32\dllhost.exec:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exec:\windows\system32\TDispVol.exec:\windows\eHome\ehmsas.exec:\windows\AGRSMMSG.exec:\windows\system32\TPSMain.exec:\program files\Synaptics\SynTP\Toshiba.exec:\windows\system32\TPSBattM.exec:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe.**************************************************************************.Completion time: 2010-03-06 16:41:44 - machine was rebootedComboFix-quarantined-files.txt 2010-03-07 00:41Pre-Run: 100,981,739,520 bytes freePost-Run: 101,545,816,064 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect- - End Of File - - F2F1F52EC43F3897BC4662D78F7A8D32 Link to post Share on other sites More sharing options...
Elise Posted March 7, 2010 ID:210770 Share Posted March 7, 2010 Hello , That took out quite some stuff, however, please consider the following information first...BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.TWO ANTIVIRUS PROGRAMS---------------------------------------I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials.MALWAREBYTES ANTIMALWARE-------------------------------------------Please launch MBAM and update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.In your next reply, please include the following:MBAM log Link to post Share on other sites More sharing options...
Psymon Posted March 7, 2010 Author ID:210784 Share Posted March 7, 2010 Oh wow. looks like I did a real good job in getting a nasty. I have no problems with reformatting my computer if its the fastest and safest route. Its been reformatted recently so there isnt anything important on here i need to worry about. here the MBAM logMalwarebytes' Anti-Malware 1.44Database version: 3831Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.21803/7/2010 12:23:31 AMmbam-log-2010-03-07 (00-23-31).txtScan type: Full Scan (C:\|)Objects scanned: 197718Time elapsed: 28 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Elise Posted March 7, 2010 ID:210785 Share Posted March 7, 2010 Hello again,Its not that the computer cannot be cleaned. Most nasty malware is already gone. However, the rootkit you had, leaves your computer with a backdoor, this is a security vulnerability that might or might not be exploited by future threats.Please let me know how you wish to continue Link to post Share on other sites More sharing options...
Psymon Posted March 7, 2010 Author ID:210787 Share Posted March 7, 2010 Is there anyway for that back door to be found and the exploit fixed? If it can't, or can't be done easily, ill just reformat and reinstall xp. Link to post Share on other sites More sharing options...
Elise Posted March 7, 2010 ID:210793 Share Posted March 7, 2010 No, unfortunately the only way you can be sure its gone, is a reformat.Please let me know if you have any more questions Link to post Share on other sites More sharing options...
Psymon Posted March 10, 2010 Author ID:212378 Share Posted March 10, 2010 Sorry its taken so long for a reply. But all i wanted to say was thank you for all you effort and time to help me out. I really appreciate it. Link to post Share on other sites More sharing options...
Elise Posted March 10, 2010 ID:212622 Share Posted March 10, 2010 You are welcome. I will request this topic to be closed.Below I will list some general information you might find of interest.Please read these advices, in order to prevent reinfecting your PC:Install and update the following programs regularly:an outbound firewallA comprehensive tutorial and a list of possible firewalls can be found here.an AntiVirus SoftwareIt is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.an Anti-Spyware programMalware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.SUPERAntiSpyware is another good scanner with high detection and removal rates.Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.Spyware BlasterA tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.MVPs hosts fileA tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file[*]Keep Windows (and your other Microsoft software) up to date!I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!![*]Keep your other software up to date as wellSoftware does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.[*]Stay up to date!The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing .Some more links you might find of interest:Miekies' prevention suggestionsSo How did I get infected?Microsoft - 'Security at home'Calendar of Updates: See which updates have been released.How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:Commonly UsedFreeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.osalt: Find (free) open source alternatives to known commercial software. Link to post Share on other sites More sharing options...
Recommended Posts