Jump to content

HijackThis Log


Recommended Posts

Thank you for taking the time to read this. Every time I click on a link from Google, it takes me to a completely different website. I have run avg, avast, search and destroy, ad aware, SpywareBlaster, malewarebytes and even Microsoft security essentials multiple times with nothing ever coming up. I'm scared to know what can hide from all these scanners. Thankfully i found the post on what to do and hope you can help me.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Admin at 23:19:34.15 on Thu 03/04/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.732 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 100304-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

svchost.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart

uSearch Bar = hxxp://search.live.com/sphome.aspx

uSearch Page = hxxp://search.live.com

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

mSearchAssistant = hxxp://search.live.com/sphome.aspx

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TDispVol] TDispVol.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TPSMain] TPSMain.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: kigozosi.dll c:\windows\system32\hapevapu.dll

LSA: Notification Packages = scecli vaseyure.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\svh7qyzu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.qj.net/psp.html

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-4 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-7 114768]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-7 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-7 138680]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-7 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-7 352920]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 133104]

=============== Created Last 30 ================

2010-03-05 07:15:41 0 ----a-w- c:\documents and settings\admin\defogger_reenable

2010-03-05 06:47:34 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-05 05:09:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-05 05:08:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-05 05:05:01 0 d-----w- c:\program files\Lavasoft

2010-03-05 04:57:41 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-03-05 04:35:54 0 d-----w- c:\program files\SpeedFan

2010-03-05 04:35:52 45 ----a-w- c:\windows\system32\initdebug.nfo

2010-03-05 04:32:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-05 03:23:17 0 d-----w- c:\program files\SpywareBlaster

2010-03-05 03:15:20 0 d-----w- c:\program files\Microsoft Security Essentials

2010-03-05 03:15:05 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-05 03:15:05 215920 ----a-w- c:\windows\system32\muweb.dll

2010-03-05 03:15:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-02-28 06:46:18 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-02-28 06:46:18 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-02-28 06:46:08 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-02-28 06:46:08 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-02-28 06:46:03 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-02-28 06:46:03 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-02-26 18:05:37 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-02-26 18:05:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-02-19 09:00:12 0 d-s---w- c:\documents and settings\admin\UserData

2010-02-19 01:03:14 967 ----a-w- c:\windows\ScUnin.pif

2010-02-19 01:03:14 94208 ----a-w- c:\windows\ScUnin.exe

2010-02-19 01:03:14 32930 ----a-w- c:\windows\scunin.dat

2010-02-19 01:03:01 0 d-----w- c:\program files\Starcraft

2010-02-19 00:26:21 0 d-----w- c:\program files\Elaborate Bytes

2010-02-18 04:52:06 0 d-----w- c:\windows\system32\Adobe

2010-02-12 05:01:41 0 d-----w- c:\program files\MaxiVista Demo Viewer

2010-02-06 06:05:25 0 d-----w- c:\program files\Microsoft Games

2010-02-04 08:59:48 143872 ------w- c:\windows\system32\iacenc.dll

2010-02-04 07:27:10 56832 ------w- c:\windows\system32\iyvu9_32.dll

==================== Find3M ====================

2010-02-27 22:31:38 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-02-27 01:34:58 69 ----a-w- c:\documents and settings\admin\jagex_runescape_preferences2.dat

2010-02-27 01:34:58 41 ----a-w- c:\documents and settings\admin\jagex_runescape_preferences.dat

2010-02-04 08:44:10 71280 ------w- c:\windows\fonts\POORICH.TTF

2010-02-04 08:44:10 65728 ------w- c:\windows\fonts\LBRITEDI.TTF

2010-02-04 08:44:10 65208 ------w- c:\windows\fonts\LBRITEI.TTF

2010-02-04 08:44:10 64976 ------w- c:\windows\fonts\LBRITE.TTF

2010-02-04 08:44:10 100104 ------w- c:\windows\fonts\VINERITC.TTF

2010-02-04 07:23:10 61040 ------w- c:\windows\fonts\LBRITED.TTF

2010-02-04 07:23:10 58480 ------w- c:\windows\fonts\LBLACK.TTF

2010-02-04 07:23:10 51848 ------w- c:\windows\fonts\LCALLIG.TTF

2010-01-16 19:27:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-08 05:29:11 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-22 05:35:11 668672 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:35:05 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 18:11:44 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 17:35:25 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 23:20:41.35 ===============

Malwarebytes' Log:

Malwarebytes' Anti-Malware 1.44

Database version: 3825

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/5/2010 12:59:41 AM

mbam-log-2010-03-05 (00-59-41).txt

Scan type: Quick Scan

Objects scanned: 128915

Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

Hello , and welcome to Malwarebytes forum!

First of all I need to see some more information.

GMER

-------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your next reply, please include the following:

  • GMER log
  • OTL report

Link to post
Share on other sites

I had some problems when running GMER. It first got stuck on the scan when it tried scanning atapi.sys. I tried running GMER in both normal and safe mode and both times it got stuck on the file rendering my computer unresponsive except for the mouse. After reading up on it, I saw a suggestion to run the scanner with both sections and devices UNCHECKED. Running it this way allowed the scan to finish, and so the following GMER log report is with both those settings unchecked.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-05 23:07:57

Windows 5.1.2600 Service Pack 2

Running: 5kunkoos.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fgtdipod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA0256B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA025574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA025A52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA02514C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA02564E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA02508C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA0250F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA02576E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA02572E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA0258AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002

IAT C:\WINDOWS\system32\services.exe[1008] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 01D00000-03949000 (29659136 bytes)

---- EOF - GMER 1.0.15 ----

OTL Extras logfile created on: 3/5/2010 8:58:48 PM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Admin\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.79 Gb Total Space | 94.39 Gb Free Space | 84.44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: X935

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3044861070-3496676187-97246136-1005\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"6100:UDP" = 6100:UDP:*:Enabled:MaxiVista Demo Viewer

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found

"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found

"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found

"C:\Documents and Settings\Admin\Desktop\bgb\bgb.exe" = C:\Documents and Settings\Admin\Desktop\bgb\bgb.exe:*:Enabled:bgb -- File not found

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc -- (Intel Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)

"C:\Documents and Settings\Admin\Desktop\Game\Battlegrounds.exe" = C:\Documents and Settings\Admin\Desktop\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds -- (LucasArts Entertainment Company LLC)

"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility

"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA

"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform

"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"Ad-Aware" = Ad-Aware

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Empires 2.0" = Microsoft Age of Empires II

"avast!" = avast! Antivirus

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Google Chrome" = Google Chrome

"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft Security Essentials" = Microsoft Security Essentials

"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)

"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool

"Power Saver" = TOSHIBA Power Saver

"ProInst" = Intel® PROSet/Wireless Software

"PROSet" = Intel® PRO Network Connections Drivers

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer Basic

"SpeedFan" = SpeedFan (remove only)

"SpywareBlaster_is1" = SpywareBlaster 4.2

"Starcraft" = Starcraft

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Game Console" = TOSHIBA Game Console

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73

"Veoh Web Player Beta" = Veoh Web Player

"ViewpointMediaPlayer" = Viewpoint Media Player

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 1.0.3

"WildTangent CDA" = WildTangent Web Driver

"WildTangent wildgames Master Uninstall" = WildGames

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR archiver

"WT004722" = Bejeweled 2 Deluxe

"WT004723" = Blasterball 2 Revolution

"WT004725" = SCRABBLE

"WT004829" = Polar Golfer

"WT006066" = FATE

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/5/2010 1:08:52 AM | Computer Name = X935 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 3/5/2010 2:11:57 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P2 2.1.6519.0, P3 timeout, P4 0.0.0.0, P5 local, P6 unspecified, P7 unspecified,

P8 NIL, P9 NIL, P10 NIL.

Error - 3/5/2010 2:12:19 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified,

P8 NIL, P9 NIL, P10 NIL.

Error - 3/5/2010 2:12:20 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified,

P8 NIL, P9 NIL, P10 NIL.

Error - 3/5/2010 2:12:22 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified,

P8 NIL, P9 NIL, P10 NIL.

Error - 3/5/2010 2:12:23 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P2 2.1.6519.0, P3 passthrough, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified,

P8 NIL, P9 NIL, P10 NIL.

Error - 3/5/2010 2:12:24 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile,

P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/5/2010 4:30:35 AM | Computer Name = X935 | Source = Application Error | ID = 1000

Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module

kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Error - 3/5/2010 11:34:31 PM | Computer Name = X935 | Source = Application Hang | ID = 1002

Description = Hanging application msseces.exe, version 1.0.1961.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2010 12:19:31 AM | Computer Name = X935 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P2 2.1.6519.0, P3 timeout, P4 1.1.5502.0, P5 local, P6 unspecified, P7 unspecified,

P8 NIL, P9 NIL, P10 NIL.

[ System Events ]

Error - 3/6/2010 12:52:11 AM | Computer Name = X935 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/6/2010 12:52:19 AM | Computer Name = X935 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001

Description = The DHCP Client service depends on the NetBios over Tcpip service

which failed to start because of the following error: %%31

Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 3/6/2010 12:52:52 AM | Computer Name = X935 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 AFD aswSP aswTdi ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd

Rdbss

Tcpip

Error - 3/6/2010 12:55:44 AM | Computer Name = X935 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/6/2010 12:56:51 AM | Computer Name = X935 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

Error - 3/6/2010 12:56:51 AM | Computer Name = X935 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

< End of report >

OTL logfile created on: 3/5/2010 8:58:48 PM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Admin\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.79 Gb Total Space | 94.39 Gb Free Space | 84.44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: X935

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 19:38:16 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/12/08 21:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

PRC - [2009/11/24 15:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/06/17 03:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

PRC - [2006/01/05 14:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe

PRC - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

PRC - [2005/12/16 00:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe

PRC - [2005/12/05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2005/11/30 12:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

PRC - [2005/11/28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2005/11/28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/10/06 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005/08/16 11:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

PRC - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

PRC - [2005/05/31 21:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe

PRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2005/04/26 16:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2005/03/17 17:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe

PRC - [2005/03/11 15:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe

PRC - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2004/12/30 00:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/05 19:38:16 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

MOD - [2004/08/10 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2002/03/03 04:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)

SRV - [2010/03/04 22:19:43 | 001,229,232 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/11/24 15:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009/11/24 15:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009/11/24 15:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009/11/24 15:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2005/12/20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2010/02/04 07:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/12/17 14:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2009/11/24 15:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009/11/24 15:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009/11/24 15:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/11/24 15:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009/11/24 15:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009/11/24 15:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)

DRV - [2006/09/24 05:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2006/02/16 01:56:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2005/12/16 00:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2005/12/09 16:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/12/04 09:55:30 | 001,428,096 | ---- | M] (Intel

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-03-06.01 - Admin 03/06/2010 15:02:28.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1456 [GMT -8:00]

Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100306-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-3868997124-911790988-508925577-500

c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :P

.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))

.

2010-03-06 08:03 . 2010-03-06 08:03 -------- d-----w- c:\program files\Common Files\Java

2010-03-06 08:03 . 2010-03-06 08:03 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56eaef87-n\decora-sse.dll

2010-03-06 08:03 . 2010-03-06 08:03 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\msvcp71.dll

2010-03-06 08:03 . 2010-03-06 08:03 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\jmc.dll

2010-03-06 08:03 . 2010-03-06 08:03 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652014e9-n\msvcr71.dll

2010-03-06 08:03 . 2010-03-06 08:03 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56eaef87-n\decora-d3d.dll

2010-03-06 05:07 . 2010-03-06 05:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth

2010-03-06 05:07 . 2010-03-06 05:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-03-05 06:47 . 2010-03-05 06:20 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-05 05:08 . 2010-03-05 05:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-05 05:08 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-03-05 05:05 . 2010-03-05 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-03-05 05:05 . 2010-03-05 05:08 -------- d-----w- c:\program files\Lavasoft

2010-03-05 04:57 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-03-05 04:35 . 2010-03-05 04:36 -------- d-----w- c:\program files\SpeedFan

2010-03-05 04:33 . 2010-03-05 04:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Identities

2010-03-05 04:32 . 2010-03-05 04:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-05 03:23 . 2010-03-05 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-05 03:23 . 2010-03-05 03:24 -------- d-----w- c:\program files\SpywareBlaster

2010-03-05 03:15 . 2010-03-05 03:15 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-03-05 03:15 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-05 03:15 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-02-28 06:46 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-02-28 06:46 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-02-28 06:46 . 2001-08-17 22:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-02-28 06:46 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-02-28 06:46 . 2004-08-04 07:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-02-28 06:46 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-02-26 18:05 . 2010-02-28 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-26 18:05 . 2010-02-26 18:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-02-22 09:57 . 2010-02-22 09:57 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-02-19 09:00 . 2010-02-19 09:00 -------- d-s---w- c:\documents and settings\Admin\UserData

2010-02-19 01:03 . 2010-02-19 01:05 967 ----a-w- c:\windows\ScUnin.pif

2010-02-19 01:03 . 2010-02-19 01:05 32930 ----a-w- c:\windows\scunin.dat

2010-02-19 01:03 . 2010-02-19 01:05 94208 ----a-w- c:\windows\ScUnin.exe

2010-02-19 01:03 . 2010-02-28 06:25 -------- d-----w- c:\program files\Starcraft

2010-02-19 00:26 . 2010-02-19 00:26 -------- d-----w- c:\program files\Elaborate Bytes

2010-02-18 04:52 . 2010-02-18 04:52 -------- d-----w- c:\windows\system32\Adobe

2010-02-12 05:01 . 2010-02-22 09:41 -------- d-----w- c:\program files\MaxiVista Demo Viewer

2010-02-06 06:05 . 2010-02-06 06:05 -------- d-----w- c:\program files\Microsoft Games

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-06 08:05 . 2010-01-16 19:33 69 ----a-w- c:\documents and settings\Admin\jagex_runescape_preferences2.dat

2010-03-06 08:05 . 2010-01-16 19:29 41 ----a-w- c:\documents and settings\Admin\jagex_runescape_preferences.dat

2010-03-06 08:03 . 2010-01-16 19:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-06 08:03 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java

2010-03-06 06:24 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-03-05 06:31 . 2010-01-27 00:32 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc

2010-03-05 06:19 . 2010-03-05 05:09 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-03-05 06:19 . 2010-03-05 05:09 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-03-05 06:19 . 2010-03-05 05:09 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-03-05 06:19 . 2010-03-05 05:09 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-03-05 06:19 . 2010-03-05 05:09 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-03-05 06:19 . 2010-03-05 05:09 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-03-05 06:18 . 2006-02-18 15:00 -------- d-----w- c:\program files\GemMaster

2010-03-05 06:13 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime

2010-03-05 04:54 . 2010-01-30 06:31 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-05 04:49 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works

2010-02-26 03:16 . 2010-01-28 04:21 1 ----a-w- c:\documents and settings\Admin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-02-23 08:31 . 2006-02-16 16:59 41384 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-04 15:53 . 2010-03-05 05:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-04 08:59 . 2010-02-04 08:59 143872 ------w- c:\windows\system32\iacenc.dll

2010-02-04 07:27 . 2010-02-04 07:27 56832 ------w- c:\windows\system32\iyvu9_32.dll

2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-30 06:32 . 2010-01-30 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-30 06:31 . 2010-01-30 06:28 -------- d-----w- c:\program files\MSN Toolbar Installer

2010-01-30 06:31 . 2010-01-30 06:31 -------- d-----w- c:\program files\Microsoft

2010-01-30 06:31 . 2010-01-30 06:31 -------- d-----w- c:\program files\MSN Toolbar

2010-01-28 04:20 . 2010-01-28 04:20 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org

2010-01-28 04:17 . 2010-01-28 04:17 -------- d-----w- c:\program files\JRE

2010-01-28 04:17 . 2010-01-28 04:17 -------- d-----w- c:\program files\OpenOffice.org 3

2010-01-27 23:27 . 2010-01-27 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2010-01-27 23:21 . 2010-01-27 23:19 -------- d-----w- c:\program files\WildGames

2010-01-27 00:31 . 2010-01-27 00:31 -------- d-----w- c:\program files\VideoLAN

2010-01-26 23:52 . 2010-01-26 23:51 -------- d-----w- c:\program files\DivX

2010-01-26 23:51 . 2010-01-26 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-01-25 08:28 . 2010-01-25 08:28 -------- d-----w- c:\program files\Veoh Networks

2010-01-15 11:33 . 2006-02-15 15:37 87931 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-01-09 07:37 . 2010-01-08 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-01-08 19:26 . 2006-02-16 09:55 -------- d-----w- c:\program files\Pure Networks

2010-01-08 19:26 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL

2010-01-08 18:49 . 2010-01-08 18:49 -------- d-----w- c:\program files\MSXML 4.0

2010-01-08 06:14 . 2010-01-08 06:13 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-01-08 06:04 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google

2010-01-08 06:02 . 2010-01-08 06:02 -------- d-----w- c:\program files\Alwil Software

2010-01-08 05:44 . 2006-02-15 16:25 -------- d-----w- c:\program files\TOSHIBA

2010-01-08 05:43 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com

2010-01-08 05:41 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2010-01-08 05:40 . 2010-01-08 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\AOL

2010-01-08 05:40 . 2006-02-16 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL

2010-01-08 05:29 . 2010-01-08 05:29 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-01-08 05:28 . 2010-01-08 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel

2010-01-08 05:28 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel

2010-01-08 05:28 . 2010-01-08 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Intel

2010-01-08 05:28 . 2010-01-08 05:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel

2010-01-08 05:15 . 2010-01-08 05:15 -------- d-----w- c:\program files\AVerMedia

2010-01-08 05:15 . 2010-01-08 05:30 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

2010-01-08 05:15 . 2010-01-08 05:15 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

2010-01-08 05:15 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-08 05:15 . 2010-01-08 05:15 -------- d-----w- c:\program files\Common Files\InterVideo

2010-01-08 05:14 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo

2010-01-08 00:07 . 2010-01-30 06:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2010-01-30 06:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 16:14 . 2006-02-15 14:04 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:35 . 2006-02-15 14:04 668672 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:35 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2009-12-16 12:58 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:35 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 18:11 . 2006-02-15 14:03 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 17:35 . 2004-08-03 22:59 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-03-11 73728]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Documents and Settings\\Admin\\Desktop\\Game\\Battlegrounds.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6100:UDP"= 6100:UDP:MaxiVista Demo Viewer

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/4/2010 9:09 PM 64288]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/7/2010 10:02 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2010 10:02 PM 20560]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 10:02 PM 133104]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 7:52 AM 1229232]

.

Contents of the 'Scheduled Tasks' folder

2010-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 06:19]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:02]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:02]

2010-03-06 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02]

2010-01-08 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 12:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.toshibadirect.com/dpdstart

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\svh7qyzu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.qj.net/psp.html

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3608)

c:\windows\system32\TDispVol.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\dllhost.exe

c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

c:\windows\system32\TDispVol.exe

c:\windows\eHome\ehmsas.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\TPSMain.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\windows\system32\TPSBattM.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2010-03-06 16:41:44 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-07 00:41

Pre-Run: 100,981,739,520 bytes free

Post-Run: 101,545,816,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F2F1F52EC43F3897BC4662D78F7A8D32

Link to post
Share on other sites

Hello , That took out quite some stuff, however, please consider the following information first...

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please launch MBAM and update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include the following:

  • MBAM log

Link to post
Share on other sites

Oh wow. looks like I did a real good job in getting a nasty. I have no problems with reformatting my computer if its the fastest and safest route. Its been reformatted recently so there isnt anything important on here i need to worry about. here the MBAM log

Malwarebytes' Anti-Malware 1.44

Database version: 3831

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/7/2010 12:23:31 AM

mbam-log-2010-03-07 (00-23-31).txt

Scan type: Full Scan (C:\|)

Objects scanned: 197718

Time elapsed: 28 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello again,

Its not that the computer cannot be cleaned. Most nasty malware is already gone. However, the rootkit you had, leaves your computer with a backdoor, this is a security vulnerability that might or might not be exploited by future threats.

Please let me know how you wish to continue :P

Link to post
Share on other sites

You are welcome. I will request this topic to be closed.

Below I will list some general information you might find of interest.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).

Some more links you might find of interest:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.