Jump to content

May have a virus


Recommended Posts

Occasionally when I start up my laptop and enter my password on the profile screen, it takes me to a basic set-up with standard wallpaper and all my files bar firefox, IE and a few other icons have disappeared. If I go to the start menu all the programs installed on my machine are still there and if I do a search, I can find all the files. This problem goes away if I do a system restore and tends to happen after I update my virus software (Kaspersky) or after a windows updae it seems to happen a lot.

Today I tried to run Malwarebytes quick and full scan but it stopped for some reason, the quick scan stopped after 6-8 minutes and the full scan after 1 hour and 45 minutes (give or take).

Any recommendations? What should I run next and post and I can't post a Malwarebytes scan (I did the renaming trick too).

This has been a bit of an on-going problem but it's got worse recently. I have previously run my Kaspersky scan and Malwaregytes and they both have never picked up anything nasty at all.

Thanks

Link to post
Share on other sites

Occasionally when I start up my laptop and enter my password on the profile screen, it takes me to a basic set-up with standard wallpaper and all my files bar firefox, IE and a few other icons have disappeared. If I go to the start menu all the programs installed on my machine are still there and if I do a search, I can find all the files. This problem goes away if I do a system restore and tends to happen after I update my virus software (Kaspersky) or after a windows updae it seems to happen a lot.

Today I tried to run Malwarebytes quick and full scan but it stopped for some reason, the quick scan stopped after 6-8 minutes and the full scan after 1 hour and 45 minutes (give or take).

Any recommendations? What should I run next and post and I can't post a Malwarebytes scan (I did the renaming trick too).

This has been a bit of an on-going problem but it's got worse recently. I have previously run my Kaspersky scan and Malwaregytes and they both have never picked up anything nasty at all.

Thanks

I've read the what to do thread and I'll do all that tonight and try post the results later. Re-installed MWB but it always says it encountered a problem and has to stop.

Link to post
Share on other sites

I've read the what to do thread and I'll do all that tonight and try post the results later. Re-installed MWB but it always says it encountered a problem and has to stop.

OK, I've tried MWB again, definitely not running through. I have Super Anit Spyware installed as well and that won't start up. When I try a full scan with Kaspersky, the laptop shuts down after about 5 minutes into the scan. I tried to open the computer in safe mode and it won't let me. A blue screen comes up with an error warning and says the process has been stopped for the laptop's safety, that can't be good.

I am about to try the defogger and the other thing recommended in the try first thread.

Link to post
Share on other sites

Here are the two logs. I tried to run GMER Rootkit scanner but the computer crashed!!

"Windows has been shut down to protect your computer etcetc"

STOP 0x00000003 (0x00000003, 0x82C6FB98, 0x82C6FD06, 0x805FB146)

They were the codes I saw.

Log Files of DDS

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/24/2007 3:44:04 AM

System Uptime: 8/19/2010 8:21:39 PM (0 hours ago)

Motherboard: TOSHIBA | | Satellite L100

Processor: Genuine Intel® CPU T1350 @ 1.86GHz | U2E1 | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 7.355 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP595: 5/17/2010 8:21:42 AM - System Checkpoint

RP596: 5/21/2010 8:34:22 AM - System Checkpoint

RP597: 5/22/2010 7:52:42 PM - System Checkpoint

RP598: 5/27/2010 10:51:12 PM - System Checkpoint

RP599: 5/28/2010 12:22:37 AM - Software Distribution Service 3.0

RP600: 5/29/2010 8:59:09 AM - System Checkpoint

RP601: 6/1/2010 9:50:48 PM - System Checkpoint

RP602: 6/2/2010 10:23:24 PM - System Checkpoint

RP603: 6/4/2010 9:02:02 AM - System Checkpoint

RP604: 6/5/2010 8:32:35 AM - Software Distribution Service 3.0

RP605: 6/7/2010 1:25:33 PM - System Checkpoint

RP606: 6/9/2010 8:11:57 AM - Software Distribution Service 3.0

RP607: 6/10/2010 10:37:57 PM - System Checkpoint

RP608: 6/14/2010 9:13:12 PM - System Checkpoint

RP609: 6/15/2010 11:44:47 PM - System Checkpoint

RP610: 6/17/2010 9:49:14 PM - Software Distribution Service 3.0

RP611: 6/21/2010 12:47:54 PM - System Checkpoint

RP612: 6/23/2010 9:36:21 PM - System Checkpoint

RP613: 6/23/2010 9:57:33 PM - Software Distribution Service 3.0

RP614: 6/26/2010 8:21:52 PM - System Checkpoint

RP615: 6/27/2010 9:32:22 PM - System Checkpoint

RP616: 6/29/2010 9:03:19 PM - System Checkpoint

RP617: 7/1/2010 11:35:06 PM - System Checkpoint

RP618: 7/5/2010 9:23:51 PM - System Checkpoint

RP619: 7/11/2010 9:39:32 AM - System Checkpoint

RP620: 7/12/2010 3:07:22 PM - Installed QuickTime

RP621: 7/14/2010 12:48:21 PM - System Checkpoint

RP622: 7/15/2010 7:38:19 AM - Software Distribution Service 3.0

RP623: 7/15/2010 9:49:39 PM - Restore Operation

RP624: 7/16/2010 9:37:40 PM - Software Distribution Service 3.0

RP625: 7/17/2010 10:49:18 PM - Configured VeohTV BETA

RP626: 7/21/2010 8:20:29 AM - System Checkpoint

RP627: 7/22/2010 11:24:21 PM - System Checkpoint

RP628: 7/25/2010 9:52:44 PM - System Checkpoint

RP629: 7/29/2010 10:39:46 PM - Installed iTunes

RP630: 7/31/2010 9:25:08 PM - System Checkpoint

RP631: 8/2/2010 9:04:15 PM - System Checkpoint

RP632: 8/3/2010 9:37:29 PM - Software Distribution Service 3.0

RP633: 8/8/2010 5:48:14 PM - System Checkpoint

RP634: 8/9/2010 7:15:02 PM - System Checkpoint

RP635: 8/11/2010 9:16:45 PM - Software Distribution Service 3.0

RP636: 8/12/2010 7:46:47 AM - Software Distribution Service 3.0

RP637: 8/13/2010 11:43:27 AM - System Checkpoint

RP638: 8/14/2010 7:29:06 PM - System Checkpoint

RP639: 8/16/2010 7:38:24 PM - System Checkpoint

RP640: 8/17/2010 7:58:52 AM - Restore Operation

RP641: 8/19/2010 7:20:10 AM - Restore Operation

RP642: 8/19/2010 9:22:57 AM - Restore Operation

RP643: 8/19/2010 8:39:17 PM - Installed Java 6 Update 21

==== Installed Programs ======================

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

Adobe Reader Japanese Fonts

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

AviSynth 2.5

Bonjour

BUFFALO Disk Manager

BUFFALO eco????? for HD

BUFFALO INC. DISK FORMATTER

BUFFALO SecureLock +Guard

BUFFALO TurboUSB for FLASH/HDD

CANON iMAGE GATEWAY ?????? MP610

Canon MP Navigator EX 1.0

Canon MP610 series

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

Canon ?? ????

CCleaner

CD/DVD Drive Acoustic Silencer

CMS-V19

Conexant HD Audio

Critical Update for Windows Media Player 11 (KB959772)

Defraggler

DigiBookBrowser Version 0.8.3.0

DigiBookTools

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DVD-RAM Driver

FINALDATA2007 ????? ???

Google Chrome

Google Desktop

HDAUDIO Soft Data Fax Modem with SmartCP

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImageMixer 3 SE Ver.3

iMi?????

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD Creator 2

InterVideo WinDVD for TOSHIBA

iTunes

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 2

Java 6 Update 21

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Junk Mail filter update

Kaspersky Internet Security 2010

Kaspersky Online Scanner

LiveUpdate 2.6 (Symantec Corporation)

Malwarebytes' Anti-Malware

mCore

mDrWiFi

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Professional

Microsoft Office OneNote 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows Application Compatibility Database

mIWA

mLogView

mMHouse

MobileMe Control Panel

Mozilla Firefox (3.5.11)

mPfMgr

mPfWiz

mProSafe

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

mZConfig

OneCare Advisor (Windows Live Toolbar)

OpenOffice.org Installer 1.0

PC Tune-Up

Popup Blocker (Windows Live Toolbar)

Qkbfiltr

QuickTime

RealPlayer

REALTEK Gigabit and Fast Ethernet NIC Driver

Safari

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

Skype web features

Skype? 4.1

Smart Menus (Windows Live Toolbar)

Sonic DLA

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

TeLL me More CJ

TOSHIBA Assist

TOSHIBA ConfigFree

Toshiba Hotkey Utility

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

Toshiba Touchpad Utility

Toshiba Utility

TOSHIBA Zooming Utility

Touch and Launch

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VideoLAN VLC media player 0.8.6b

Videora iPod Converter 5.03

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Favorites for Windows Live Toolbar

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

YouTube Downloader App 2.03

????????Lite

?????????

?????????PLUS

?????????

????CD????????? for Canon

????????????

????Lite

==== Event Viewer Messages From Past Week ========

8/19/2010 8:52:05 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.

8/15/2010 9:56:02 AM, error: Service Control Manager [7022] - The Kaspersky Internet Security service hung on starting.

8/15/2010 10:03:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

8/14/2010 9:20:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

8/14/2010 8:39:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

8/13/2010 12:01:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

8/12/2010 4:39:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001636C103EC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

8/12/2010 12:38:01 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86

Run by inadmin at 20:43:13.15 on 08/19/2010 Thu

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.502.211 [GMT 9:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\NTTW\FletsConnectionTool\fct.exe

C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\conime.exe

C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\inadmin\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.jp/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://pc.support.global.toshiba.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

uRun: [Google Update] "c:\documents and settings\inadmin\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [smoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en

mRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe"

mRun: [TPSMain] TPSMain.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC

mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC

mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [FCTICoUpd] c:\progra~1\nttw\fletsc~1\icoupd.exe

mRun: [CheckPoint Cleanup] c:\docume~1\inadmin\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\inadmin\locals~1\temp\cpes_clean.exe -restarted -s -noreboot

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mExplorerRun: [FCTLoginWatcher] c:\progra~1\nttw\fletsc~1\FCToolW.exe -init -run

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.3\CameraMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {287C8635-2B41-11D2-8769-00000E4E0AD6} - hxxp://www.kitapri.net/pu2/inst/BFup.CAB

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175758081656

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175758072781

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab

TCP: {D0CB6AC6-5359-4E3A-A5C5-55EA361D84F5} = 221.113.139.147 202.234.233.211

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: fwMDialer - MultiDialerMain.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dl c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\inadmin\applic~1\mozilla\firefox\profiles\5krapx2z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - bbc.co.uk

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - component: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\documents and settings\inadmin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\tvuplayer\npTVUAx.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-7-4 296976]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 311680]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-28 54752]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]

S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-6-8 17152]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-8 30192]

S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-19 38224]

S3 PAC7311;CMS-V19;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2010-08-19 11:18:37 0 ----a-w- c:\documents and settings\inadmin\defogger_reenable

2010-08-19 07:50:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 07:50:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-19 00:22:24 0 d-----w- c:\windows\system32\wbem\Repository

2010-08-19 00:18:54 0 d-----w- c:\windows\system32\wbem\Repository.tmp

2010-08-09 11:28:42 0 d-----w- c:\docume~1\inadmin\applic~1\Azureus

2010-08-09 11:24:14 0 d-----w- c:\program files\Conduit

2010-07-29 13:55:22 0 d-----w- c:\program files\iPod

2010-07-29 13:54:57 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-29 13:54:56 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-07-30 12:40:39 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-07-30 12:40:39 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-07-16 20:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2008-09-18 23:20:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

2009-07-04 00:20:51 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

============= FINISH: 20:44:58.15 ===============

Link to post
Share on other sites

Hello ,

And ;) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

OTL logfile created on: 8/20/2010 11:22:32 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\inadmin\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

Here you go. The OTL scan

502.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 41.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 7.18 Gb Free Space | 12.85% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CWIIANC

Current User Name: inadmin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 23:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inadmin\My Documents\Downloads\OTL.exe

PRC - [2010/07/31 09:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/03/18 21:51:23 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

PRC - [2009/09/19 23:52:48 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2008/09/16 17:52:18 | 001,209,776 | ---- | M] (???????????) -- C:\Program Files\NTTW\FletsConnectionTool\fct.exe

PRC - [2008/04/28 15:49:36 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe

PRC - [2008/04/14 09:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/04 10:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2006/01/28 07:13:58 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe

PRC - [2005/12/17 02:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe

PRC - [2005/12/06 15:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

PRC - [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2005/11/28 23:55:50 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe

PRC - [2005/11/28 13:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/10/06 22:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005/06/01 14:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe

PRC - [2005/06/01 13:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2005/04/27 09:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2005/01/18 02:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe

PRC - [2004/12/30 17:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2004/08/28 10:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

PRC - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

========== Modules (SafeList) ==========

MOD - [2010/08/20 23:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inadmin\My Documents\Downloads\OTL.exe

MOD - [2008/04/14 09:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/19 07:46:20 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)

SRV - [2010/08/05 06:28:43 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2005/01/18 02:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)

SRV - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/07/10 21:37:39 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2009/07/10 21:37:39 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2009/05/16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009/05/13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2008/12/15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)

DRV - [2008/12/04 13:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2008/12/04 13:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/12/04 13:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2008/04/14 01:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/02/12 10:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)

DRV - [2007/12/06 10:56:18 | 000,042,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPPoEWin.SYS -- (PPPoEWin)

DRV - [2006/01/13 09:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)

DRV - [2005/12/30 00:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2005/12/17 02:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2005/12/05 11:55:30 | 001,428,096 | ---- | M] (Intel

Link to post
Share on other sites

Hello again, for the time being, please do not do a system restore, as to not to confuse things. If you have a problem, just report it here. ;)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-08-19.02 - inadmin 1/2010 Sat 9:03.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.502.200 [GMT 9:00]

Running from: c:\documents and settings\inadmin\My Documents\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\inadmin\Application Data\MSA

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\Temp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))

.

2010-08-19 07:50 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 07:50 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-19 00:22 . 2010-08-19 00:22 -------- d-----w- c:\windows\system32\wbem\Repository

2010-08-19 00:18 . 2010-08-19 00:18 -------- d-----w- c:\windows\system32\wbem\Repository.tmp

2010-08-18 22:10 . 2010-08-18 22:10 -------- d-----w- c:\documents and settings\TEMP.CWIIANC.009\IETldCache

2010-08-18 21:59 . 2010-08-19 00:19 -------- d-s---w- c:\documents and settings\TEMP.CWIIANC.009

2010-08-16 22:45 . 2010-08-19 00:18 -------- d-----w- c:\documents and settings\TEMP.CWIIANC.008\Local Settings\Application Data\Microsoft

2010-08-16 22:39 . 2010-08-19 00:19 -------- d-s---w- c:\documents and settings\TEMP.CWIIANC.008

2010-08-09 11:28 . 2010-08-19 07:33 -------- d-----w- c:\documents and settings\inadmin\Application Data\Azureus

2010-08-09 11:24 . 2010-08-09 11:24 -------- d-----w- c:\documents and settings\inadmin\Local Settings\Application Data\Conduit

2010-08-09 11:24 . 2010-08-09 11:24 -------- d-----w- c:\program files\Conduit

2010-07-29 13:55 . 2010-07-29 13:55 -------- d-----w- c:\program files\iPod

2010-07-29 13:54 . 2010-07-29 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-29 13:54 . 2010-07-29 14:14 -------- d-----w- c:\program files\iTunes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-20 23:47 . 2007-11-04 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-08-19 11:40 . 2010-08-19 11:40 503808 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\msvcp71.dll

2010-08-19 11:40 . 2010-08-19 11:40 499712 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\jmc.dll

2010-08-19 11:40 . 2010-08-19 11:40 61440 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21e058a1-n\decora-sse.dll

2010-08-19 11:40 . 2010-08-19 11:40 348160 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\msvcr71.dll

2010-08-19 11:40 . 2010-08-19 11:40 12800 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21e058a1-n\decora-d3d.dll

2010-08-19 11:40 . 2006-02-06 21:36 -------- d-----w- c:\program files\Java

2010-08-19 11:08 . 2007-11-03 12:16 -------- d-----w- c:\program files\TVAnts

2010-08-19 11:05 . 2008-11-06 12:28 -------- d-----w- c:\program files\uTorrent

2010-08-19 11:04 . 2007-05-04 02:09 -------- d-----w- c:\documents and settings\inadmin\Application Data\uTorrent

2010-08-19 09:54 . 2009-01-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-18 22:46 . 2010-08-18 22:46 303376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\avp.exe

2010-08-18 22:46 . 2010-08-18 22:46 166416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\prloader.dll

2010-08-18 22:45 . 2010-08-18 22:45 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll

2010-08-18 22:45 . 2010-08-18 22:45 311680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe

2010-08-09 12:40 . 2010-08-09 12:39 4177856 ----a-w- c:\documents and settings\inadmin\Application Data\Azureus\plugins\azemp\vuzeplayer.exe

2010-08-09 11:31 . 2010-08-09 11:31 310208 ----a-w- c:\documents and settings\inadmin\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe

2010-08-06 03:29 . 2007-04-05 17:10 -------- d-----w- c:\program files\CCleaner

2010-07-30 12:40 . 2009-07-04 00:15 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-07-30 12:40 . 2009-07-04 00:15 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-07-29 13:55 . 2008-02-06 15:56 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 14:36 . 2007-04-15 12:00 -------- d-----w- c:\documents and settings\inadmin\Application Data\Skype

2010-07-26 10:01 . 2009-07-26 10:31 -------- d-----w- c:\documents and settings\inadmin\Application Data\skypePM

2010-07-21 07:30 . 2010-07-21 07:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-17 13:54 . 2007-12-23 08:00 -------- d-----w- c:\program files\Free Internet Window Washer

2010-07-17 13:51 . 2006-02-06 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-17 13:44 . 2007-04-20 15:18 -------- d-----w- c:\program files\Yahoo!

2010-07-16 20:00 . 2010-04-19 12:55 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-15 12:52 . 2010-07-15 12:52 -------- d-----w- c:\program files\QuickTime

2010-07-15 12:52 . 2010-07-12 06:13 -------- d-----w- c:\program files\QuickTime(2)

2010-07-06 14:21 . 2010-03-28 22:22 439816 ----a-w- c:\documents and settings\inadmin\Application Data\Real\Update\setup3.10\setup.exe

2010-06-30 12:31 . 2006-02-06 12:57 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2006-02-06 12:57 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2006-02-06 12:57 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2006-02-06 12:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-19 11:42 . 2010-06-19 11:42 5642000 ----a-w- c:\documents and settings\inadmin\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.5.3.1.exe

2010-06-17 14:03 . 2006-02-06 12:57 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-15 13:16 . 2010-06-15 13:16 129624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll

2010-06-14 14:31 . 2006-02-06 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2006-02-06 12:57 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-08-04 21:28 . 2007-05-07 23:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-07-04 00:20 . 2009-07-04 00:20 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"Google Update"="c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]

"FCTICoUpd"="c:\progra~1\NTTW\FLETSC~1\icoupd.exe" [2007-12-14 83376]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"FCTLoginWatcher"="c:\progra~1\NTTW\FLETSC~1\FCToolW.exe" [2008-08-26 697776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

ImageMixer 3 SE Camera Monitor Ver.3.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2009-10-10 253952]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 05:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwMDialer]

2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\inadmin\\Desktop\\Programs\\utorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [6/8/2009 9:38 PM 17152]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/8/2007 8:25 AM 30192]

S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/19/2010 4:50 PM 38224]

S3 PAC7311;CMS-V19;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 11:48 AM 154752]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]

.

Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507736718-1475498009-266197039-1006Core.job

- c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 07:30]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507736718-1475498009-266197039-1006UA.job

- c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 07:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.co.jp/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://pc.support.global.toshiba.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

TCP: {D0CB6AC6-5359-4E3A-A5C5-55EA361D84F5} = 221.113.139.147 202.234.233.211

DPF: {287C8635-2B41-11D2-8769-00000E4E0AD6} - hxxp://www.kitapri.net/pu2/inst/BFup.CAB

DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab

FF - ProfilePath - c:\documents and settings\inadmin\Application Data\Mozilla\Firefox\Profiles\5krapx2z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - bbc.co.uk

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-21 09:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\RemoteAccess\Profile\?0??0?0 *IQ?0?0?0?0 *?0??0?0?`1X?0?0?0]

"EnableAutodisconnect"=dword:00000000

"DisconnectIdleTime"=dword:00000014

"EnableExitDisconnect"=dword:00000000

"RedialAttempts"=dword:0000000a

"RedialWait"=dword:00000005

[HKEY_USERS\S-1-5-21-507736718-1475498009-266197039-1006\RemoteAccess\Profile\?0??0?0 *IQ?0?0?0?0 *?0??0?0?`1X?0?0?0]

"AutoConnect"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Classes\P*h*o*t*o*b*o*o*k* *D*e*s*i*g*n*e*r*??T\DefaultIcon]

@="c:\\Program Files\\KITAMURA\\PGW\\ChokkoubinEXv1.exe,0"

[HKEY_LOCAL_MACHINE\software\Classes\P*h*o*t*o*b*o*o*k* *D*e*s*i*g*n*e*r*??T\shell\open\command]

@="c:\\Program Files\\KITAMURA\\PGW\\ChokkoubinEXv1.exe \"%1\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\MultiDialerMain.dll

- - - - - - - > 'explorer.exe'(3180)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\conime.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\PAStiSvc.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\windows\system32\TPSMain.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\TPSBattM.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

.

**************************************************************************

.

Completion time: 2010-08-21 09:34:01 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-21 00:33

Pre-Run: 7,577,985,024 bytes free

Post-Run: 7,397,208,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3A4B18A7A1505EF5705729D0E64E9B43

Other than the problems I've already mentioned, my laptop won't let me re-install itunes either.

Do you still need the other scan, the GMER one? Please let me know and I'll do it later and paste the results. Couldn't do it last night as it was taking too long.

Thanks for all the help so far though

Link to post
Share on other sites

I'd like to fix this laptop but I might be resigned to buying a new one. I'll keep plugging away at it but my battery lasts 5 minutes at best, power supply unit has a dodgy connection and keeps stopping meaning I can't use the laptop and the disk drive is broken. This might be the straw that broke the camel's back.

Any idea what the problem might be?

Link to post
Share on other sites

That sounds to me as hardware problems and there's not really much we can do about it online. Someone should have a look at the battery connections and measure it to see how its power output is. Might be just a "lazy" battery, but its also possible something more is wrong.

As for the software problems, this sounds to me like a corrupted userprofile. You log in to an account named Dave, but in fact such an account doesn't exist, although it is possible the Inadmin account is in fact renamed.

I don't think this is anything malware-related, since you mention you have also other problems, it might be a hardware error.

If your computer remains on for longer periods, we can try to run the checkdisk utility to check for disk errors.

Link to post
Share on other sites

Yes the hardware problems are annoying but cheap to solve.

corrupt userprofile? That sounds a lot nice than malware related. Like I said, I"m pretty careful what I do online and Kasperky is very good at protecting the computer.

IF the power supply stays online, I"ll be online for around 4 more hours. How do I run a checkdisk utility for disk errors? How long does it take? cAn I use the laptop whilst it's running?

Link to post
Share on other sites

Yes the hardware problems are annoying but cheap to solve.

corrupt userprofile? That sounds a lot nice than malware related. Like I said, I"m pretty careful what I do online and Kasperky is very good at protecting the computer.

IF the power supply stays online, I"ll be online for around 4 more hours. How do I run a checkdisk utility for disk errors? How long does it take? cAn I use the laptop whilst it's running?

Sorry to add to the above, would a cprrupt userprofile cause Malwarebytes to stop halfway through and also cause my Kasperky full scanner to shut down my laptop? Also stop Superantiapyware from loading up?

Link to post
Share on other sites

Hi, a corrupt userprofile can have many causes, but if your scanners never picked up anything, I doubt that will be the cause (although, it is possible).

To run checkdisk, click Start > Run, type chkdsk /r and press enter. Type Y and press enter to schedule the scan for next reboot.

Restart the computer and let the disk check run unhindered. This may take some time (up to one hour, depending on how big your disk is).

Link to post
Share on other sites

Hi, a corrupt userprofile can have many causes, but if your scanners never picked up anything, I doubt that will be the cause (although, it is possible).

To run checkdisk, click Start > Run, type chkdsk /r and press enter. Type Y and press enter to schedule the scan for next reboot.

Restart the computer and let the disk check run unhindered. This may take some time (up to one hour, depending on how big your disk is).

I did the above and the disk check literally lasted all of 5 seconds.

This can be closed now anyways. Thanks a lot for your help. In the end I decided the hardware issues, CD drive broken, battery dead, power supply starting to have blue sparks coming out of it, warranted a new laptop. I have my Kaspersky installed and going to download MWB in a sec to stay safe

Thanks again

JJSS

Link to post
Share on other sites

  • Staff

Glad we could help. :P

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.