Jump to content

ZBot.gen!y


Recommended Posts

Hopefully, this is correct.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6832

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/10/2011 9:50:55 PM

mbam-log-2011-06-10 (21-50-55).txt

Scan type: Full scan (C:\|)

Objects scanned: 321055

Time elapsed: 1 hour(s), 32 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B9E2485F-083C-5696-2767-7609FCCC3CE2} (Trojan.Zbot) -> Value: {B9E2485F-083C-5696-2767-7609FCCC3CE2} -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\<me>\application data\Ybuz\code.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

c:\documents and settings\<me>\local settings\Temp\wzb520\mobilesyncbrowser.setup.win.exe (Spyware.Passwords.Gen) -> Quarantined and deleted successfully.

=======================================================

.

DDS (Ver_2011-06-11.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by xxx at 12:50:02 on 2011-06-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2992.1741 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\DSC\DLS Update Service\Service\DLSUpdateServiceHost.exe

C:\Program Files\DSC\DLS IV\DLSPRONETHost\DLSPRONETHost.exe

C:\Program Files\DSC\DLS IV\ASHost\Tyco.TSP.AppSecurity.AuthenticationWindowsServiceHost.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\DSC\DLS IV\MCPH\MCPH.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\DSC\DLS IV\CommsManagerHost\CommunicationManagerHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\00THotkey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\WINDOWS\system32\thpsrv.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSODDCtl.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\<me>\My Documents\Downloads\Programs\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.sorvive.com/loginmain.asp

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mDefault_Search_URL = hxxp://www.google.com

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\documents and settings\all users\application data\partner\Partner.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDE

uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [00THotkey] c:\windows\system32\00THotkey.exe

mRun: [000StTHK] 000StTHK.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service

mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon

mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [TOSDCR] TOSDCR.EXE

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [TFncKy] TFncKy.exe

mRun: [TFNF5] TFNF5.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [TPSODDCtl] TPSODDCtl.exe

mRun: [TPSMain] TPSMain.exe

mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~3.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

uPolicies-explorer: NoLogoff = 01000000

uPolicies-explorer: NoSMMyDocs = 01000000

uPolicies-explorer: NoSMMyPictures = 01000000

uPolicies-explorer: NoNetworkConnections = 01000000

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279009339421

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.67/codebase/DVM_IPCam2.ocx

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{9364C47F-8DF9-4212-A299-8C99FB2522A0} : DhcpNameServer = 68.87.75.198 68.87.64.150

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 29760]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-5-11 6528]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165264]

R1 MpKsl9bca0f81;MpKsl9bca0f81;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27060f3b-6e53-4ced-affb-74ee32a37175}\MpKsl9bca0f81.sys [2011-6-10 28752]

R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2010-6-22 5888]

R2 DLS Update Service;DSC Update Service;c:\program files\dsc\dls update service\service\DLSUpdateServiceHost.exe [2009-11-19 75264]

R2 DLSPRO Application Service;DSC Application Service;c:\program files\dsc\dls iv\dlspronethost\DLSPRONETHost.exe [2011-3-16 57344]

R2 DLSPRO Authentication Service;DSC Authentication Service;c:\program files\dsc\dls iv\ashost\Tyco.TSP.AppSecurity.AuthenticationWindowsServiceHost.exe [2011-3-16 90112]

R2 DLSPRO Communications Service;DSC Communications Service;c:\program files\dsc\dls iv\commsmanagerhost\CommunicationManagerHost.exe [2011-3-16 57344]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]

R2 MCPH;DSC MCPH Service;c:\program files\dsc\dls iv\mcph\MCPH.exe [2011-3-16 210432]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-1-12 196928]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-3-31 103792]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.198\ccSvcHst.exe [2010-3-31 126392]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-22 47104]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-22 48128]

R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-22 38400]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]

R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2010-6-22 126976]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-5-1 4992]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-22 2320920]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-6-22 160424]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-6-22 44800]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-22 132352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-10-13 57576]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-22 24064]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-22 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-5 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-2-5 677232]

S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2011-4-9 515803]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-22 1684736]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\atswpwdf.sys --> c:\windows\system32\drivers\ATSwpWDF.sys [?]

S3 EdgeSer;Edgeport Serial Port Driver for Windows 2000, XP & Server 2003;c:\windows\system32\drivers\edgeser.sys [2011-2-28 197906]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-10 39984]

S3 Partner Service;Partner Service;c:\documents and settings\all users\application data\partner\Partner.exe [2010-3-30 332272]

S3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\drivers\TEUSBMU.sys [2010-10-21 20992]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2010-3-30 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-11 02:21:50 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27060f3b-6e53-4ced-affb-74ee32a37175}\MpKsl9bca0f81.sys

2011-06-11 02:18:20 711728 ----a-w- c:\windows\isRS-000.tmp

2011-06-11 00:08:18 -------- d-----w- c:\documents and settings\<me>\application data\Malwarebytes

2011-06-11 00:08:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-11 00:08:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-11 00:08:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-11 00:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 22:07:16 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27060f3b-6e53-4ced-affb-74ee32a37175}\mpengine.dll

2011-06-07 23:43:32 -------- d-----w- c:\program files\iPod

2011-06-07 23:43:27 -------- d-----w- c:\program files\iTunes

2011-05-31 15:34:36 -------- d-----w- c:\documents and settings\<me>\application data\Ybuz

2011-05-31 15:34:36 -------- d-----w- c:\documents and settings\<me>\application data\Pize

2011-05-21 19:59:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-19 10:35:17 -------- d-----w- c:\documents and settings\<me>\local settings\application data\Garmin

2011-05-18 23:55:47 -------- d-----w- c:\program files\Unlocker

.

==================== Find3M ====================

.

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 12:51:06.98 ===============

==================================================================================================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-11.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/13/2010 3:59:15 AM

System Uptime: 6/10/2011 10:20:25 PM (14 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | rPGA988A Socket | 1172/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 216.321 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 6/10/2011 6:06:05 PM - System Checkpoint

RP2: 6/10/2011 6:07:14 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

1&1 EasyLogin

Add-ons

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4

Advanced IP Scanner v1.5

Advanced Network Diagramming

Advanced Network Diagramming Help

ALPS Touch Pad Driver

Amazon Links

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 2 Deluxe

Block Diagrams

Block Diagrams Help

Bluetooth Stack for Windows by Toshiba

Bonjour

Borders and Backgrounds

Borders and Backgrounds Help

Business Contact Manager for Outlook 2007 SP2

CAD Drawing Display

Callouts and Connectors

Callouts and Connectors Help

Canon i550

CanoScan 4400F

Chuzzle Deluxe

Clip Art and Symbols

Clip Art and Symbols Help

ClosetMaid v1.5.2

Cool Timer 3.6

Core FTP Pro 2.1

CraigsList Reader Pro by CraigsPal 4.5.3

Custom Properties Editor

Database Design

Database Design Help

Database Wizard

Developing Visio Solutions Help

Digital Camera

Directory Services

Directory Services Help

DirectX for Managed Code Update (Summer 2004)

DLS 2002

DLS 2002 North America

DLS 2002 PC5900 v1.0 Driver

DLS 2002 Skyroute v2.3-2.4 Driver

DLS IV (Installer Version)

DLS Update Service

DLS2002 2010 Event Buffer Fix Driver

DLS2002 LCD5500Z v3.1 Driver

DLS2002 PC1555 v3.2 Driver Pack

DLS2002 PC1555MX v2.3 Driver

DLS2002 PC1616 v4.1 Driver Pack

DLS2002 PC1616 v4.1CP-01 Driver Pack

DLS2002 PC1616 v4.2 Driver Pack

DLS2002 PC1616 v4.2CP01 Driver Pack

DLS2002 PC1832 v4.1 Driver Pack

DLS2002 PC1832 v4.1CP-01 Driver Pack

DLS2002 PC1832 v4.2 Driver Pack

DLS2002 PC1832 v4.2CP01 Driver Pack

DLS2002 PC1864 v4.1 Driver Pack

DLS2002 PC1864 v4.1CP-01 Driver Pack

DLS2002 PC1864 v4.2 Driver Pack

DLS2002 PC1864 v4.2CP01 Driver Pack

DLS2002 PC4020 v3.3 Driver

DLS2002 PC4020 v3.5 Driver

DLS2002 PC5010 v3.2 Driver Pack

DLS2002 PC5132-433 v4.2NA Driver

DLS2002 PC5950 v1.1 Driver Pack

DLS2002 PK5500 v1.1 Driver Pack

DLS2002 PK5500 v1.2 Driver Pack

DLS2002 PK55XX v1.0 Driver Pack

DLS2002 Practical Peripherals Support Driver

DLS2002 RF5108 v1.0 Driver

DLS2002 RF5132-433 v5.0NA Driver Pack

DLS2002 RF5501 v5.0 Driver

DLS2002 RFK5132 v5.1NA Driver Pack

DLS2002 RFK5132 v5.2 Driver Pack

DLS2002 RFK5132 v5.3 Driver Pack

DLS2002 SCW9045 v1.0 Driver Pack

DLS2002 SCW9047 v1.0 Driver Pack

DLS2002 SCW9047 v1.0CP-01 Driver Pack

DLS2002 Service Pack 2

DLS2002 Tlink II Driver

DLS2002 Web Update Add-In

Escape Rosecliff Island

FitDay PC version 2.0

Flowcharts

Flowcharts Help

Forms and Charts

Forms and Charts Help

Garmin City Navigator North America NT 2010.10

Garmin POI Loader

Garmin Training Center

Garmin USB Drivers

Garmin WebUpdater

Google Earth

Google SketchUp 8

Google Toolbar for Internet Explorer

Google Update Helper

Graphics Filters

Help for Visio 2000 (HTML Help)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Icatch(IV) Camera Driver

InstallVC90Support

Intel PROSet Wireless

Intel® Management Engine Components

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Internet Diagrams

Internet Diagrams Help

IP Camera

iTunes

Java 6 Update 14

Jewel Quest 3

Junk Mail filter update

KX-TA Maintenance Console

Lexmark Software Uninstall

LiveReg (Symantec Corporation)

LiveUpdate 1.6 (Symantec Corporation)

Logitech Harmony Remote Software 7

Malwarebytes' Anti-Malware version 1.51.0.1200

Maps

Maps Help

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Digital Image Pro 10

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visio 2000

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio Service Pack 3

MobileSyncBrowser 4.1.2

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser

NetObjects Fusion 11.0

Network Diagrams

Network Diagrams Help

Nitro PDF Professional

NVIDIA Drivers

O2Micro OZ776 SCR Driver

Office Layout

Office Layout Help

OGA Notifier 2.0.0048.0

Organization Charts

Organization Charts Help

Page Layout Wizard

Polar Bowler

PrimoPDF -- by Nitro PDF Software

Program Files

Program Files Help

Program Files Professional

Program Files Professional Help

Programmer for TA1232 - V1.00

Project Schedules

Project Schedules Help

Property Reporting Wizard

QuickBooks

Quickbooks Financial Center

QuickBooks Pro 2000

QuickBooks Pro 2011

QuickTime

Realtek High Definition Audio Driver

Release Notes

Release Notes Professional

Remote Control USB Driver

RICOH R5U230 Media Driver ver.2.08.03.03

Save as HTML

Seagate Manager Installer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975254)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Shape Explorer Help

Skype Launcher

SlingPlayer

Software Design

Software Design Help

Solutions

Sprint SmartView

Symantec pcAnywhere

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

TOSHIBA Application and Driver Installer

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Direct Disc Writer

TOSHIBA Disc Creator

TOSHIBA Display Devices Change Utility

TOSHIBA DVD PLAYER

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

TOSHIBA Hotkey Utility for Display Devices

TOSHIBA Internal Modem Region Select Utility

Toshiba Laptop Checkup

TOSHIBA Mobile Extension3

Toshiba Online Backup

TOSHIBA Password Utility

TOSHIBA PC Diagnostic Tool

TOSHIBA PC Health Monitor

TOSHIBA Power Saver

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA Security Assist

TOSHIBA Service Station

TOSHIBA Software Modem

TOSHIBA TouchPad On/Off Utility V2.5.1.0

TOSHIBA USB Sleep and Charge Utility

TOSHIBA Utilities

TOSHIBA Web Camera Application

TOSHIBA Zooming Utility

ToshibaRegistration

Tweak UI

Uninstall for TOSHIBA Mobile Extension3

Unlocker 1.9.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

VBA

Virtual Families

Virtual Villagers - The Secret City

Visio

Visio Core Files

WebFldrs XP

WildTangent Games

WildTangent ORB Game Console

Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

Windows Driver Package - Infineon Technologies AG (IFXTPM) System (12/14/2007 2.01.0001.00)

Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)

Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Format Runtime

Windows Media Player 10

Windows Rights Management Client with Service Pack 2

WinZip 11.1

Wireless Hotkey

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

6/8/2011 4:00:24 PM, error: Service Control Manager [7022] - The DSC Application Service service hung on starting.

6/6/2011 7:05:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde

6/6/2011 7:03:28 PM, error: Service Control Manager [7022] - The DSC Communications Service service hung on starting.

6/6/2011 7:01:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DSC Authentication Service service to connect.

6/6/2011 7:01:12 PM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/6/2011 7:01:12 PM, error: Service Control Manager [7000] - The DSC Authentication Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/10/2011 6:04:36 PM, error: Dhcp [1002] - The IP address lease 192.168.1.57 for the Network Card with network address 002314C124F0 has been denied by the DHCP server 192.168.1.200 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

=======================================================================================

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-06-11 14:57:23

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O

Running: seppvk0p.exe; Driver: C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\fwliqpog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\tos_sps32.sys section is writeable [0xB7C12480, 0x3C939, 0xE8000020]

.dsrt C:\WINDOWS\system32\drivers\tos_sps32.sys unknown last section [0xB7C53900, 0x3CA, 0x48000040]

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB735F380, 0x3E5D65, 0xE8000020]

? C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[752] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 024F1102 C:\Program Files\Unlocker\UnlockerHook.dll

.text C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE[4804] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

.text C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE[4804] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[86120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device B096DD20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 20204

Process hidden process (*** hidden *** ) 20584

Process hidden process (*** hidden *** ) 20836

Process hidden process (*** hidden *** ) 20852

Process hidden process (*** hidden *** ) 22136

Process hidden process (*** hidden *** ) 22340

Process hidden process (*** hidden *** ) 22564

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

Just to add:

Powerful protection. Advanced features.

Malwarebytes Anti-Malware PRO

Our flagship anti-malware application not only cleans up your computers but also provides automatic scanning, automatic updates and real-time protection. The malware threat database is constantly updated to safeguard your system from the latest threats. Just download, install and relax, knowing that Malwarebytes Anti-Malware PRO keeps vigilant guard over your system. Set it and forget it!

So what am I missing here?

Link to post
Share on other sites

  • Staff

Hi,

This Malwarebytes detection from your first post:

ZBot

ZBot is a family of remote access trojan (RAT), commonly referred to as a backdoor trojan.

Sure, we can delete the files and Registry components that we can see, but there's no telling what networks your computer has already been connected to, or whether it's already part of a botnet.

That is the danger of what I tried to explain earlier, and I hope this makes it more clear.

Like I said, the decision is up to you whether you would like to format or whether you would like us to clean what we can see. I highly recommend formatting your hard drive and reinstalling Windows, but again, the choice is yours.

Link to post
Share on other sites

Thanks. What you don't understand is that if I didn't post on this forum, I would have thought everything was good because your provram said so. I would bet that 90% of users are beung misled. That waw my point. I reformatted but I still paid for software that gives false info.

Link to post
Share on other sites

I guess this is my perspective. Imagine you take your car into a service center with a nail in your tire. The technician pulls the nail out and tells you you're good to go and you go to get in your car and the tire is flat. You go back the tech and say "what's the deal?" and he says "I don't understand what you mean.. I removed the nail from your tire. There's no telling what damage may have been done."

How would you feel?

Link to post
Share on other sites

I want to add that I'm not trying to be a prick here but if a user gets the sense that all is good from your product, all should be good and there shouldn't be the need to find this forum and post all the logs and what not to then find out that all is not good. I'm more comfortable now that I reformatted and installed your product when my system was clean but I have to assume, for most (like me), that's not going to be the case. People are going to find your product after they're infected.

Link to post
Share on other sites

  • Staff

I understand your concern and gave you a sufficient amount of information to be the most informed about what is going on. Criminals cannot remotely connect to your car tire. That's the difference.

I provide my recommendations to you about how to proceed forward. You can either take them or you can not take them.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.