T84A Posted June 11, 2011 ID:439703 Share Posted June 11, 2011 Hopefully, this is correct.Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6832Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/10/2011 9:50:55 PMmbam-log-2011-06-10 (21-50-55).txtScan type: Full scan (C:\|)Objects scanned: 321055Time elapsed: 1 hour(s), 32 minute(s), 43 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B9E2485F-083C-5696-2767-7609FCCC3CE2} (Trojan.Zbot) -> Value: {B9E2485F-083C-5696-2767-7609FCCC3CE2} -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\documents and settings\<me>\application data\Ybuz\code.exe (Trojan.Zbot) -> Quarantined and deleted successfully.c:\documents and settings\<me>\local settings\Temp\wzb520\mobilesyncbrowser.setup.win.exe (Spyware.Passwords.Gen) -> Quarantined and deleted successfully.=======================================================.DDS (Ver_2011-06-11.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by xxx at 12:50:02 on 2011-06-11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2992.1741 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\DSC\DLS Update Service\Service\DLSUpdateServiceHost.exeC:\Program Files\DSC\DLS IV\DLSPRONETHost\DLSPRONETHost.exeC:\Program Files\DSC\DLS IV\ASHost\Tyco.TSP.AppSecurity.AuthenticationWindowsServiceHost.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\DSC\DLS IV\MCPH\MCPH.exeC:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exeC:\WINDOWS\system32\NLSSRV32.EXEC:\Program Files\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exeC:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exeC:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\TOSHIBA\RSelect\RSelSvc.exeC:\Program Files\Sling Media\SlingAgent\SlingAgentService.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\ThpSrv.exeC:\Program Files\TOSHIBA\TME3\Tmesrv31.exeC:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Program Files\TOSHIBA\TME3\TMEEJME.EXEC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\DSC\DLS IV\CommsManagerHost\CommunicationManagerHost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\00THotkey.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\TOSHIBA\TME3\TMERzCtl.EXEC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\Apoint2K\HidFind.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\ltmoh\Ltmoh.exeC:\Program Files\TOSHIBA\TouchED\TouchED.exeC:\Program Files\Intel\WiFi\bin\ZCfgSvc.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\WINDOWS\system32\thpsrv.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exeC:\Program Files\TomTom HOME 2\TomTomHOMERunner.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXEC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\<me>\My Documents\Downloads\Programs\Defogger.exe.============== Pseudo HJT Report ===============.uStart Page = https://www.sorvive.com/loginmain.aspuSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNAmDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNAmDefault_Search_URL = hxxp://www.google.commSearch Page = hxxp://www.google.commStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNAuInternet Settings,ProxyOverride = <local>;*.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\documents and settings\all users\application data\partner\Partner.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDEuRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exeuRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"mRun: [nwiz] nwiz.exe /installquietmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [00THotkey] c:\windows\system32\00THotkey.exemRun: [000StTHK] 000StTHK.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [NDSTray.exe] NDSTray.exemRun: [Apoint] c:\program files\apoint2k\Apoint.exemRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /ServicemRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /LogonmRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorunmRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exemRun: [TouchED] c:\program files\toshiba\touched\TouchED.exemRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless TraymRun: [TOSDCR] TOSDCR.EXEmRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exemRun: [ThpSrv] c:\windows\system32\thpsrv /logonmRun: [TFncKy] TFncKy.exemRun: [TFNF5] TFNF5.exemRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exemRun: [TPSODDCtl] TPSODDCtl.exemRun: [TPSMain] TPSMain.exemRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exemRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exemRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exemRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDEDmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -amRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startupmRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~3.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeuPolicies-explorer: NoLogoff = 01000000uPolicies-explorer: NoSMMyDocs = 01000000uPolicies-explorer: NoSMMyPictures = 01000000uPolicies-explorer: NoNetworkConnections = 01000000IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLLDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279009339421DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.67/codebase/DVM_IPCam2.ocxDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabTCP: DhcpNameServer = 68.87.75.198 68.87.64.150TCP: Interfaces\{9364C47F-8DF9-4212-A299-8C99FB2522A0} : DhcpNameServer = 68.87.75.198 68.87.64.150Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllName-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/FF - plugin: c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dllFF - plugin: c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dllFF - plugin: c:\documents and settings\<me>\application data\mozilla\firefox\profiles\jghuf4ga.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll.---- FIREFOX POLICIES ----FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - false.============= SERVICES / DRIVERS ===============.R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 29760]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-5-11 6528]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165264]R1 MpKsl9bca0f81;MpKsl9bca0f81;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27060f3b-6e53-4ced-affb-74ee32a37175}\MpKsl9bca0f81.sys [2011-6-10 28752]R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2010-6-22 5888]R2 DLS Update Service;DSC Update Service;c:\program files\dsc\dls update service\service\DLSUpdateServiceHost.exe [2009-11-19 75264]R2 DLSPRO Application Service;DSC Application Service;c:\program files\dsc\dls iv\dlspronethost\DLSPRONETHost.exe [2011-3-16 57344]R2 DLSPRO Authentication Service;DSC Authentication Service;c:\program files\dsc\dls iv\ashost\Tyco.TSP.AppSecurity.AuthenticationWindowsServiceHost.exe [2011-3-16 90112]R2 DLSPRO Communications Service;DSC Communications Service;c:\program files\dsc\dls iv\commsmanagerhost\CommunicationManagerHost.exe [2011-3-16 57344]R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-10 366640]R2 MCPH;DSC MCPH Service;c:\program files\dsc\dls iv\mcph\MCPH.exe [2011-3-16 210432]R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-1-12 196928]R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-3-31 103792]R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.198\ccSvcHst.exe [2010-3-31 126392]R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760]R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-22 47104]R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-22 48128]R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-22 38400]R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2010-6-22 126976]R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-5-1 4992]R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-22 2320920]R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-6-22 160424]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-6-22 44800]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-22 132352]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-10 22712]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-10-13 57576]R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-22 24064]R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-22 54136]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-5 111960]R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-2-5 677232]S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2011-4-9 515803]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 135664]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-22 1684736]S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\atswpwdf.sys --> c:\windows\system32\drivers\ATSwpWDF.sys [?]S3 EdgeSer;Edgeport Serial Port Driver for Windows 2000, XP & Server 2003;c:\windows\system32\drivers\edgeser.sys [2011-2-28 197906]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 135664]S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-10 39984]S3 Partner Service;Partner Service;c:\documents and settings\all users\application data\partner\Partner.exe [2010-3-30 332272]S3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\drivers\TEUSBMU.sys [2010-10-21 20992]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2010-3-30 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2011-06-11 02:21:50 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27060f3b-6e53-4ced-affb-74ee32a37175}\MpKsl9bca0f81.sys2011-06-11 02:18:20 711728 ----a-w- c:\windows\isRS-000.tmp2011-06-11 00:08:18 -------- d-----w- c:\documents and settings\<me>\application data\Malwarebytes2011-06-11 00:08:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-06-11 00:08:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-06-11 00:08:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-11 00:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-06-10 22:07:16 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27060f3b-6e53-4ced-affb-74ee32a37175}\mpengine.dll2011-06-07 23:43:32 -------- d-----w- c:\program files\iPod2011-06-07 23:43:27 -------- d-----w- c:\program files\iTunes2011-05-31 15:34:36 -------- d-----w- c:\documents and settings\<me>\application data\Ybuz2011-05-31 15:34:36 -------- d-----w- c:\documents and settings\<me>\application data\Pize2011-05-21 19:59:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-19 10:35:17 -------- d-----w- c:\documents and settings\<me>\local settings\application data\Garmin2011-05-18 23:55:47 -------- d-----w- c:\program files\Unlocker.==================== Find3M ====================.2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe.============= FINISH: 12:51:06.98 =================================================================================================================.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-06-11.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 7/13/2010 3:59:15 AMSystem Uptime: 6/10/2011 10:20:25 PM (14 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Core i5 CPU M 520 @ 2.40GHz | rPGA988A Socket | 1172/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 287 GiB total, 216.321 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 6/10/2011 6:06:05 PM - System CheckpointRP2: 6/10/2011 6:07:14 PM - Software Distribution Service 3.0.==== Installed Programs ======================..1&1 EasyLoginAdd-onsAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9.4.4Advanced IP Scanner v1.5Advanced Network DiagrammingAdvanced Network Diagramming HelpALPS Touch Pad DriverAmazon LinksApple Application SupportApple Mobile Device SupportApple Software UpdateBejeweled 2 DeluxeBlock DiagramsBlock Diagrams HelpBluetooth Stack for Windows by ToshibaBonjourBorders and BackgroundsBorders and Backgrounds HelpBusiness Contact Manager for Outlook 2007 SP2CAD Drawing DisplayCallouts and ConnectorsCallouts and Connectors HelpCanon i550CanoScan 4400FChuzzle DeluxeClip Art and SymbolsClip Art and Symbols HelpClosetMaid v1.5.2Cool Timer 3.6Core FTP Pro 2.1CraigsList Reader Pro by CraigsPal 4.5.3Custom Properties EditorDatabase DesignDatabase Design HelpDatabase WizardDeveloping Visio Solutions HelpDigital CameraDirectory ServicesDirectory Services HelpDirectX for Managed Code Update (Summer 2004)DLS 2002DLS 2002 North AmericaDLS 2002 PC5900 v1.0 DriverDLS 2002 Skyroute v2.3-2.4 DriverDLS IV (Installer Version)DLS Update ServiceDLS2002 2010 Event Buffer Fix DriverDLS2002 LCD5500Z v3.1 DriverDLS2002 PC1555 v3.2 Driver PackDLS2002 PC1555MX v2.3 DriverDLS2002 PC1616 v4.1 Driver PackDLS2002 PC1616 v4.1CP-01 Driver PackDLS2002 PC1616 v4.2 Driver PackDLS2002 PC1616 v4.2CP01 Driver PackDLS2002 PC1832 v4.1 Driver PackDLS2002 PC1832 v4.1CP-01 Driver PackDLS2002 PC1832 v4.2 Driver PackDLS2002 PC1832 v4.2CP01 Driver PackDLS2002 PC1864 v4.1 Driver PackDLS2002 PC1864 v4.1CP-01 Driver PackDLS2002 PC1864 v4.2 Driver PackDLS2002 PC1864 v4.2CP01 Driver PackDLS2002 PC4020 v3.3 DriverDLS2002 PC4020 v3.5 DriverDLS2002 PC5010 v3.2 Driver PackDLS2002 PC5132-433 v4.2NA DriverDLS2002 PC5950 v1.1 Driver PackDLS2002 PK5500 v1.1 Driver PackDLS2002 PK5500 v1.2 Driver PackDLS2002 PK55XX v1.0 Driver PackDLS2002 Practical Peripherals Support DriverDLS2002 RF5108 v1.0 DriverDLS2002 RF5132-433 v5.0NA Driver PackDLS2002 RF5501 v5.0 DriverDLS2002 RFK5132 v5.1NA Driver PackDLS2002 RFK5132 v5.2 Driver PackDLS2002 RFK5132 v5.3 Driver PackDLS2002 SCW9045 v1.0 Driver PackDLS2002 SCW9047 v1.0 Driver PackDLS2002 SCW9047 v1.0CP-01 Driver PackDLS2002 Service Pack 2DLS2002 Tlink II DriverDLS2002 Web Update Add-InEscape Rosecliff IslandFitDay PC version 2.0FlowchartsFlowcharts HelpForms and ChartsForms and Charts HelpGarmin City Navigator North America NT 2010.10Garmin POI LoaderGarmin Training CenterGarmin USB DriversGarmin WebUpdaterGoogle EarthGoogle SketchUp 8Google Toolbar for Internet ExplorerGoogle Update HelperGraphics FiltersHelp for Visio 2000 (HTML Help)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB953955)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Icatch(IV) Camera DriverInstallVC90SupportIntel PROSet WirelessIntel® Management Engine ComponentsIntel® Network Connections DriversIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology DriverInternet DiagramsInternet Diagrams HelpIP CameraiTunesJava 6 Update 14Jewel Quest 3Junk Mail filter updateKX-TA Maintenance ConsoleLexmark Software UninstallLiveReg (Symantec Corporation)LiveUpdate 1.6 (Symantec Corporation)Logitech Harmony Remote Software 7Malwarebytes' Anti-Malware version 1.51.0.1200MapsMaps HelpMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft AntimalwareMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Digital Image Pro 10Microsoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)Microsoft SQL Server 2005 Tools Express EditionMicrosoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visio 2000Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual Studio 2005 Tools for Office RuntimeMicrosoft Visual Studio Service Pack 3MobileSyncBrowser 4.1.2Mozilla Firefox 4.0.1 (x86 en-US)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 6.0 ParserNetObjects Fusion 11.0Network DiagramsNetwork Diagrams HelpNitro PDF ProfessionalNVIDIA DriversO2Micro OZ776 SCR DriverOffice LayoutOffice Layout HelpOGA Notifier 2.0.0048.0Organization ChartsOrganization Charts HelpPage Layout WizardPolar BowlerPrimoPDF -- by Nitro PDF SoftwareProgram FilesProgram Files HelpProgram Files ProfessionalProgram Files Professional HelpProgrammer for TA1232 - V1.00Project SchedulesProject Schedules HelpProperty Reporting WizardQuickBooksQuickbooks Financial CenterQuickBooks Pro 2000QuickBooks Pro 2011QuickTimeRealtek High Definition Audio DriverRelease NotesRelease Notes ProfessionalRemote Control USB DriverRICOH R5U230 Media Driver ver.2.08.03.03Save as HTMLSeagate Manager InstallerSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2466156)Security Update for 2007 Microsoft Office System (KB2509488)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft Office Access 2007 (KB979440)Security Update for Microsoft Office Excel 2007 (KB2464583)Security Update for Microsoft Office Groove 2007 (KB2494047)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2535818)Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)Security Update for Microsoft Office Publisher 2007 (KB2284697)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953155)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371-v2)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB970483)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974455)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975254)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UIShape Explorer HelpSkype LauncherSlingPlayerSoftware DesignSoftware Design HelpSolutionsSprint SmartViewSymantec pcAnywhereTomTom HOME 2.7.6.2056TomTom HOME Visual Studio Merge ModulesTOSHIBA Application and Driver InstallerTOSHIBA AssistTOSHIBA ConfigFreeTOSHIBA ControlsTOSHIBA Direct Disc WriterTOSHIBA Disc CreatorTOSHIBA Display Devices Change UtilityTOSHIBA DVD PLAYERTOSHIBA HDD ProtectionTOSHIBA HDD/SSD AlertTOSHIBA Hotkey Utility for Display DevicesTOSHIBA Internal Modem Region Select UtilityToshiba Laptop CheckupTOSHIBA Mobile Extension3Toshiba Online BackupTOSHIBA Password UtilityTOSHIBA PC Diagnostic ToolTOSHIBA PC Health MonitorTOSHIBA Power SaverTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA Security AssistTOSHIBA Service StationTOSHIBA Software ModemTOSHIBA TouchPad On/Off Utility V2.5.1.0TOSHIBA USB Sleep and Charge UtilityTOSHIBA UtilitiesTOSHIBA Web Camera ApplicationTOSHIBA Zooming UtilityToshibaRegistrationTweak UIUninstall for TOSHIBA Mobile Extension3Unlocker 1.9.1Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office Outlook 2007 (KB2509470)Update for Outlook 2007 Junk Email Filter (KB2536413)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB978506)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB898461)Update for Windows XP (KB951618-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB961503)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update for Windows XP (KB976749)VBAVirtual FamiliesVirtual Villagers - The Secret CityVisioVisio Core FilesWebFldrs XPWildTangent GamesWildTangent ORB Game ConsoleWindows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)Windows Driver Package - Infineon Technologies AG (IFXTPM) System (12/14/2007 2.01.0001.00)Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterWindows Management Framework CoreWindows Media Format RuntimeWindows Media Player 10Windows Rights Management Client with Service Pack 2WinZip 11.1Wireless HotkeyZuma's Revenge.==== Event Viewer Messages From Past Week ========.6/8/2011 4:00:24 PM, error: Service Control Manager [7022] - The DSC Application Service service hung on starting.6/6/2011 7:05:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde6/6/2011 7:03:28 PM, error: Service Control Manager [7022] - The DSC Communications Service service hung on starting.6/6/2011 7:01:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DSC Authentication Service service to connect.6/6/2011 7:01:12 PM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.6/6/2011 7:01:12 PM, error: Service Control Manager [7000] - The DSC Authentication Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.6/10/2011 6:04:36 PM, error: Dhcp [1002] - The IP address lease 192.168.1.57 for the Network Card with network address 002314C124F0 has been denied by the DHCP server 192.168.1.200 (The DHCP Server sent a DHCPNACK message)..==== End Of File ==================================================================================================================GMER 1.0.15.15640 - http://www.gmer.netRootkit scan 2011-06-11 14:57:23Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3ORunning: seppvk0p.exe; Driver: C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\fwliqpog.sys---- Kernel code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\drivers\tos_sps32.sys section is writeable [0xB7C12480, 0x3C939, 0xE8000020].dsrt C:\WINDOWS\system32\drivers\tos_sps32.sys unknown last section [0xB7C53900, 0x3CA, 0x48000040].text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB735F380, 0x3E5D65, 0xE8000020]? C:\DOCUME~1\KENNET~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[752] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 024F1102 C:\Program Files\Unlocker\UnlockerHook.dll.text C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE[4804] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation).text C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE[4804] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation).text C:\Program Files\Mozilla Firefox\firefox.exe[86120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[87876] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)---- Devices - GMER 1.0.15 ----Device Ntfs.sys (NT File System Driver/Microsoft Corporation)Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)Device B096DD20AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)---- Processes - GMER 1.0.15 ----Process hidden process (*** hidden *** ) 20204 Process hidden process (*** hidden *** ) 20584 Process hidden process (*** hidden *** ) 20836 Process hidden process (*** hidden *** ) 20852 Process hidden process (*** hidden *** ) 22136 Process hidden process (*** hidden *** ) 22340 Process hidden process (*** hidden *** ) 22564 ---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
Staff screen317 Posted June 14, 2011 Staff ID:440989 Share Posted June 14, 2011 Hi and welcome to Malwarebytes.I'm afraid I have bad news.Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallShould you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.Should you have any questions, please feel free to ask.Let me know what you decide. Link to post Share on other sites More sharing options...
T84A Posted June 14, 2011 Author ID:441000 Share Posted June 14, 2011 Thanks. Not to be suspicious but where exactly do you see this "backdoor trojan" that neither your program or Microsoft Security Essentials is picking up? Thanks again. Link to post Share on other sites More sharing options...
T84A Posted June 14, 2011 Author ID:441020 Share Posted June 14, 2011 Just to add:Powerful protection. Advanced features.Malwarebytes Anti-Malware PROOur flagship anti-malware application not only cleans up your computers but also provides automatic scanning, automatic updates and real-time protection. The malware threat database is constantly updated to safeguard your system from the latest threats. Just download, install and relax, knowing that Malwarebytes Anti-Malware PRO keeps vigilant guard over your system. Set it and forget it!So what am I missing here? Link to post Share on other sites More sharing options...
Staff screen317 Posted June 17, 2011 Staff ID:442124 Share Posted June 17, 2011 Hi,This Malwarebytes detection from your first post:ZBotZBot is a family of remote access trojan (RAT), commonly referred to as a backdoor trojan.Sure, we can delete the files and Registry components that we can see, but there's no telling what networks your computer has already been connected to, or whether it's already part of a botnet.That is the danger of what I tried to explain earlier, and I hope this makes it more clear.Like I said, the decision is up to you whether you would like to format or whether you would like us to clean what we can see. I highly recommend formatting your hard drive and reinstalling Windows, but again, the choice is yours. Link to post Share on other sites More sharing options...
T84A Posted June 17, 2011 Author ID:442266 Share Posted June 17, 2011 Thanks. What you don't understand is that if I didn't post on this forum, I would have thought everything was good because your provram said so. I would bet that 90% of users are beung misled. That waw my point. I reformatted but I still paid for software that gives false info. Link to post Share on other sites More sharing options...
T84A Posted June 17, 2011 Author ID:442286 Share Posted June 17, 2011 Sorry about the typos, I posted from my phone. Link to post Share on other sites More sharing options...
Staff screen317 Posted June 20, 2011 Staff ID:443313 Share Posted June 20, 2011 I don't understand what you mean.. Our software removes trojans. It removed the trojan from your system. There's no telling what damage may have been done.. Link to post Share on other sites More sharing options...
T84A Posted June 20, 2011 Author ID:443457 Share Posted June 20, 2011 I guess this is my perspective. Imagine you take your car into a service center with a nail in your tire. The technician pulls the nail out and tells you you're good to go and you go to get in your car and the tire is flat. You go back the tech and say "what's the deal?" and he says "I don't understand what you mean.. I removed the nail from your tire. There's no telling what damage may have been done."How would you feel? Link to post Share on other sites More sharing options...
T84A Posted June 21, 2011 Author ID:443782 Share Posted June 21, 2011 I want to add that I'm not trying to be a prick here but if a user gets the sense that all is good from your product, all should be good and there shouldn't be the need to find this forum and post all the logs and what not to then find out that all is not good. I'm more comfortable now that I reformatted and installed your product when my system was clean but I have to assume, for most (like me), that's not going to be the case. People are going to find your product after they're infected. Link to post Share on other sites More sharing options...
Staff screen317 Posted June 24, 2011 Staff ID:445122 Share Posted June 24, 2011 That analogy doesn't work because you would pay the mechanic to replace your tire.You can't pay us to replace your computer.I wanted you to be fully informed of the situation so I told you all of those details. Link to post Share on other sites More sharing options...
T84A Posted June 24, 2011 Author ID:445163 Share Posted June 24, 2011 Absolutely not. I would pay him to plug the nail hole (as I have done many times in my lifetime). Link to post Share on other sites More sharing options...
Staff screen317 Posted June 27, 2011 Staff ID:446341 Share Posted June 27, 2011 I understand your concern and gave you a sufficient amount of information to be the most informed about what is going on. Criminals cannot remotely connect to your car tire. That's the difference.I provide my recommendations to you about how to proceed forward. You can either take them or you can not take them. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 4, 2011 Staff ID:461942 Share Posted August 4, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts