View Full Version : Computer keeps restarting, SPTD won't load
chinny224
2010-02-25, 04:23
Hi,
My computer recently contracted some type of malware so that it will turn on (Displays "In Touch With Toshiba" screen) and then starts loading Windows XP. At this point, the computer will stop, flash a blue screen for a split second, and then restart the process. I can load safe mode, but not normal windows. When I google search anything I can redirect to random sites (which is how I determined it was malware). It's definitely not a RAM issue because I replaced the RAM and nothing changed. Whenever I load in safe mode, it displays a series of drivers, the last one being an MUP.sys and then it says to hit escape while it tries to load a SPTD.sys. If I hit esc, it will go to safe mode. If not, it will just reload again. I've run malwarebytes a bunch of times and it came up with several trojans at first, but now when i run it, it doesn't detect anything. I have AVIRA and Avast, but neither will run due to the malware. Please let me know what I can do to fix this problem. Thank you.
-chinny224
chinny224
2010-02-26, 03:10
I forgot to include the hijackthis log, so here it is. Hope this helps.
-chinny224
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2010-02-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB176] command /c del "C:\WINDOWS\system32\TDSSxexf.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6334] cmd /c del "C:\WINDOWS\system32\TDSSxexf.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5874] command /c del "C:\WINDOWS\privacy_danger\images\body.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2599] cmd /c del "C:\WINDOWS\privacy_danger\images\body.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8493] command /c del "C:\WINDOWS\privacy_danger\images\capt.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8237] cmd /c del "C:\WINDOWS\privacy_danger\images\capt.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5687] command /c del "C:\WINDOWS\privacy_danger\images\capt2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6234] cmd /c del "C:\WINDOWS\privacy_danger\images\capt2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8698] command /c del "C:\WINDOWS\privacy_danger\images\red.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5253] cmd /c del "C:\WINDOWS\privacy_danger\images\red.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6194] command /c del "C:\WINDOWS\privacy_danger\images\text.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4465] cmd /c del "C:\WINDOWS\privacy_danger\images\text.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2045] command /c del "C:\WINDOWS\privacy_danger\index.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD254] cmd /c del "C:\WINDOWS\privacy_danger\index.htm"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} (VMware_VDM_Client Class) - https://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VMware View Client Service (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
--
End of file - 10820 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
chinny224
2010-03-01, 20:57
Thank you for the response,
I followed your instructions, but while running GMER, it showed that it was scanning a bunch of device drivers, the last being a SSDT type, with a value ZwTerminateprocess [0xBA818080], and then it froze. The Show All box was not checked. It said that it was scanning sections C:\WINDOWS\system32\drivers\atapi.sys but it won't finish the scan (I've been letting it sit there for about an hour). I've attached the DDS.txt and Attach.txt from the first log. I will try to run GMER again but it seems like it's not going to be going through. I will wait for further instructions. Again, thank you for helping.
DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Administrator at 13:10:32.20 on 2010-03-01
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1156 [GMT -5:00]
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [NeroHomeFirstStart] c:\program files\common files\ahead\lib\NMFirstStart.exe
uRunOnce: [SpybotDeletingB176] command /c del "c:\windows\system32\TDSSxexf.dll"
uRunOnce: [SpybotDeletingD6334] cmd /c del "c:\windows\system32\TDSSxexf.dll"
uRunOnce: [SpybotDeletingB5874] command /c del "c:\windows\privacy_danger\images\body.gif"
uRunOnce: [SpybotDeletingD2599] cmd /c del "c:\windows\privacy_danger\images\body.gif"
uRunOnce: [SpybotDeletingB8493] command /c del "c:\windows\privacy_danger\images\capt.gif"
uRunOnce: [SpybotDeletingD8237] cmd /c del "c:\windows\privacy_danger\images\capt.gif"
uRunOnce: [SpybotDeletingB5687] command /c del "c:\windows\privacy_danger\images\capt2.gif"
uRunOnce: [SpybotDeletingD6234] cmd /c del "c:\windows\privacy_danger\images\capt2.gif"
uRunOnce: [SpybotDeletingB8698] command /c del "c:\windows\privacy_danger\images\red.gif"
uRunOnce: [SpybotDeletingD5253] cmd /c del "c:\windows\privacy_danger\images\red.gif"
uRunOnce: [SpybotDeletingB6194] command /c del "c:\windows\privacy_danger\images\text.gif"
uRunOnce: [SpybotDeletingD4465] cmd /c del "c:\windows\privacy_danger\images\text.gif"
uRunOnce: [SpybotDeletingB2045] command /c del "c:\windows\privacy_danger\index.htm"
uRunOnce: [SpybotDeletingD254] cmd /c del "c:\windows\privacy_danger\index.htm"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ucmnytza.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-6 353672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-23 162512]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-12 11608]
S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-3-25 148496]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-12 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-12 185089]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-23 19024]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-12 56816]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
S2 wsnm;VMware View Client Service;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-23 1684736]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-15 14336]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-7-4 163390]
=============== Created Last 30 ================
2010-02-28 04:04 <DIR> --d----- C:\Temp
2010-02-23 02:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-23 01:31 19 a------- c:\windows\system32\drivers\hosts
2010-02-22 21:42 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-02-15 21:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-02-02 01:56 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
2010-02-02 01:56 106,496 a----r-- c:\windows\system32\lvcoinst.dll
2010-02-02 01:56 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-02 01:56 9,255 a----r-- c:\windows\system32\lvcoinst.ini
2010-02-02 01:56 204,800 a----r-- c:\windows\system32\LVUI2.dll
2010-02-02 01:56 204,800 a----r-- c:\windows\system32\lvcodec2.dll
2010-02-02 01:56 211,712 a----r-- c:\windows\system32\drivers\LV561AV.SYS
==================== Find3M ====================
2010-02-23 10:36 643,072 a------- c:\windows\system32\drivers\sptd.sys
2010-02-23 10:36 96,384 a------- c:\windows\system32\drivers\sptd2301.sys
2010-02-21 05:12 6,227,252 a--sh--- c:\windows\system32\drivers\fidbox.idx
2010-02-21 05:12 464,887,840 a--sh--- c:\windows\system32\drivers\fidbox.dat
2010-01-16 00:34 67,284 a---h--- c:\windows\system32\mlfcache.dat
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-22 00:21 667,136 a------- c:\windows\system32\wininet.dll
2009-12-22 00:20 81,920 a------- c:\windows\system32\ieencode.dll
2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-08 14:26 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-12-08 13:43 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
============= FINISH: 13:12:48.93 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-07-03 14:30:30
System Uptime: 2010-03-01 13:03:39 (0 hours ago)
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1729/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 28.152 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP415: 2009-12-09 14:33:24 - System Checkpoint
RP416: 2009-12-09 15:23:30 - Software Distribution Service 3.0
RP417: 2009-12-10 01:50:17 - Software Distribution Service 3.0
RP418: 2009-12-11 11:20:11 - System Checkpoint
RP419: 2009-12-12 12:40:16 - System Checkpoint
RP420: 2009-12-13 13:30:03 - System Checkpoint
RP421: 2009-12-14 13:47:59 - System Checkpoint
RP422: 2009-12-15 14:34:51 - System Checkpoint
RP423: 2009-12-16 19:10:14 - System Checkpoint
RP424: 2009-12-17 19:53:45 - System Checkpoint
RP425: 2009-12-18 20:24:29 - System Checkpoint
RP426: 2009-12-19 21:03:38 - System Checkpoint
RP427: 2009-12-21 16:43:16 - System Checkpoint
RP428: 2009-12-22 17:14:29 - System Checkpoint
RP429: 2009-12-23 17:14:48 - System Checkpoint
RP430: 2009-12-24 19:17:10 - System Checkpoint
RP431: 2009-12-25 20:07:23 - System Checkpoint
RP432: 2009-12-27 10:58:46 - System Checkpoint
RP433: 2009-12-28 13:25:46 - System Checkpoint
RP434: 2009-12-29 14:23:32 - System Checkpoint
RP435: 2009-12-31 11:42:10 - System Checkpoint
RP436: 2010-01-01 12:21:48 - System Checkpoint
RP437: 2010-01-02 12:31:20 - System Checkpoint
RP438: 2010-01-03 18:07:20 - System Checkpoint
RP439: 2010-01-04 19:06:31 - System Checkpoint
RP440: 2010-01-05 20:59:24 - System Checkpoint
RP441: 2010-01-06 21:56:49 - System Checkpoint
RP442: 2010-01-07 22:35:26 - System Checkpoint
RP443: 2010-01-08 23:05:16 - System Checkpoint
RP444: 2010-01-10 12:38:22 - System Checkpoint
RP445: 2010-01-11 15:51:59 - System Checkpoint
RP446: 2010-01-12 16:12:13 - System Checkpoint
RP447: 2010-01-13 16:52:15 - System Checkpoint
RP448: 2010-01-14 00:53:39 - Software Distribution Service 3.0
RP449: 2010-01-15 13:54:50 - System Checkpoint
RP450: 2010-01-16 14:19:37 - System Checkpoint
RP451: 2010-01-17 18:27:53 - System Checkpoint
RP452: 2010-01-18 19:23:10 - System Checkpoint
RP453: 2010-01-19 20:07:15 - System Checkpoint
RP454: 2010-01-20 20:21:37 - System Checkpoint
RP455: 2010-01-22 01:05:56 - Removed Google Earth.
RP456: 2010-01-22 01:11:17 - Installed Logitech QuickCam
RP457: 2010-01-23 01:48:11 - System Checkpoint
RP458: 2010-01-23 03:00:24 - Software Distribution Service 3.0
RP459: 2010-01-24 03:57:08 - System Checkpoint
RP460: 2010-01-25 21:21:22 - System Checkpoint
RP461: 2010-01-26 21:33:06 - System Checkpoint
RP462: 2010-01-27 22:25:42 - System Checkpoint
RP463: 2010-01-28 22:31:14 - System Checkpoint
RP464: 2010-01-29 23:17:22 - System Checkpoint
RP465: 2010-01-30 15:47:48 - Removed Logitech QuickCam
RP466: 2010-01-31 18:46:13 - System Checkpoint
RP467: 2010-02-02 00:53:15 - System Checkpoint
RP468: 2010-02-02 14:00:28 - Installed WebEx Meeting Manager for Firefox/Netscape/Chrome
RP469: 2010-02-02 14:00:53 - Printer Driver WebEx Document Loader Installed
RP470: 2010-02-03 16:21:06 - System Checkpoint
RP471: 2010-02-04 23:41:52 - System Checkpoint
RP472: 2010-02-05 23:59:53 - System Checkpoint
RP473: 2010-02-07 01:56:11 - System Checkpoint
RP474: 2010-02-08 15:35:56 - Installed VMware View Client
RP475: 2010-02-10 02:58:11 - System Checkpoint
RP476: 2010-02-11 01:48:53 - Software Distribution Service 3.0
RP477: 2010-02-12 15:17:50 - System Checkpoint
RP478: 2010-02-13 15:18:36 - System Checkpoint
RP479: 2010-02-15 12:52:13 - System Checkpoint
RP480: 2010-02-16 01:25:31 - Removed Printworks Scrapbook and Calendar Creator
RP481: 2010-02-17 15:30:46 - System Checkpoint
RP482: 2010-02-18 16:07:55 - System Checkpoint
RP483: 2010-02-19 21:19:15 - System Checkpoint
RP484: 2010-02-20 21:51:59 - System Checkpoint
RP485: 2010-02-22 21:28:45 - Restore Operation
RP486: 2010-02-27 14:07:26 - Restore Operation
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.1.0
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
Cakewalk VST Adapter 4.4.4.0
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DiscAPI
DivX Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DVD-RAM Driver
Google Toolbar for Internet Explorer
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
Java(TM) 6 Update 10
Lexicon PSP 42 VST DX v1.0
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.8)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Native Instruments B4
Native Instruments Guitar Rig 2
Office 2003 Trial Assistant
Otto
PDF Settings
Pinnacle Instant DVD Recorder
Power Tab Editor 1.7
Printworks Scrapbook and Calendar Creator
PSP 84 v1.0
PSP Audioware MasterQ DX VST v1.0
PSP VintageWarmer v1.5d
QuickTime
RAPID
RealPlayer Basic
Realtek High Definition Audio Driver
SD Secure Module
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shockwave
SmartSound Quicktracks Plugin
SONAR 5 Producer Edition
SONAR 7 Producer Edition
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony Sound Forge 7.0
Starcraft
Synaptics Pointing Device Driver
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
Viewpoint Media Player
VMware View Client
Waves SSL Collection v1.2
WD Diagnostics
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm
==== Event Viewer Messages From Past Week ========
2010-03-01 00:53:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
2010-02-27 15:08:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-25 18:34:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2010-02-23 23:13:02, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302882F2A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2010-02-23 14:15:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF sptd ssmdrv
2010-02-23 10:17:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-23 02:18:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2010-02-22 23:14:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2010-02-22 23:13:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF sptd ssmdrv
2010-02-22 23:12:21, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2010-02-22 23:12:21, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2010-02-22 22:26:40, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2010-02-22 22:14:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2010-02-22 22:10:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2010-02-22 22:06:11, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-22 22:06:11, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 22:06:11, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 22:06:11, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 22:06:11, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 22:06:11, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 22:06:11, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 22:06:11, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 21:51:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2010-02-22 21:49:59, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
==== End Of File ===========================
Hi,
There seem to be multiple antivirus installed there. You should decide which one of those to keep.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
chinny224
2010-03-02, 06:11
Hi,
After running ComboFix everything seems to be working great (I'm posting this after booting windows in normal mode!) Thanks a ton! The only thing that I couldn't figure out, even after reading the link you sent me, was how to just disable the antivirus software I had (avira and zone alarm) so I just uninstalled them completely. Obviously I will install new a new antivirus, but which would you recommend? Btw, here are the ComboFix log, DDS log, and Attach log. Hopefully everything looks clean now. Again, thank you so much for the help.
-chinny224
ComboFix 10-03-01.01 - OWNER 2010-03-01 22:29:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1117 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OWNER\Application Data\Desktopicon
c:\windows\system32\Thumbs.db
c:\windows\system32\twain_32.dll
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.
2010-03-02 02:57 . 2010-03-02 02:57 35328 ---ha-w- c:\windows\system32\calcetup.dll
2010-03-02 02:24 . 2010-03-02 02:24 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-02-28 09:04 . 2010-02-28 09:04 -------- d-----w- C:\Temp
2010-02-27 20:09 . 2010-02-27 20:10 -------- d-----w- C:\rsit
2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2010-02-23 07:18 . 2010-03-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-23 07:18 . 2010-02-23 07:18 -------- d-----w- c:\program files\Alwil Software
2010-02-23 06:12 . 2010-02-23 06:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-23 02:42 . 2010-02-23 02:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-16 02:05 . 2010-02-16 02:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-16 01:20 . 2010-02-16 06:08 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\jaeuev
2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\VMware
2010-02-02 19:01 . 2010-02-02 19:02 -------- d-----w- c:\documents and settings\OWNER\Application Data\webex
2010-02-02 06:56 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-02-02 06:56 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-02 06:56 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2010-02-02 06:56 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll
2010-02-02 06:56 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2010-02-02 06:56 . 2005-01-31 10:20 211712 ----a-r- c:\windows\system32\drivers\LV561AV.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 02:56 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-28 02:27 . 2008-11-29 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-02-27 19:08 . 2006-08-23 22:58 -------- d-----w- c:\program files\DivX
2010-02-27 19:04 . 2006-07-15 18:26 -------- d-----w- c:\program files\Pinnacle
2010-02-27 19:03 . 2009-08-11 21:37 -------- d-----w- c:\program files\PeerGuardian2
2010-02-27 19:00 . 2006-02-16 09:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-23 15:36 . 2006-08-18 15:53 643072 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-23 15:36 . 2006-08-18 15:53 96384 ----a-w- c:\windows\system32\drivers\sptd2301.sys
2010-02-23 06:31 . 2010-02-23 06:31 19 ----a-w- c:\windows\system32\drivers\hosts
2010-02-18 00:18 . 2007-08-02 00:13 -------- d-----w- c:\documents and settings\OWNER\Application Data\uTorrent
2010-02-16 01:41 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2010-02-14 15:40 . 2009-02-15 04:10 27280918 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-11 06:51 . 2009-09-16 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 01:58 . 2010-02-10 01:58 126543 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_09_17_46_37_small.dmp.zip
2010-01-30 20:58 . 2010-01-22 05:20 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-26 00:31 . 2008-10-29 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 00:31 . 2008-12-09 18:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-23 08:00 . 2010-01-23 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-22 06:11 . 2010-01-22 06:11 -------- d-----w- c:\program files\Logitech
2010-01-22 06:11 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 05:34 . 2008-10-26 19:37 67284 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-07 21:07 . 2008-10-29 08:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2008-10-29 08:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 17:52 . 2009-12-28 17:52 99548 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_27_20_53_22_small.dmp.zip
2009-12-22 05:21 . 2006-02-15 14:04 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 17:26 . 2009-12-17 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-15 14:03 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 06:16 . 2009-04-12 20:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2006-02-15 14:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-08 22:42 . 2009-12-08 22:42 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TFncKy"="TFncKy.exe" [BU]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=rddv1046.dll
"midi1"=rddv1046.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-12-06 16:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-15 14:29 88203 ----a-w- c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-10-06 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 05:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-12 23:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2005-03-11 23:03 73728 ----a-w- c:\windows\system32\TDispVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\OWNER\\Desktop\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-06-15 24652]
S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
S2 wsnm;VMware View Client Service;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-23 6:35 PM 1684736]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-07-04 3:08 PM 163390]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-08-18 643072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
ActiveSetup-{F345481E-B281-BD4B-B7DF-52BFF089E176} - c:\windows\system32\msupdater.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 22:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3038724264-3626714780-2335072967-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E234A574-72B9-6CB7-5E93-0F5657FE9B08}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabnbdekpnomgkelgh"=hex:6a,61,62,6d,6c,65,70,65,6d,64,6f,6c,62,6c,61,66,66,6e,
64,61,00,00
"hadnnkcjfhidfnmc"=hex:6a,61,6f,6c,6b,6d,6f,70,6e,65,63,64,65,62,67,69,6b,69,
61,6f,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\rddv1046.dll
- - - - - - - > 'explorer.exe'(732)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-03-01 22:51:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-02 03:51
Pre-Run: 30,981,857,280 bytes free
Post-Run: 30,945,841,152 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 95A329200B5684941AE3D5F2AD702B46
DDS (Ver_09-09-29.01) - NTFSx86
Run by OWNER at 23:00:05.84 on 2010-03-01
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.993 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\OWNER\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\mqckc8tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\mqckc8tg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
S2 wsnm;VMware View Client Service;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-23 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-15 14336]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-7-4 163390]
=============== Created Last 30 ================
2010-03-01 22:12 <DIR> a-dshr-- C:\cmdcons
2010-03-01 22:11 261,632 a------- c:\windows\PEV.exe
2010-03-01 22:11 161,792 a------- c:\windows\SWREG.exe
2010-03-01 22:11 98,816 a------- c:\windows\sed.exe
2010-03-01 22:11 77,312 a------- c:\windows\MBR.exe
2010-03-01 21:57 35,328 a---h--- c:\windows\system32\calcetup.dll
2010-02-28 04:04 <DIR> --d----- C:\Temp
2010-02-23 02:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-23 01:31 19 a------- c:\windows\system32\drivers\hosts
2010-02-22 21:42 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-02-02 14:01 <DIR> --d----- c:\docume~1\owner\applic~1\webex
2010-02-02 01:56 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
2010-02-02 01:56 106,496 a----r-- c:\windows\system32\lvcoinst.dll
2010-02-02 01:56 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-02 01:56 9,255 a----r-- c:\windows\system32\lvcoinst.ini
2010-02-02 01:56 204,800 a----r-- c:\windows\system32\LVUI2.dll
2010-02-02 01:56 204,800 a----r-- c:\windows\system32\lvcodec2.dll
2010-02-02 01:56 211,712 a----r-- c:\windows\system32\drivers\LV561AV.SYS
==================== Find3M ====================
2010-02-23 10:36 643,072 a------- c:\windows\system32\drivers\sptd.sys
2010-02-23 10:36 96,384 a------- c:\windows\system32\drivers\sptd2301.sys
2010-01-16 00:34 67,284 a---h--- c:\windows\system32\mlfcache.dat
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-22 00:21 667,136 -------- c:\windows\system32\wininet.dll
2009-12-22 00:20 81,920 a------- c:\windows\system32\ieencode.dll
2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-08 14:26 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-12-08 13:43 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2008-10-03 15:10 158 a------- c:\docume~1\owner\applic~1\wklnhst.dat
============= FINISH: 23:00:24.48 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-07-03 2:30:30 PM
System Uptime: 2010-03-01 10:39:22 PM (1 hours ago)
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1728/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 28.843 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP415: 2009-12-09 2:33:24 PM - System Checkpoint
RP416: 2009-12-09 3:23:30 PM - Software Distribution Service 3.0
RP417: 2009-12-10 1:50:17 AM - Software Distribution Service 3.0
RP418: 2009-12-11 11:20:11 AM - System Checkpoint
RP419: 2009-12-12 12:40:16 PM - System Checkpoint
RP420: 2009-12-13 1:30:03 PM - System Checkpoint
RP421: 2009-12-14 1:47:59 PM - System Checkpoint
RP422: 2009-12-15 2:34:51 PM - System Checkpoint
RP423: 2009-12-16 7:10:14 PM - System Checkpoint
RP424: 2009-12-17 7:53:45 PM - System Checkpoint
RP425: 2009-12-18 8:24:29 PM - System Checkpoint
RP426: 2009-12-19 9:03:38 PM - System Checkpoint
RP427: 2009-12-21 4:43:16 PM - System Checkpoint
RP428: 2009-12-22 5:14:29 PM - System Checkpoint
RP429: 2009-12-23 5:14:48 PM - System Checkpoint
RP430: 2009-12-24 7:17:10 PM - System Checkpoint
RP431: 2009-12-25 8:07:23 PM - System Checkpoint
RP432: 2009-12-27 10:58:46 AM - System Checkpoint
RP433: 2009-12-28 1:25:46 PM - System Checkpoint
RP434: 2009-12-29 2:23:32 PM - System Checkpoint
RP435: 2009-12-31 11:42:10 AM - System Checkpoint
RP436: 2010-01-01 12:21:48 PM - System Checkpoint
RP437: 2010-01-02 12:31:20 PM - System Checkpoint
RP438: 2010-01-03 6:07:20 PM - System Checkpoint
RP439: 2010-01-04 7:06:31 PM - System Checkpoint
RP440: 2010-01-05 8:59:24 PM - System Checkpoint
RP441: 2010-01-06 9:56:49 PM - System Checkpoint
RP442: 2010-01-07 10:35:26 PM - System Checkpoint
RP443: 2010-01-08 11:05:16 PM - System Checkpoint
RP444: 2010-01-10 12:38:22 PM - System Checkpoint
RP445: 2010-01-11 3:51:59 PM - System Checkpoint
RP446: 2010-01-12 4:12:13 PM - System Checkpoint
RP447: 2010-01-13 4:52:15 PM - System Checkpoint
RP448: 2010-01-14 12:53:39 AM - Software Distribution Service 3.0
RP449: 2010-01-15 1:54:50 PM - System Checkpoint
RP450: 2010-01-16 2:19:37 PM - System Checkpoint
RP451: 2010-01-17 6:27:53 PM - System Checkpoint
RP452: 2010-01-18 7:23:10 PM - System Checkpoint
RP453: 2010-01-19 8:07:15 PM - System Checkpoint
RP454: 2010-01-20 8:21:37 PM - System Checkpoint
RP455: 2010-01-22 1:05:56 AM - Removed Google Earth.
RP456: 2010-01-22 1:11:17 AM - Installed Logitech QuickCam
RP457: 2010-01-23 1:48:11 AM - System Checkpoint
RP458: 2010-01-23 3:00:24 AM - Software Distribution Service 3.0
RP459: 2010-01-24 3:57:08 AM - System Checkpoint
RP460: 2010-01-25 9:21:22 PM - System Checkpoint
RP461: 2010-01-26 9:33:06 PM - System Checkpoint
RP462: 2010-01-27 10:25:42 PM - System Checkpoint
RP463: 2010-01-28 10:31:14 PM - System Checkpoint
RP464: 2010-01-29 11:17:22 PM - System Checkpoint
RP465: 2010-01-30 3:47:48 PM - Removed Logitech QuickCam
RP466: 2010-01-31 6:46:13 PM - System Checkpoint
RP467: 2010-02-02 12:53:15 AM - System Checkpoint
RP468: 2010-02-02 2:00:28 PM - Installed WebEx Meeting Manager for Firefox/Netscape/Chrome
RP469: 2010-02-02 2:00:53 PM - Printer Driver WebEx Document Loader Installed
RP470: 2010-02-03 4:21:06 PM - System Checkpoint
RP471: 2010-02-04 11:41:52 PM - System Checkpoint
RP472: 2010-02-05 11:59:53 PM - System Checkpoint
RP473: 2010-02-07 1:56:11 AM - System Checkpoint
RP474: 2010-02-08 3:35:56 PM - Installed VMware View Client
RP475: 2010-02-10 2:58:11 AM - System Checkpoint
RP476: 2010-02-11 1:48:53 AM - Software Distribution Service 3.0
RP477: 2010-02-12 3:17:50 PM - System Checkpoint
RP478: 2010-02-13 3:18:36 PM - System Checkpoint
RP479: 2010-02-15 12:52:13 PM - System Checkpoint
RP480: 2010-02-16 1:25:31 AM - Removed Printworks Scrapbook and Calendar Creator
RP481: 2010-02-17 3:30:46 PM - System Checkpoint
RP482: 2010-02-18 4:07:55 PM - System Checkpoint
RP483: 2010-02-19 9:19:15 PM - System Checkpoint
RP484: 2010-02-20 9:51:59 PM - System Checkpoint
RP485: 2010-02-22 9:28:45 PM - Restore Operation
RP486: 2010-02-27 2:07:26 PM - Restore Operation
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.1.0
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bluetooth Stack for Windows by Toshiba
Bonjour
Cakewalk VST Adapter 4.4.4.0
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DiscAPI
DivX Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DVD-RAM Driver
Google Toolbar for Internet Explorer
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
Java(TM) 6 Update 10
Lexicon PSP 42 VST DX v1.0
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.8)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Native Instruments B4
Native Instruments Guitar Rig 2
Office 2003 Trial Assistant
Otto
PDF Settings
Pinnacle Instant DVD Recorder
Power Tab Editor 1.7
Printworks Scrapbook and Calendar Creator
PSP 84 v1.0
PSP Audioware MasterQ DX VST v1.0
PSP VintageWarmer v1.5d
QuickTime
RAPID
RealPlayer Basic
Realtek High Definition Audio Driver
SD Secure Module
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shockwave
SmartSound Quicktracks Plugin
SONAR 5 Producer Edition
SONAR 7 Producer Edition
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony Sound Forge 7.0
Starcraft
Synaptics Pointing Device Driver
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
Viewpoint Media Player
VMware View Client
Waves SSL Collection v1.2
WD Diagnostics
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
==== Event Viewer Messages From Past Week ========
2010-03-01 6:30:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
2010-03-01 12:53:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
2010-03-01 10:29:47 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
2010-03-01 10:26:13 PM, error: Service Control Manager [7000] - The VMware View Client Service service failed to start due to the following error: The system cannot find the path specified.
2010-03-01 10:11:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCLEPCI sptd
2010-03-01 10:06:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF PCLEPCI sptd
2010-02-27 3:08:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-25 6:34:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2010-02-25 12:30:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF sptd ssmdrv
2010-02-25 12:29:19 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2010-02-25 12:29:19 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2010-02-25 1:04:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2010-02-25 1:02:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2010-02-24 1:49:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2010-02-23 2:18:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2010-02-23 11:27:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2010-02-23 11:13:02 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302882F2A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2010-02-23 10:17:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-22 9:51:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2010-02-22 11:13:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF sptd ssmdrv
2010-02-22 10:26:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2010-02-22 10:06:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
==== End Of File ===========================
Good to hear that we're making progress. There's some work left though :). We'll see antivirus thing after cleaning process is finished.
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\OWNER\Local Settings\Application Data\jaeuev
c:\documents and settings\OWNER\Application Data\uTorrent
DDS::
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
Regnull::
[HKEY_USERS\S-1-5-21-3038724264-3626714780-2335072967-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E234A574-72B9-6CB7-5E93-0F5657FE9B08}*]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall your current Shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Uninstall Macromedia Flash Player 8.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 18 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Do you use Adobe Acrobat for other duties than to convert documents to pdf files?
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
chinny224
2010-03-03, 04:51
Ok, so I think everything is updated now. Here are all of the new logs.
ComboFix 10-03-01.04 - OWNER 2010-03-02 13:44:26.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.951 [GMT -5:00]
Running from: c:\documents and settings\OWNER\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OWNER\Application Data\uTorrent
c:\documents and settings\OWNER\Application Data\uTorrent\dht.dat
c:\documents and settings\OWNER\Application Data\uTorrent\dht.dat.old
c:\documents and settings\OWNER\Application Data\uTorrent\resume.dat
c:\documents and settings\OWNER\Application Data\uTorrent\resume.dat.old
c:\documents and settings\OWNER\Application Data\uTorrent\rss.dat
c:\documents and settings\OWNER\Application Data\uTorrent\rss.dat.old
c:\documents and settings\OWNER\Application Data\uTorrent\settings.dat
c:\documents and settings\OWNER\Application Data\uTorrent\settings.dat.old
c:\documents and settings\OWNER\Application Data\uTorrent\utorrent.lng
c:\documents and settings\OWNER\Local Settings\Application Data\jaeuev
.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.
2010-03-02 04:34 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-02 04:30 . 2010-03-02 04:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-02 04:29 . 2010-03-02 04:29 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
2010-03-02 04:29 . 2010-03-02 04:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-02 04:24 . 2010-03-02 04:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-02 02:24 . 2010-03-02 02:24 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-02-28 09:04 . 2010-02-28 09:04 -------- d-----w- C:\Temp
2010-02-27 20:09 . 2010-02-27 20:10 -------- d-----w- C:\rsit
2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2010-02-23 07:18 . 2010-03-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-23 07:18 . 2010-02-23 07:18 -------- d-----w- c:\program files\Alwil Software
2010-02-23 06:12 . 2010-02-23 06:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-23 02:42 . 2010-02-23 02:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-16 02:05 . 2010-02-16 02:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\VMware
2010-02-02 19:01 . 2010-02-02 19:02 -------- d-----w- c:\documents and settings\OWNER\Application Data\webex
2010-02-02 06:56 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-02-02 06:56 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-02 06:56 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2010-02-02 06:56 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll
2010-02-02 06:56 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2010-02-02 06:56 . 2005-01-31 10:20 211712 ----a-r- c:\windows\system32\drivers\LV561AV.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 04:26 . 2009-07-31 01:14 -------- d-----w- c:\program files\Unity
2010-03-02 04:24 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2010-03-02 04:21 . 2006-02-16 16:59 80728 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-02 02:56 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-28 02:27 . 2008-11-29 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-02-27 19:08 . 2006-08-23 22:58 -------- d-----w- c:\program files\DivX
2010-02-27 19:04 . 2006-07-15 18:26 -------- d-----w- c:\program files\Pinnacle
2010-02-27 19:03 . 2009-08-11 21:37 -------- d-----w- c:\program files\PeerGuardian2
2010-02-27 19:00 . 2006-02-16 09:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-23 15:36 . 2006-08-18 15:53 643072 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-23 15:36 . 2006-08-18 15:53 96384 ----a-w- c:\windows\system32\drivers\sptd2301.sys
2010-02-23 06:31 . 2010-02-23 06:31 19 ----a-w- c:\windows\system32\drivers\hosts
2010-02-14 15:40 . 2009-02-15 04:10 27280918 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-11 06:51 . 2009-09-16 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-10 01:58 . 2010-02-10 01:58 126543 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_09_17_46_37_small.dmp.zip
2010-01-30 20:58 . 2010-01-22 05:20 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-26 00:31 . 2008-10-29 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 00:31 . 2008-12-09 18:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-23 08:00 . 2010-01-23 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-22 06:11 . 2010-01-22 06:11 -------- d-----w- c:\program files\Logitech
2010-01-22 06:11 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 05:34 . 2008-10-26 19:37 67284 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-07 21:07 . 2008-10-29 08:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2008-10-29 08:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 17:52 . 2009-12-28 17:52 99548 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_27_20_53_22_small.dmp.zip
2009-12-22 05:21 . 2006-02-15 14:04 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 17:26 . 2009-12-17 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-15 14:03 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 06:16 . 2009-04-12 20:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2006-02-15 14:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 20:23 . 2009-12-02 20:23 149040 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-12-08 22:42 . 2009-12-08 22:42 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TFncKy"="TFncKy.exe" [BU]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=rddv1046.dll
"midi1"=rddv1046.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-12-06 16:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-15 14:29 88203 ----a-w- c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-10-06 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 05:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-12 23:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2005-03-11 23:03 73728 ----a-w- c:\windows\system32\TDispVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\OWNER\\Desktop\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-06-15 24652]
S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
S2 wsnm;VMware View Client Service;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-23 6:35 PM 1684736]
S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-07-04 3:08 PM 163390]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-08-18 643072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:23]
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:23]
2010-03-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
2010-03-02 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 13:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\rddv1046.dll
.
Completion time: 2010-03-02 13:55:38
ComboFix-quarantined-files.txt 2010-03-02 18:55
ComboFix2.txt 2010-03-02 03:51
Pre-Run: 30,732,595,200 bytes free
Post-Run: 30,723,940,352 bytes free
- - End Of File - - 1CBB5470A624182DF920BA057B211392
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 206478
Threats found 3
Infected objects found 3
Suspicious objects found 0
Scan duration 05:16:44
File name Threat Threats count
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\20\1e15ef94-574a8500 Infected: Exploit.OSX.Smid.c 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\17a0bb7d-2fa21eb7 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Documents and Settings\OWNER\Desktop\Downloads\nahdaemon403-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
Selected area has been scanned.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-07-03 2:30:30 PM
System Uptime: 2010-03-02 9:28:56 PM (0 hours ago)
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1728/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 28.895 GiB free.
D: is CDROM ()
G: is FIXED (FAT32) - 233 GiB total, 50.482 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP415: 2009-12-09 2:33:24 PM - System Checkpoint
RP416: 2009-12-09 3:23:30 PM - Software Distribution Service 3.0
RP417: 2009-12-10 1:50:17 AM - Software Distribution Service 3.0
RP418: 2009-12-11 11:20:11 AM - System Checkpoint
RP419: 2009-12-12 12:40:16 PM - System Checkpoint
RP420: 2009-12-13 1:30:03 PM - System Checkpoint
RP421: 2009-12-14 1:47:59 PM - System Checkpoint
RP422: 2009-12-15 2:34:51 PM - System Checkpoint
RP423: 2009-12-16 7:10:14 PM - System Checkpoint
RP424: 2009-12-17 7:53:45 PM - System Checkpoint
RP425: 2009-12-18 8:24:29 PM - System Checkpoint
RP426: 2009-12-19 9:03:38 PM - System Checkpoint
RP427: 2009-12-21 4:43:16 PM - System Checkpoint
RP428: 2009-12-22 5:14:29 PM - System Checkpoint
RP429: 2009-12-23 5:14:48 PM - System Checkpoint
RP430: 2009-12-24 7:17:10 PM - System Checkpoint
RP431: 2009-12-25 8:07:23 PM - System Checkpoint
RP432: 2009-12-27 10:58:46 AM - System Checkpoint
RP433: 2009-12-28 1:25:46 PM - System Checkpoint
RP434: 2009-12-29 2:23:32 PM - System Checkpoint
RP435: 2009-12-31 11:42:10 AM - System Checkpoint
RP436: 2010-01-01 12:21:48 PM - System Checkpoint
RP437: 2010-01-02 12:31:20 PM - System Checkpoint
RP438: 2010-01-03 6:07:20 PM - System Checkpoint
RP439: 2010-01-04 7:06:31 PM - System Checkpoint
RP440: 2010-01-05 8:59:24 PM - System Checkpoint
RP441: 2010-01-06 9:56:49 PM - System Checkpoint
RP442: 2010-01-07 10:35:26 PM - System Checkpoint
RP443: 2010-01-08 11:05:16 PM - System Checkpoint
RP444: 2010-01-10 12:38:22 PM - System Checkpoint
RP445: 2010-01-11 3:51:59 PM - System Checkpoint
RP446: 2010-01-12 4:12:13 PM - System Checkpoint
RP447: 2010-01-13 4:52:15 PM - System Checkpoint
RP448: 2010-01-14 12:53:39 AM - Software Distribution Service 3.0
RP449: 2010-01-15 1:54:50 PM - System Checkpoint
RP450: 2010-01-16 2:19:37 PM - System Checkpoint
RP451: 2010-01-17 6:27:53 PM - System Checkpoint
RP452: 2010-01-18 7:23:10 PM - System Checkpoint
RP453: 2010-01-19 8:07:15 PM - System Checkpoint
RP454: 2010-01-20 8:21:37 PM - System Checkpoint
RP455: 2010-01-22 1:05:56 AM - Removed Google Earth.
RP456: 2010-01-22 1:11:17 AM - Installed Logitech QuickCam
RP457: 2010-01-23 1:48:11 AM - System Checkpoint
RP458: 2010-01-23 3:00:24 AM - Software Distribution Service 3.0
RP459: 2010-01-24 3:57:08 AM - System Checkpoint
RP460: 2010-01-25 9:21:22 PM - System Checkpoint
RP461: 2010-01-26 9:33:06 PM - System Checkpoint
RP462: 2010-01-27 10:25:42 PM - System Checkpoint
RP463: 2010-01-28 10:31:14 PM - System Checkpoint
RP464: 2010-01-29 11:17:22 PM - System Checkpoint
RP465: 2010-01-30 3:47:48 PM - Removed Logitech QuickCam
RP466: 2010-01-31 6:46:13 PM - System Checkpoint
RP467: 2010-02-02 12:53:15 AM - System Checkpoint
RP468: 2010-02-02 2:00:28 PM - Installed WebEx Meeting Manager for Firefox/Netscape/Chrome
RP469: 2010-02-02 2:00:53 PM - Printer Driver WebEx Document Loader Installed
RP470: 2010-02-03 4:21:06 PM - System Checkpoint
RP471: 2010-02-04 11:41:52 PM - System Checkpoint
RP472: 2010-02-05 11:59:53 PM - System Checkpoint
RP473: 2010-02-07 1:56:11 AM - System Checkpoint
RP474: 2010-02-08 3:35:56 PM - Installed VMware View Client
RP475: 2010-02-10 2:58:11 AM - System Checkpoint
RP476: 2010-02-11 1:48:53 AM - Software Distribution Service 3.0
RP477: 2010-02-12 3:17:50 PM - System Checkpoint
RP478: 2010-02-13 3:18:36 PM - System Checkpoint
RP479: 2010-02-15 12:52:13 PM - System Checkpoint
RP480: 2010-02-16 1:25:31 AM - Removed Printworks Scrapbook and Calendar Creator
RP481: 2010-02-17 3:30:46 PM - System Checkpoint
RP482: 2010-02-18 4:07:55 PM - System Checkpoint
RP483: 2010-02-19 9:19:15 PM - System Checkpoint
RP484: 2010-02-20 9:51:59 PM - System Checkpoint
RP485: 2010-02-22 9:28:45 PM - Restore Operation
RP486: 2010-02-27 2:07:26 PM - Restore Operation
RP487: 2010-03-01 11:22:57 PM - Software Distribution Service 3.0
RP488: 2010-03-01 11:26:05 PM - Removed VMware View Client
RP489: 2010-03-01 11:34:19 PM - Software Distribution Service 3.0
RP490: 2010-03-02 1:17:07 PM - Removed Adobe Reader 7.1.0
RP491: 2010-03-02 1:35:12 PM - Removed Java(TM) 6 Update 10
RP492: 2010-03-02 2:06:33 PM - Installed Java(TM) 6 Update 18
RP493: 2010-03-02 2:53:35 PM - Installed Adobe Reader 9.3.
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.3.1
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bluetooth Stack for Windows by Toshiba
Bonjour
Cakewalk VST Adapter 4.4.4.0
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DiscAPI
DivX Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DVD-RAM Driver
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Lexicon PSP 42 VST DX v1.0
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.8)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Native Instruments B4
Native Instruments Guitar Rig 2
Office 2003 Trial Assistant
Otto
PDF Settings
Pinnacle Instant DVD Recorder
Power Tab Editor 1.7
Printworks Scrapbook and Calendar Creator
PSP 84 v1.0
PSP Audioware MasterQ DX VST v1.0
PSP VintageWarmer v1.5d
QuickTime
RAPID
RealPlayer Basic
Realtek High Definition Audio Driver
SD Secure Module
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shockwave
SmartSound Quicktracks Plugin
SONAR 5 Producer Edition
SONAR 7 Producer Edition
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony Sound Forge 7.0
Starcraft
Synaptics Pointing Device Driver
TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
Viewpoint Media Player
VMware View Client
Waves SSL Collection v1.2
WD Diagnostics
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
==== Event Viewer Messages From Past Week ========
2010-03-02 2:38:46 PM, error: Dhcp [1002] - The IP address lease 149.125.184.252 for the Network Card with network address 001302882F2A has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
2010-03-02 12:53:34 AM, error: Disk [11] - The driver detected a controller error on \...\DR9.
2010-03-02 12:53:34 AM, error: Disk [11] - The driver detected a controller error on \...\DR10.
2010-03-02 1:44:06 PM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
2010-03-01 6:30:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
2010-03-01 12:53:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
2010-03-01 10:29:47 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
2010-03-01 10:26:13 PM, error: Service Control Manager [7000] - The VMware View Client Service service failed to start due to the following error: The system cannot find the path specified.
2010-03-01 10:11:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCLEPCI sptd
2010-03-01 10:06:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF PCLEPCI sptd
2010-02-27 3:08:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-27 1:59:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2010-02-25 6:34:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2010-02-24 12:01:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2010-02-23 2:18:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2010-02-23 11:38:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2010-02-23 11:27:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2010-02-23 11:27:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2010-02-23 11:14:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF sptd ssmdrv
2010-02-23 11:13:02 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302882F2A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2010-02-23 11:12:57 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2010-02-23 11:12:57 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2010-02-23 10:17:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
==== End Of File ===========================
DDS (Ver_09-09-29.01) - NTFSx86
Run by OWNER at 21:48:00.09 on 2010-03-02
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.906 [GMT -5:00]
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\OWNER\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\mqckc8tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\mqckc8tg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
R3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-7-4 163390]
S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S2 wsnm;VMware View Client Service;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-23 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-15 14336]
=============== Created Last 30 ================
2010-03-02 14:07 73,728 a------- c:\windows\system32\javacpl.cpl
2010-03-01 23:34 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-03-01 23:30 <DIR> --d----- c:\program files\Microsoft Security Essentials
2010-03-01 22:12 <DIR> a-dshr-- C:\cmdcons
2010-03-01 22:11 261,632 a------- c:\windows\PEV.exe
2010-03-01 22:11 161,792 a------- c:\windows\SWREG.exe
2010-03-01 22:11 98,816 a------- c:\windows\sed.exe
2010-03-01 22:11 77,312 a------- c:\windows\MBR.exe
2010-02-28 04:04 <DIR> --d----- C:\Temp
2010-02-23 02:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-23 01:31 19 a------- c:\windows\system32\drivers\hosts
2010-02-22 21:42 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-02-02 14:01 <DIR> --d----- c:\docume~1\owner\applic~1\webex
2010-02-02 01:56 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
2010-02-02 01:56 106,496 a----r-- c:\windows\system32\lvcoinst.dll
2010-02-02 01:56 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-02 01:56 9,255 a----r-- c:\windows\system32\lvcoinst.ini
2010-02-02 01:56 204,800 a----r-- c:\windows\system32\LVUI2.dll
2010-02-02 01:56 204,800 a----r-- c:\windows\system32\lvcodec2.dll
2010-02-02 01:56 211,712 a----r-- c:\windows\system32\drivers\LV561AV.SYS
==================== Find3M ====================
2010-03-02 14:06 411,368 a------- c:\windows\system32\deploytk.dll
2010-02-23 10:36 643,072 a------- c:\windows\system32\drivers\sptd.sys
2010-02-23 10:36 96,384 a------- c:\windows\system32\drivers\sptd2301.sys
2010-01-16 00:34 67,284 a---h--- c:\windows\system32\mlfcache.dat
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-22 00:21 667,136 -------- c:\windows\system32\wininet.dll
2009-12-22 00:20 81,920 a------- c:\windows\system32\ieencode.dll
2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-08 14:26 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-12-08 13:43 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2008-10-03 15:10 158 a------- c:\docume~1\owner\applic~1\wklnhst.dat
============= FINISH: 21:48:55.57 ===============
Hi,
Delete these files if found:
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\20\1e15ef94-574a8500
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\17a0bb7d-2fa21eb7
Also, uninstall Macromedia Flash Player 8 (if it exists).
I asked earlier if you use Adobe Acrobat for other duties than to convert documents to pdf files. If you do then you should update it to non vulnerable version.
How's the system running?
chinny224
2010-03-03, 17:56
Hi,
I deleted the first file, but I can't find a folder "c:\documents and settings\network services" so i can't delete the second file. I don't use adobe acrobat for anything more than pdf conversion. Whenever I try to uninstall Macromedia 8 (add & remove programs) it says, "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package "install_flash_player_active_x.msi" in the box below". After I just press Ok, it says that the path cannot be found, then macromedia 8 disappears from the add & remove programs list, but comes back whenever I restart my computer. Not sure how to get around that. But other than that, the system is running great!
-Chinny224
Hi,
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
See if you're able to see the folder now.
Since you use Adobe Acrobat for conversion only then I recommend to replace it with a free alternative. You'll find a list of alternatives here (http://pdfwriters.org/).
Please try RevoUninstaller (http://www.revouninstaller.com/) to take care of Macromedia Flash Player 8.
chinny224
2010-03-04, 01:41
Using Revo, I finally uninstalled Macromedia 8, and I did find the other file and it was deleted. Everything is still working well.
-Chinny224
Good. Sounds like we're ready for the final steps :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
We need to re hide system files. To do so, please follow the steps below:
Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab.
Put a check by
Hide file extensions for known file types.
Under the
Hidden files
folder, select
Show hidden files and folders.
Check
Hide protected operating system files.
Click Apply, and then click OK.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
chinny224
2010-03-09, 08:50
Hey,
I think I've updated everything that I could and the Revo Uninstaller got rid of the file that kept showing up for Macromedia 8. I installed Microsoft Security Essentials for my antivirus. Everything is working smoothly and I haven't run into any problems yet. Thanks again for the help and let me know if there's anything else you might recommend.
-Chinny224
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.