Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Computer keeps restarting, SPTD won't load

  1. #1
    Member
    Join Date
    Oct 2008
    Location
    NY
    Posts
    32

    Default Computer keeps restarting, SPTD won't load

    Hi,

    My computer recently contracted some type of malware so that it will turn on (Displays "In Touch With Toshiba" screen) and then starts loading Windows XP. At this point, the computer will stop, flash a blue screen for a split second, and then restart the process. I can load safe mode, but not normal windows. When I google search anything I can redirect to random sites (which is how I determined it was malware). It's definitely not a RAM issue because I replaced the RAM and nothing changed. Whenever I load in safe mode, it displays a series of drivers, the last one being an MUP.sys and then it says to hit escape while it tries to load a SPTD.sys. If I hit esc, it will go to safe mode. If not, it will just reload again. I've run malwarebytes a bunch of times and it came up with several trojans at first, but now when i run it, it doesn't detect anything. I have AVIRA and Avast, but neither will run due to the malware. Please let me know what I can do to fix this problem. Thank you.

    -chinny224

  2. #2
    Member
    Join Date
    Oct 2008
    Location
    NY
    Posts
    32

    Default

    I forgot to include the hijackthis log, so here it is. Hope this helps.

    -chinny224

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:47, on 2010-02-25
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB176] command /c del "C:\WINDOWS\system32\TDSSxexf.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6334] cmd /c del "C:\WINDOWS\system32\TDSSxexf.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5874] command /c del "C:\WINDOWS\privacy_danger\images\body.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2599] cmd /c del "C:\WINDOWS\privacy_danger\images\body.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8493] command /c del "C:\WINDOWS\privacy_danger\images\capt.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8237] cmd /c del "C:\WINDOWS\privacy_danger\images\capt.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5687] command /c del "C:\WINDOWS\privacy_danger\images\capt2.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6234] cmd /c del "C:\WINDOWS\privacy_danger\images\capt2.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8698] command /c del "C:\WINDOWS\privacy_danger\images\red.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5253] cmd /c del "C:\WINDOWS\privacy_danger\images\red.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6194] command /c del "C:\WINDOWS\privacy_danger\images\text.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4465] cmd /c del "C:\WINDOWS\privacy_danger\images\text.gif"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2045] command /c del "C:\WINDOWS\privacy_danger\index.htm"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD254] cmd /c del "C:\WINDOWS\privacy_danger\index.htm"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232659341937
    O16 - DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} (VMware_VDM_Client Class) - https://bingvdi.binghamton.edu/downl...viewclient.cab
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VMware View Client Service (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

    --
    End of file - 10820 bytes

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.



    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab and then scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #4
    Member
    Join Date
    Oct 2008
    Location
    NY
    Posts
    32

    Default

    Thank you for the response,

    I followed your instructions, but while running GMER, it showed that it was scanning a bunch of device drivers, the last being a SSDT type, with a value ZwTerminateprocess [0xBA818080], and then it froze. The Show All box was not checked. It said that it was scanning sections C:\WINDOWS\system32\drivers\atapi.sys but it won't finish the scan (I've been letting it sit there for about an hour). I've attached the DDS.txt and Attach.txt from the first log. I will try to run GMER again but it seems like it's not going to be going through. I will wait for further instructions. Again, thank you for helping.


    DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
    Run by Administrator at 13:10:32.20 on 2010-03-01
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1156 [GMT -5:00]

    AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [NeroHomeFirstStart] c:\program files\common files\ahead\lib\NMFirstStart.exe
    uRunOnce: [SpybotDeletingB176] command /c del "c:\windows\system32\TDSSxexf.dll"
    uRunOnce: [SpybotDeletingD6334] cmd /c del "c:\windows\system32\TDSSxexf.dll"
    uRunOnce: [SpybotDeletingB5874] command /c del "c:\windows\privacy_danger\images\body.gif"
    uRunOnce: [SpybotDeletingD2599] cmd /c del "c:\windows\privacy_danger\images\body.gif"
    uRunOnce: [SpybotDeletingB8493] command /c del "c:\windows\privacy_danger\images\capt.gif"
    uRunOnce: [SpybotDeletingD8237] cmd /c del "c:\windows\privacy_danger\images\capt.gif"
    uRunOnce: [SpybotDeletingB5687] command /c del "c:\windows\privacy_danger\images\capt2.gif"
    uRunOnce: [SpybotDeletingD6234] cmd /c del "c:\windows\privacy_danger\images\capt2.gif"
    uRunOnce: [SpybotDeletingB8698] command /c del "c:\windows\privacy_danger\images\red.gif"
    uRunOnce: [SpybotDeletingD5253] cmd /c del "c:\windows\privacy_danger\images\red.gif"
    uRunOnce: [SpybotDeletingB6194] command /c del "c:\windows\privacy_danger\images\text.gif"
    uRunOnce: [SpybotDeletingD4465] cmd /c del "c:\windows\privacy_danger\images\text.gif"
    uRunOnce: [SpybotDeletingB2045] command /c del "c:\windows\privacy_danger\index.htm"
    uRunOnce: [SpybotDeletingD254] cmd /c del "c:\windows\privacy_danger\index.htm"
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ucmnytza.default\
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-6 353672]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-23 162512]
    S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-12 11608]
    S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-3-25 148496]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-12 108289]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-12 185089]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-23 19024]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-12 56816]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
    S2 wsnm;VMware View Client Service;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-23 1684736]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-23 40384]
    S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-15 14336]
    S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-7-4 163390]

    =============== Created Last 30 ================

    2010-02-28 04:04 <DIR> --d----- C:\Temp
    2010-02-23 02:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-02-23 01:31 19 a------- c:\windows\system32\drivers\hosts
    2010-02-22 21:42 <DIR> --d----- c:\windows\system32\wbem\Repository
    2010-02-15 21:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-02-02 01:56 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
    2010-02-02 01:56 106,496 a----r-- c:\windows\system32\lvcoinst.dll
    2010-02-02 01:56 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
    2010-02-02 01:56 9,255 a----r-- c:\windows\system32\lvcoinst.ini
    2010-02-02 01:56 204,800 a----r-- c:\windows\system32\LVUI2.dll
    2010-02-02 01:56 204,800 a----r-- c:\windows\system32\lvcodec2.dll
    2010-02-02 01:56 211,712 a----r-- c:\windows\system32\drivers\LV561AV.SYS

    ==================== Find3M ====================

    2010-02-23 10:36 643,072 a------- c:\windows\system32\drivers\sptd.sys
    2010-02-23 10:36 96,384 a------- c:\windows\system32\drivers\sptd2301.sys
    2010-02-21 05:12 6,227,252 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2010-02-21 05:12 464,887,840 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2010-01-16 00:34 67,284 a---h--- c:\windows\system32\mlfcache.dat
    2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
    2009-12-22 00:21 667,136 a------- c:\windows\system32\wininet.dll
    2009-12-22 00:20 81,920 a------- c:\windows\system32\ieencode.dll
    2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
    2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
    2009-12-08 14:26 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
    2009-12-08 13:43 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe

    ============= FINISH: 13:12:48.93 ===============






    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-09-29.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2006-07-03 14:30:30
    System Uptime: 2010-03-01 13:03:39 (0 hours ago)

    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1729/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 28.152 GiB free.
    D: is CDROM ()
    E: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP415: 2009-12-09 14:33:24 - System Checkpoint
    RP416: 2009-12-09 15:23:30 - Software Distribution Service 3.0
    RP417: 2009-12-10 01:50:17 - Software Distribution Service 3.0
    RP418: 2009-12-11 11:20:11 - System Checkpoint
    RP419: 2009-12-12 12:40:16 - System Checkpoint
    RP420: 2009-12-13 13:30:03 - System Checkpoint
    RP421: 2009-12-14 13:47:59 - System Checkpoint
    RP422: 2009-12-15 14:34:51 - System Checkpoint
    RP423: 2009-12-16 19:10:14 - System Checkpoint
    RP424: 2009-12-17 19:53:45 - System Checkpoint
    RP425: 2009-12-18 20:24:29 - System Checkpoint
    RP426: 2009-12-19 21:03:38 - System Checkpoint
    RP427: 2009-12-21 16:43:16 - System Checkpoint
    RP428: 2009-12-22 17:14:29 - System Checkpoint
    RP429: 2009-12-23 17:14:48 - System Checkpoint
    RP430: 2009-12-24 19:17:10 - System Checkpoint
    RP431: 2009-12-25 20:07:23 - System Checkpoint
    RP432: 2009-12-27 10:58:46 - System Checkpoint
    RP433: 2009-12-28 13:25:46 - System Checkpoint
    RP434: 2009-12-29 14:23:32 - System Checkpoint
    RP435: 2009-12-31 11:42:10 - System Checkpoint
    RP436: 2010-01-01 12:21:48 - System Checkpoint
    RP437: 2010-01-02 12:31:20 - System Checkpoint
    RP438: 2010-01-03 18:07:20 - System Checkpoint
    RP439: 2010-01-04 19:06:31 - System Checkpoint
    RP440: 2010-01-05 20:59:24 - System Checkpoint
    RP441: 2010-01-06 21:56:49 - System Checkpoint
    RP442: 2010-01-07 22:35:26 - System Checkpoint
    RP443: 2010-01-08 23:05:16 - System Checkpoint
    RP444: 2010-01-10 12:38:22 - System Checkpoint
    RP445: 2010-01-11 15:51:59 - System Checkpoint
    RP446: 2010-01-12 16:12:13 - System Checkpoint
    RP447: 2010-01-13 16:52:15 - System Checkpoint
    RP448: 2010-01-14 00:53:39 - Software Distribution Service 3.0
    RP449: 2010-01-15 13:54:50 - System Checkpoint
    RP450: 2010-01-16 14:19:37 - System Checkpoint
    RP451: 2010-01-17 18:27:53 - System Checkpoint
    RP452: 2010-01-18 19:23:10 - System Checkpoint
    RP453: 2010-01-19 20:07:15 - System Checkpoint
    RP454: 2010-01-20 20:21:37 - System Checkpoint
    RP455: 2010-01-22 01:05:56 - Removed Google Earth.
    RP456: 2010-01-22 01:11:17 - Installed Logitech QuickCam
    RP457: 2010-01-23 01:48:11 - System Checkpoint
    RP458: 2010-01-23 03:00:24 - Software Distribution Service 3.0
    RP459: 2010-01-24 03:57:08 - System Checkpoint
    RP460: 2010-01-25 21:21:22 - System Checkpoint
    RP461: 2010-01-26 21:33:06 - System Checkpoint
    RP462: 2010-01-27 22:25:42 - System Checkpoint
    RP463: 2010-01-28 22:31:14 - System Checkpoint
    RP464: 2010-01-29 23:17:22 - System Checkpoint
    RP465: 2010-01-30 15:47:48 - Removed Logitech QuickCam
    RP466: 2010-01-31 18:46:13 - System Checkpoint
    RP467: 2010-02-02 00:53:15 - System Checkpoint
    RP468: 2010-02-02 14:00:28 - Installed WebEx Meeting Manager for Firefox/Netscape/Chrome
    RP469: 2010-02-02 14:00:53 - Printer Driver WebEx Document Loader Installed
    RP470: 2010-02-03 16:21:06 - System Checkpoint
    RP471: 2010-02-04 23:41:52 - System Checkpoint
    RP472: 2010-02-05 23:59:53 - System Checkpoint
    RP473: 2010-02-07 01:56:11 - System Checkpoint
    RP474: 2010-02-08 15:35:56 - Installed VMware View Client
    RP475: 2010-02-10 02:58:11 - System Checkpoint
    RP476: 2010-02-11 01:48:53 - Software Distribution Service 3.0
    RP477: 2010-02-12 15:17:50 - System Checkpoint
    RP478: 2010-02-13 15:18:36 - System Checkpoint
    RP479: 2010-02-15 12:52:13 - System Checkpoint
    RP480: 2010-02-16 01:25:31 - Removed Printworks Scrapbook and Calendar Creator
    RP481: 2010-02-17 15:30:46 - System Checkpoint
    RP482: 2010-02-18 16:07:55 - System Checkpoint
    RP483: 2010-02-19 21:19:15 - System Checkpoint
    RP484: 2010-02-20 21:51:59 - System Checkpoint
    RP485: 2010-02-22 21:28:45 - Restore Operation
    RP486: 2010-02-27 14:07:26 - Restore Operation

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.3 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Manager
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 7.1.0
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    avast! Free Antivirus
    Avira AntiVir Personal - Free Antivirus
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Cakewalk VST Adapter 4.4.4.0
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    Combined Community Codec Pack 2007-07-22
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DiscAPI
    DivX Player
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    DVD-RAM Driver
    Google Toolbar for Internet Explorer
    Guitar Pro 5.2
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    Java(TM) 6 Update 10
    Lexicon PSP 42 VST DX v1.0
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.5.8)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    Native Instruments B4
    Native Instruments Guitar Rig 2
    Office 2003 Trial Assistant
    Otto
    PDF Settings
    Pinnacle Instant DVD Recorder
    Power Tab Editor 1.7
    Printworks Scrapbook and Calendar Creator
    PSP 84 v1.0
    PSP Audioware MasterQ DX VST v1.0
    PSP VintageWarmer v1.5d
    QuickTime
    RAPID
    RealPlayer Basic
    Realtek High Definition Audio Driver
    SD Secure Module
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Shockwave
    SmartSound Quicktracks Plugin
    SONAR 5 Producer Edition
    SONAR 7 Producer Edition
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Sony Sound Forge 7.0
    Starcraft
    Synaptics Pointing Device Driver
    TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    Toshiba Registration
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC 9.0 Runtime
    Viewpoint Media Player
    VMware View Client
    Waves SSL Collection v1.2
    WD Diagnostics
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    2010-03-01 00:53:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
    2010-02-27 15:08:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-25 18:34:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2010-02-23 23:13:02, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302882F2A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    2010-02-23 14:15:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF sptd ssmdrv
    2010-02-23 10:17:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-23 02:18:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2010-02-22 23:14:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2010-02-22 23:13:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF sptd ssmdrv
    2010-02-22 23:12:21, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2010-02-22 23:12:21, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    2010-02-22 22:26:40, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    2010-02-22 22:14:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2010-02-22 22:10:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2010-02-22 22:06:11, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 22:06:11, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 21:51:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2010-02-22 21:49:59, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    ==== End Of File ===========================

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    There seem to be multiple antivirus installed there. You should decide which one of those to keep.

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Member
    Join Date
    Oct 2008
    Location
    NY
    Posts
    32

    Default

    Hi,

    After running ComboFix everything seems to be working great (I'm posting this after booting windows in normal mode!) Thanks a ton! The only thing that I couldn't figure out, even after reading the link you sent me, was how to just disable the antivirus software I had (avira and zone alarm) so I just uninstalled them completely. Obviously I will install new a new antivirus, but which would you recommend? Btw, here are the ComboFix log, DDS log, and Attach log. Hopefully everything looks clean now. Again, thank you so much for the help.

    -chinny224

    ComboFix 10-03-01.01 - OWNER 2010-03-01 22:29:51.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1117 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\OWNER\Application Data\Desktopicon
    c:\windows\system32\Thumbs.db
    c:\windows\system32\twain_32.dll

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
    .

    2010-03-02 02:57 . 2010-03-02 02:57 35328 ---ha-w- c:\windows\system32\calcetup.dll
    2010-03-02 02:24 . 2010-03-02 02:24 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-02-28 09:04 . 2010-02-28 09:04 -------- d-----w- C:\Temp
    2010-02-27 20:09 . 2010-02-27 20:10 -------- d-----w- C:\rsit
    2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
    2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
    2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
    2010-02-23 07:18 . 2010-03-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-02-23 07:18 . 2010-02-23 07:18 -------- d-----w- c:\program files\Alwil Software
    2010-02-23 06:12 . 2010-02-23 06:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-02-23 02:42 . 2010-02-23 02:42 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-02-16 02:05 . 2010-02-16 02:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-02-16 01:20 . 2010-02-16 06:08 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\jaeuev
    2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
    2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\VMware
    2010-02-02 19:01 . 2010-02-02 19:02 -------- d-----w- c:\documents and settings\OWNER\Application Data\webex
    2010-02-02 06:56 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
    2010-02-02 06:56 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
    2010-02-02 06:56 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll
    2010-02-02 06:56 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll
    2010-02-02 06:56 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll
    2010-02-02 06:56 . 2005-01-31 10:20 211712 ----a-r- c:\windows\system32\drivers\LV561AV.SYS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-02 02:56 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-28 02:27 . 2008-11-29 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-02-27 19:08 . 2006-08-23 22:58 -------- d-----w- c:\program files\DivX
    2010-02-27 19:04 . 2006-07-15 18:26 -------- d-----w- c:\program files\Pinnacle
    2010-02-27 19:03 . 2009-08-11 21:37 -------- d-----w- c:\program files\PeerGuardian2
    2010-02-27 19:00 . 2006-02-16 09:34 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-23 15:36 . 2006-08-18 15:53 643072 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-02-23 15:36 . 2006-08-18 15:53 96384 ----a-w- c:\windows\system32\drivers\sptd2301.sys
    2010-02-23 06:31 . 2010-02-23 06:31 19 ----a-w- c:\windows\system32\drivers\hosts
    2010-02-18 00:18 . 2007-08-02 00:13 -------- d-----w- c:\documents and settings\OWNER\Application Data\uTorrent
    2010-02-16 01:41 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
    2010-02-14 15:40 . 2009-02-15 04:10 27280918 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-02-11 06:51 . 2009-09-16 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-02-10 01:58 . 2010-02-10 01:58 126543 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_09_17_46_37_small.dmp.zip
    2010-01-30 20:58 . 2010-01-22 05:20 -------- d-----w- c:\program files\Common Files\Logitech
    2010-01-26 00:31 . 2008-10-29 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-26 00:31 . 2008-12-09 18:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-23 08:00 . 2010-01-23 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-01-22 06:11 . 2010-01-22 06:11 -------- d-----w- c:\program files\Logitech
    2010-01-22 06:11 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-16 05:34 . 2008-10-26 19:37 67284 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-07 21:07 . 2008-10-29 08:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07 . 2008-10-29 08:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-28 17:52 . 2009-12-28 17:52 99548 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_27_20_53_22_small.dmp.zip
    2009-12-22 05:21 . 2006-02-15 14:04 667136 ----a-w- c:\windows\system32\wininet.dll
    2009-12-22 05:20 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-12-17 17:26 . 2009-12-17 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2006-02-15 14:03 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 06:16 . 2009-04-12 20:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-04 18:22 . 2006-02-15 14:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-12-08 22:42 . 2009-12-08 22:42 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
    "TFncKy"="TFncKy.exe" [BU]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"=rddv1046.dll
    "midi1"=rddv1046.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
    backup=c:\windows\pss\RAMASST.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-12-06 16:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2005-10-15 14:29 88203 ----a-w- c:\windows\agrsmmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2005-10-06 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2004-03-11 05:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-12 23:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
    2005-03-11 23:03 73728 ----a-w- c:\windows\system32\TDispVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
    2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\OWNER\\Desktop\\Downloads\\utorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AIM7\\aim.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-06-15 24652]
    S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
    S2 wsnm;VMware View Client Service;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-23 6:35 PM 1684736]
    S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-07-04 3:08 PM 163390]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-08-18 643072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    Trusted Zone: microsoft.com \*.windowsupdate
    Trusted Zone: windowsupdate.com
    DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
    FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
    FF - plugin: c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-NDSTray - NDSTray.exe
    MSConfigStartUp-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
    ActiveSetup-{F345481E-B281-BD4B-B7DF-52BFF089E176} - c:\windows\system32\msupdater.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-01 22:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3038724264-3626714780-2335072967-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E234A574-72B9-6CB7-5E93-0F5657FE9B08}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iabnbdekpnomgkelgh"=hex:6a,61,62,6d,6c,65,70,65,6d,64,6f,6c,62,6c,61,66,66,6e,
    64,61,00,00
    "hadnnkcjfhidfnmc"=hex:6a,61,6f,6c,6b,6d,6f,70,6e,65,63,64,65,62,67,69,6b,69,
    61,6f,00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(988)
    c:\windows\system32\rddv1046.dll

    - - - - - - - > 'explorer.exe'(732)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\dllhost.exe
    c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    c:\program files\Synaptics\SynTP\Toshiba.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\eHome\ehmsas.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-03-01 22:51:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-03-02 03:51

    Pre-Run: 30,981,857,280 bytes free
    Post-Run: 30,945,841,152 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 95A329200B5684941AE3D5F2AD702B46




    DDS (Ver_09-09-29.01) - NTFSx86
    Run by OWNER at 23:00:05.84 on 2010-03-01
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.993 [GMT -5:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\OWNER\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: microsoft.com \*.windowsupdate
    Trusted Zone: windowsupdate.com
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\mqckc8tg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\mqckc8tg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
    S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
    S2 wsnm;VMware View Client Service;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-23 1684736]
    S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-15 14336]
    S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-7-4 163390]

    =============== Created Last 30 ================

    2010-03-01 22:12 <DIR> a-dshr-- C:\cmdcons
    2010-03-01 22:11 261,632 a------- c:\windows\PEV.exe
    2010-03-01 22:11 161,792 a------- c:\windows\SWREG.exe
    2010-03-01 22:11 98,816 a------- c:\windows\sed.exe
    2010-03-01 22:11 77,312 a------- c:\windows\MBR.exe
    2010-03-01 21:57 35,328 a---h--- c:\windows\system32\calcetup.dll
    2010-02-28 04:04 <DIR> --d----- C:\Temp
    2010-02-23 02:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-02-23 01:31 19 a------- c:\windows\system32\drivers\hosts
    2010-02-22 21:42 <DIR> --d----- c:\windows\system32\wbem\Repository
    2010-02-02 14:01 <DIR> --d----- c:\docume~1\owner\applic~1\webex
    2010-02-02 01:56 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
    2010-02-02 01:56 106,496 a----r-- c:\windows\system32\lvcoinst.dll
    2010-02-02 01:56 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
    2010-02-02 01:56 9,255 a----r-- c:\windows\system32\lvcoinst.ini
    2010-02-02 01:56 204,800 a----r-- c:\windows\system32\LVUI2.dll
    2010-02-02 01:56 204,800 a----r-- c:\windows\system32\lvcodec2.dll
    2010-02-02 01:56 211,712 a----r-- c:\windows\system32\drivers\LV561AV.SYS

    ==================== Find3M ====================

    2010-02-23 10:36 643,072 a------- c:\windows\system32\drivers\sptd.sys
    2010-02-23 10:36 96,384 a------- c:\windows\system32\drivers\sptd2301.sys
    2010-01-16 00:34 67,284 a---h--- c:\windows\system32\mlfcache.dat
    2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
    2009-12-22 00:21 667,136 -------- c:\windows\system32\wininet.dll
    2009-12-22 00:20 81,920 a------- c:\windows\system32\ieencode.dll
    2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
    2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
    2009-12-08 14:26 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
    2009-12-08 13:43 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
    2008-10-03 15:10 158 a------- c:\docume~1\owner\applic~1\wklnhst.dat

    ============= FINISH: 23:00:24.48 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-09-29.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2006-07-03 2:30:30 PM
    System Uptime: 2010-03-01 10:39:22 PM (1 hours ago)

    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1728/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 28.843 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP415: 2009-12-09 2:33:24 PM - System Checkpoint
    RP416: 2009-12-09 3:23:30 PM - Software Distribution Service 3.0
    RP417: 2009-12-10 1:50:17 AM - Software Distribution Service 3.0
    RP418: 2009-12-11 11:20:11 AM - System Checkpoint
    RP419: 2009-12-12 12:40:16 PM - System Checkpoint
    RP420: 2009-12-13 1:30:03 PM - System Checkpoint
    RP421: 2009-12-14 1:47:59 PM - System Checkpoint
    RP422: 2009-12-15 2:34:51 PM - System Checkpoint
    RP423: 2009-12-16 7:10:14 PM - System Checkpoint
    RP424: 2009-12-17 7:53:45 PM - System Checkpoint
    RP425: 2009-12-18 8:24:29 PM - System Checkpoint
    RP426: 2009-12-19 9:03:38 PM - System Checkpoint
    RP427: 2009-12-21 4:43:16 PM - System Checkpoint
    RP428: 2009-12-22 5:14:29 PM - System Checkpoint
    RP429: 2009-12-23 5:14:48 PM - System Checkpoint
    RP430: 2009-12-24 7:17:10 PM - System Checkpoint
    RP431: 2009-12-25 8:07:23 PM - System Checkpoint
    RP432: 2009-12-27 10:58:46 AM - System Checkpoint
    RP433: 2009-12-28 1:25:46 PM - System Checkpoint
    RP434: 2009-12-29 2:23:32 PM - System Checkpoint
    RP435: 2009-12-31 11:42:10 AM - System Checkpoint
    RP436: 2010-01-01 12:21:48 PM - System Checkpoint
    RP437: 2010-01-02 12:31:20 PM - System Checkpoint
    RP438: 2010-01-03 6:07:20 PM - System Checkpoint
    RP439: 2010-01-04 7:06:31 PM - System Checkpoint
    RP440: 2010-01-05 8:59:24 PM - System Checkpoint
    RP441: 2010-01-06 9:56:49 PM - System Checkpoint
    RP442: 2010-01-07 10:35:26 PM - System Checkpoint
    RP443: 2010-01-08 11:05:16 PM - System Checkpoint
    RP444: 2010-01-10 12:38:22 PM - System Checkpoint
    RP445: 2010-01-11 3:51:59 PM - System Checkpoint
    RP446: 2010-01-12 4:12:13 PM - System Checkpoint
    RP447: 2010-01-13 4:52:15 PM - System Checkpoint
    RP448: 2010-01-14 12:53:39 AM - Software Distribution Service 3.0
    RP449: 2010-01-15 1:54:50 PM - System Checkpoint
    RP450: 2010-01-16 2:19:37 PM - System Checkpoint
    RP451: 2010-01-17 6:27:53 PM - System Checkpoint
    RP452: 2010-01-18 7:23:10 PM - System Checkpoint
    RP453: 2010-01-19 8:07:15 PM - System Checkpoint
    RP454: 2010-01-20 8:21:37 PM - System Checkpoint
    RP455: 2010-01-22 1:05:56 AM - Removed Google Earth.
    RP456: 2010-01-22 1:11:17 AM - Installed Logitech QuickCam
    RP457: 2010-01-23 1:48:11 AM - System Checkpoint
    RP458: 2010-01-23 3:00:24 AM - Software Distribution Service 3.0
    RP459: 2010-01-24 3:57:08 AM - System Checkpoint
    RP460: 2010-01-25 9:21:22 PM - System Checkpoint
    RP461: 2010-01-26 9:33:06 PM - System Checkpoint
    RP462: 2010-01-27 10:25:42 PM - System Checkpoint
    RP463: 2010-01-28 10:31:14 PM - System Checkpoint
    RP464: 2010-01-29 11:17:22 PM - System Checkpoint
    RP465: 2010-01-30 3:47:48 PM - Removed Logitech QuickCam
    RP466: 2010-01-31 6:46:13 PM - System Checkpoint
    RP467: 2010-02-02 12:53:15 AM - System Checkpoint
    RP468: 2010-02-02 2:00:28 PM - Installed WebEx Meeting Manager for Firefox/Netscape/Chrome
    RP469: 2010-02-02 2:00:53 PM - Printer Driver WebEx Document Loader Installed
    RP470: 2010-02-03 4:21:06 PM - System Checkpoint
    RP471: 2010-02-04 11:41:52 PM - System Checkpoint
    RP472: 2010-02-05 11:59:53 PM - System Checkpoint
    RP473: 2010-02-07 1:56:11 AM - System Checkpoint
    RP474: 2010-02-08 3:35:56 PM - Installed VMware View Client
    RP475: 2010-02-10 2:58:11 AM - System Checkpoint
    RP476: 2010-02-11 1:48:53 AM - Software Distribution Service 3.0
    RP477: 2010-02-12 3:17:50 PM - System Checkpoint
    RP478: 2010-02-13 3:18:36 PM - System Checkpoint
    RP479: 2010-02-15 12:52:13 PM - System Checkpoint
    RP480: 2010-02-16 1:25:31 AM - Removed Printworks Scrapbook and Calendar Creator
    RP481: 2010-02-17 3:30:46 PM - System Checkpoint
    RP482: 2010-02-18 4:07:55 PM - System Checkpoint
    RP483: 2010-02-19 9:19:15 PM - System Checkpoint
    RP484: 2010-02-20 9:51:59 PM - System Checkpoint
    RP485: 2010-02-22 9:28:45 PM - Restore Operation
    RP486: 2010-02-27 2:07:26 PM - Restore Operation

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.3 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Manager
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 7.1.0
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Cakewalk VST Adapter 4.4.4.0
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    Combined Community Codec Pack 2007-07-22
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DiscAPI
    DivX Player
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    DVD-RAM Driver
    Google Toolbar for Internet Explorer
    Guitar Pro 5.2
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    Java(TM) 6 Update 10
    Lexicon PSP 42 VST DX v1.0
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.5.8)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    Native Instruments B4
    Native Instruments Guitar Rig 2
    Office 2003 Trial Assistant
    Otto
    PDF Settings
    Pinnacle Instant DVD Recorder
    Power Tab Editor 1.7
    Printworks Scrapbook and Calendar Creator
    PSP 84 v1.0
    PSP Audioware MasterQ DX VST v1.0
    PSP VintageWarmer v1.5d
    QuickTime
    RAPID
    RealPlayer Basic
    Realtek High Definition Audio Driver
    SD Secure Module
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Shockwave
    SmartSound Quicktracks Plugin
    SONAR 5 Producer Edition
    SONAR 7 Producer Edition
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Sony Sound Forge 7.0
    Starcraft
    Synaptics Pointing Device Driver
    TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    Toshiba Registration
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC 9.0 Runtime
    Viewpoint Media Player
    VMware View Client
    Waves SSL Collection v1.2
    WD Diagnostics
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    2010-03-01 6:30:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
    2010-03-01 12:53:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
    2010-03-01 10:29:47 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
    2010-03-01 10:26:13 PM, error: Service Control Manager [7000] - The VMware View Client Service service failed to start due to the following error: The system cannot find the path specified.
    2010-03-01 10:11:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCLEPCI sptd
    2010-03-01 10:06:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF PCLEPCI sptd
    2010-02-27 3:08:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-25 6:34:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2010-02-25 12:30:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF sptd ssmdrv
    2010-02-25 12:29:19 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2010-02-25 12:29:19 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    2010-02-25 1:04:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2010-02-25 1:02:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    2010-02-24 1:49:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2010-02-23 2:18:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2010-02-23 11:27:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2010-02-23 11:13:02 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302882F2A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-22 9:51:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2010-02-22 11:13:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF sptd ssmdrv
    2010-02-22 10:26:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    2010-02-22 10:06:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant

    ==== End Of File ===========================

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good to hear that we're making progress. There's some work left though . We'll see antivirus thing after cleaning process is finished.


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Folder::
    c:\documents and settings\OWNER\Local Settings\Application Data\jaeuev
    c:\documents and settings\OWNER\Application Data\uTorrent
    DDS::
    TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
    Regnull::
    [HKEY_USERS\S-1-5-21-3038724264-3626714780-2335072967-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E234A574-72B9-6CB7-5E93-0F5657FE9B08}*]

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall your current Shockwave player and get the fresh one here if needed.

    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

    Uninstall Macromedia Flash Player 8.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



    Do you use Adobe Acrobat for other duties than to convert documents to pdf files?


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Member
    Join Date
    Oct 2008
    Location
    NY
    Posts
    32

    Default

    Ok, so I think everything is updated now. Here are all of the new logs.

    ComboFix 10-03-01.04 - OWNER 2010-03-02 13:44:26.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.951 [GMT -5:00]
    Running from: c:\documents and settings\OWNER\Desktop\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\OWNER\Application Data\uTorrent
    c:\documents and settings\OWNER\Application Data\uTorrent\dht.dat
    c:\documents and settings\OWNER\Application Data\uTorrent\dht.dat.old
    c:\documents and settings\OWNER\Application Data\uTorrent\resume.dat
    c:\documents and settings\OWNER\Application Data\uTorrent\resume.dat.old
    c:\documents and settings\OWNER\Application Data\uTorrent\rss.dat
    c:\documents and settings\OWNER\Application Data\uTorrent\rss.dat.old
    c:\documents and settings\OWNER\Application Data\uTorrent\settings.dat
    c:\documents and settings\OWNER\Application Data\uTorrent\settings.dat.old
    c:\documents and settings\OWNER\Application Data\uTorrent\utorrent.lng
    c:\documents and settings\OWNER\Local Settings\Application Data\jaeuev

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
    .

    2010-03-02 04:34 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-03-02 04:30 . 2010-03-02 04:30 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-03-02 04:29 . 2010-03-02 04:29 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
    2010-03-02 04:29 . 2010-03-02 04:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-03-02 04:24 . 2010-03-02 04:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-03-02 02:24 . 2010-03-02 02:24 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-02-28 09:04 . 2010-02-28 09:04 -------- d-----w- C:\Temp
    2010-02-27 20:09 . 2010-02-27 20:10 -------- d-----w- C:\rsit
    2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
    2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
    2010-02-24 04:36 . 2010-02-24 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
    2010-02-23 07:18 . 2010-03-01 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-02-23 07:18 . 2010-02-23 07:18 -------- d-----w- c:\program files\Alwil Software
    2010-02-23 06:12 . 2010-02-23 06:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-02-23 02:42 . 2010-02-23 02:42 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-02-16 02:05 . 2010-02-16 02:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
    2010-02-08 20:36 . 2010-02-08 20:36 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\VMware
    2010-02-02 19:01 . 2010-02-02 19:02 -------- d-----w- c:\documents and settings\OWNER\Application Data\webex
    2010-02-02 06:56 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
    2010-02-02 06:56 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
    2010-02-02 06:56 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll
    2010-02-02 06:56 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll
    2010-02-02 06:56 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll
    2010-02-02 06:56 . 2005-01-31 10:20 211712 ----a-r- c:\windows\system32\drivers\LV561AV.SYS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-02 04:26 . 2009-07-31 01:14 -------- d-----w- c:\program files\Unity
    2010-03-02 04:24 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
    2010-03-02 04:21 . 2006-02-16 16:59 80728 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-02 02:56 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-28 02:27 . 2008-11-29 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-02-27 19:08 . 2006-08-23 22:58 -------- d-----w- c:\program files\DivX
    2010-02-27 19:04 . 2006-07-15 18:26 -------- d-----w- c:\program files\Pinnacle
    2010-02-27 19:03 . 2009-08-11 21:37 -------- d-----w- c:\program files\PeerGuardian2
    2010-02-27 19:00 . 2006-02-16 09:34 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-23 15:36 . 2006-08-18 15:53 643072 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-02-23 15:36 . 2006-08-18 15:53 96384 ----a-w- c:\windows\system32\drivers\sptd2301.sys
    2010-02-23 06:31 . 2010-02-23 06:31 19 ----a-w- c:\windows\system32\drivers\hosts
    2010-02-14 15:40 . 2009-02-15 04:10 27280918 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-02-11 06:51 . 2009-09-16 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-02-10 01:58 . 2010-02-10 01:58 126543 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_09_17_46_37_small.dmp.zip
    2010-01-30 20:58 . 2010-01-22 05:20 -------- d-----w- c:\program files\Common Files\Logitech
    2010-01-26 00:31 . 2008-10-29 08:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-26 00:31 . 2008-12-09 18:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-23 08:00 . 2010-01-23 08:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-01-22 06:11 . 2010-01-22 06:11 -------- d-----w- c:\program files\Logitech
    2010-01-22 06:11 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-16 05:34 . 2008-10-26 19:37 67284 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-01-07 21:07 . 2008-10-29 08:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 21:07 . 2008-10-29 08:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-28 17:52 . 2009-12-28 17:52 99548 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_27_20_53_22_small.dmp.zip
    2009-12-22 05:21 . 2006-02-15 14:04 667136 ------w- c:\windows\system32\wininet.dll
    2009-12-22 05:20 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-12-17 17:26 . 2009-12-17 17:26 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2006-02-15 14:03 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 06:16 . 2009-04-12 20:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-04 18:22 . 2006-02-15 14:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-12-02 20:23 . 2009-12-02 20:23 149040 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2009-12-08 22:42 . 2009-12-08 22:42 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
    "TFncKy"="TFncKy.exe" [BU]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"=rddv1046.dll
    "midi1"=rddv1046.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
    backup=c:\windows\pss\RAMASST.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-12-06 16:17 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2005-10-15 14:29 88203 ----a-w- c:\windows\agrsmmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2005-10-06 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2004-03-11 05:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-12 23:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
    2005-03-11 23:03 73728 ----a-w- c:\windows\system32\TDispVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    2004-12-30 08:32 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
    2005-11-30 20:25 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Documents and Settings\\OWNER\\Desktop\\Downloads\\utorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AIM7\\aim.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-06-15 24652]
    S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
    S2 wsnm;VMware View Client Service;"c:\program files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup --> c:\program files\VMware\VMware View\Client\bin\wsnm.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-23 6:35 PM 1684736]
    S3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-07-04 3:08 PM 163390]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-08-18 643072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:23]

    2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:23]

    2010-03-02 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]

    2010-03-02 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: microsoft.com \*.windowsupdate
    Trusted Zone: windowsupdate.com
    DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
    FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
    FF - plugin: c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\mqckc8tg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-02 13:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(996)
    c:\windows\system32\rddv1046.dll
    .
    Completion time: 2010-03-02 13:55:38
    ComboFix-quarantined-files.txt 2010-03-02 18:55
    ComboFix2.txt 2010-03-02 03:51

    Pre-Run: 30,732,595,200 bytes free
    Post-Run: 30,723,940,352 bytes free

    - - End Of File - - 1CBB5470A624182DF920BA057B211392

    Scan settings
    scan using the following database extended
    Scan archives yes
    Scan e-mail databases yes
    Scan area My Computer
    C:\
    D:\
    Scan statistics
    Objects scanned 206478
    Threats found 3
    Infected objects found 3
    Suspicious objects found 0
    Scan duration 05:16:44

    File name Threat Threats count
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\20\1e15ef94-574a8500 Infected: Exploit.OSX.Smid.c 1
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\17a0bb7d-2fa21eb7 Infected: Trojan-Downloader.Java.OpenStream.ad 1
    C:\Documents and Settings\OWNER\Desktop\Downloads\nahdaemon403-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    Selected area has been scanned.



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-09-29.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2006-07-03 2:30:30 PM
    System Uptime: 2010-03-02 9:28:56 PM (0 hours ago)

    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1728/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 28.895 GiB free.
    D: is CDROM ()
    G: is FIXED (FAT32) - 233 GiB total, 50.482 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP415: 2009-12-09 2:33:24 PM - System Checkpoint
    RP416: 2009-12-09 3:23:30 PM - Software Distribution Service 3.0
    RP417: 2009-12-10 1:50:17 AM - Software Distribution Service 3.0
    RP418: 2009-12-11 11:20:11 AM - System Checkpoint
    RP419: 2009-12-12 12:40:16 PM - System Checkpoint
    RP420: 2009-12-13 1:30:03 PM - System Checkpoint
    RP421: 2009-12-14 1:47:59 PM - System Checkpoint
    RP422: 2009-12-15 2:34:51 PM - System Checkpoint
    RP423: 2009-12-16 7:10:14 PM - System Checkpoint
    RP424: 2009-12-17 7:53:45 PM - System Checkpoint
    RP425: 2009-12-18 8:24:29 PM - System Checkpoint
    RP426: 2009-12-19 9:03:38 PM - System Checkpoint
    RP427: 2009-12-21 4:43:16 PM - System Checkpoint
    RP428: 2009-12-22 5:14:29 PM - System Checkpoint
    RP429: 2009-12-23 5:14:48 PM - System Checkpoint
    RP430: 2009-12-24 7:17:10 PM - System Checkpoint
    RP431: 2009-12-25 8:07:23 PM - System Checkpoint
    RP432: 2009-12-27 10:58:46 AM - System Checkpoint
    RP433: 2009-12-28 1:25:46 PM - System Checkpoint
    RP434: 2009-12-29 2:23:32 PM - System Checkpoint
    RP435: 2009-12-31 11:42:10 AM - System Checkpoint
    RP436: 2010-01-01 12:21:48 PM - System Checkpoint
    RP437: 2010-01-02 12:31:20 PM - System Checkpoint
    RP438: 2010-01-03 6:07:20 PM - System Checkpoint
    RP439: 2010-01-04 7:06:31 PM - System Checkpoint
    RP440: 2010-01-05 8:59:24 PM - System Checkpoint
    RP441: 2010-01-06 9:56:49 PM - System Checkpoint
    RP442: 2010-01-07 10:35:26 PM - System Checkpoint
    RP443: 2010-01-08 11:05:16 PM - System Checkpoint
    RP444: 2010-01-10 12:38:22 PM - System Checkpoint
    RP445: 2010-01-11 3:51:59 PM - System Checkpoint
    RP446: 2010-01-12 4:12:13 PM - System Checkpoint
    RP447: 2010-01-13 4:52:15 PM - System Checkpoint
    RP448: 2010-01-14 12:53:39 AM - Software Distribution Service 3.0
    RP449: 2010-01-15 1:54:50 PM - System Checkpoint
    RP450: 2010-01-16 2:19:37 PM - System Checkpoint
    RP451: 2010-01-17 6:27:53 PM - System Checkpoint
    RP452: 2010-01-18 7:23:10 PM - System Checkpoint
    RP453: 2010-01-19 8:07:15 PM - System Checkpoint
    RP454: 2010-01-20 8:21:37 PM - System Checkpoint
    RP455: 2010-01-22 1:05:56 AM - Removed Google Earth.
    RP456: 2010-01-22 1:11:17 AM - Installed Logitech QuickCam
    RP457: 2010-01-23 1:48:11 AM - System Checkpoint
    RP458: 2010-01-23 3:00:24 AM - Software Distribution Service 3.0
    RP459: 2010-01-24 3:57:08 AM - System Checkpoint
    RP460: 2010-01-25 9:21:22 PM - System Checkpoint
    RP461: 2010-01-26 9:33:06 PM - System Checkpoint
    RP462: 2010-01-27 10:25:42 PM - System Checkpoint
    RP463: 2010-01-28 10:31:14 PM - System Checkpoint
    RP464: 2010-01-29 11:17:22 PM - System Checkpoint
    RP465: 2010-01-30 3:47:48 PM - Removed Logitech QuickCam
    RP466: 2010-01-31 6:46:13 PM - System Checkpoint
    RP467: 2010-02-02 12:53:15 AM - System Checkpoint
    RP468: 2010-02-02 2:00:28 PM - Installed WebEx Meeting Manager for Firefox/Netscape/Chrome
    RP469: 2010-02-02 2:00:53 PM - Printer Driver WebEx Document Loader Installed
    RP470: 2010-02-03 4:21:06 PM - System Checkpoint
    RP471: 2010-02-04 11:41:52 PM - System Checkpoint
    RP472: 2010-02-05 11:59:53 PM - System Checkpoint
    RP473: 2010-02-07 1:56:11 AM - System Checkpoint
    RP474: 2010-02-08 3:35:56 PM - Installed VMware View Client
    RP475: 2010-02-10 2:58:11 AM - System Checkpoint
    RP476: 2010-02-11 1:48:53 AM - Software Distribution Service 3.0
    RP477: 2010-02-12 3:17:50 PM - System Checkpoint
    RP478: 2010-02-13 3:18:36 PM - System Checkpoint
    RP479: 2010-02-15 12:52:13 PM - System Checkpoint
    RP480: 2010-02-16 1:25:31 AM - Removed Printworks Scrapbook and Calendar Creator
    RP481: 2010-02-17 3:30:46 PM - System Checkpoint
    RP482: 2010-02-18 4:07:55 PM - System Checkpoint
    RP483: 2010-02-19 9:19:15 PM - System Checkpoint
    RP484: 2010-02-20 9:51:59 PM - System Checkpoint
    RP485: 2010-02-22 9:28:45 PM - Restore Operation
    RP486: 2010-02-27 2:07:26 PM - Restore Operation
    RP487: 2010-03-01 11:22:57 PM - Software Distribution Service 3.0
    RP488: 2010-03-01 11:26:05 PM - Removed VMware View Client
    RP489: 2010-03-01 11:34:19 PM - Software Distribution Service 3.0
    RP490: 2010-03-02 1:17:07 PM - Removed Adobe Reader 7.1.0
    RP491: 2010-03-02 1:35:12 PM - Removed Java(TM) 6 Update 10
    RP492: 2010-03-02 2:06:33 PM - Installed Java(TM) 6 Update 18
    RP493: 2010-03-02 2:53:35 PM - Installed Adobe Reader 9.3.

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.3 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Manager
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 9.3.1
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Cakewalk VST Adapter 4.4.4.0
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    Combined Community Codec Pack 2007-07-22
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DiscAPI
    DivX Player
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    DVD-RAM Driver
    Google Toolbar for Internet Explorer
    Google Update Helper
    Guitar Pro 5.2
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Lexicon PSP 42 VST DX v1.0
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.5.8)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    Native Instruments B4
    Native Instruments Guitar Rig 2
    Office 2003 Trial Assistant
    Otto
    PDF Settings
    Pinnacle Instant DVD Recorder
    Power Tab Editor 1.7
    Printworks Scrapbook and Calendar Creator
    PSP 84 v1.0
    PSP Audioware MasterQ DX VST v1.0
    PSP VintageWarmer v1.5d
    QuickTime
    RAPID
    RealPlayer Basic
    Realtek High Definition Audio Driver
    SD Secure Module
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Shockwave
    SmartSound Quicktracks Plugin
    SONAR 5 Producer Edition
    SONAR 7 Producer Edition
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Sony Sound Forge 7.0
    Starcraft
    Synaptics Pointing Device Driver
    TC.Works.Native.Bundle.v3.0.VST.WinAll-cRime
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    Toshiba Registration
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC 9.0 Runtime
    Viewpoint Media Player
    VMware View Client
    Waves SSL Collection v1.2
    WD Diagnostics
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    2010-03-02 2:38:46 PM, error: Dhcp [1002] - The IP address lease 149.125.184.252 for the Network Card with network address 001302882F2A has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    2010-03-02 12:53:34 AM, error: Disk [11] - The driver detected a controller error on \...\DR9.
    2010-03-02 12:53:34 AM, error: Disk [11] - The driver detected a controller error on \...\DR10.
    2010-03-02 1:44:06 PM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    2010-03-01 6:30:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
    2010-03-01 12:53:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF PCLEPCI sptd ssmdrv
    2010-03-01 10:29:47 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
    2010-03-01 10:26:13 PM, error: Service Control Manager [7000] - The VMware View Client Service service failed to start due to the following error: The system cannot find the path specified.
    2010-03-01 10:11:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCLEPCI sptd
    2010-03-01 10:06:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF PCLEPCI sptd
    2010-02-27 3:08:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-27 1:59:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2010-02-25 6:34:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2010-02-24 12:01:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2010-02-23 2:18:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2010-02-23 11:38:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    2010-02-23 11:27:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2010-02-23 11:27:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2010-02-23 11:14:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi avgio avipbb Fips intelppm KLIF sptd ssmdrv
    2010-02-23 11:13:02 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302882F2A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    2010-02-23 11:12:57 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2010-02-23 11:12:57 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv Tcpip vsdatant
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010-02-23 10:17:59 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    ==== End Of File ===========================



    DDS (Ver_09-09-29.01) - NTFSx86
    Run by OWNER at 21:48:00.09 on 2010-03-02
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.906 [GMT -5:00]

    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\OWNER\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: microsoft.com \*.windowsupdate
    Trusted Zone: windowsupdate.com
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232659341937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\mqckc8tg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\mqckc8tg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
    R3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\rdwm1046.sys [2006-7-4 163390]
    S0 cvdgumi;cvdgumi;c:\windows\system32\drivers\yblswior.sys --> c:\windows\system32\drivers\yblswior.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
    S2 wsnm;VMware View Client Service;"c:\program files\vmware\vmware view\client\bin\wsnm.exe" -scmstartup --> c:\program files\vmware\vmware view\client\bin\wsnm.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-23 1684736]
    S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-15 14336]

    =============== Created Last 30 ================

    2010-03-02 14:07 73,728 a------- c:\windows\system32\javacpl.cpl
    2010-03-01 23:34 181,632 -------- c:\windows\system32\MpSigStub.exe
    2010-03-01 23:30 <DIR> --d----- c:\program files\Microsoft Security Essentials
    2010-03-01 22:12 <DIR> a-dshr-- C:\cmdcons
    2010-03-01 22:11 261,632 a------- c:\windows\PEV.exe
    2010-03-01 22:11 161,792 a------- c:\windows\SWREG.exe
    2010-03-01 22:11 98,816 a------- c:\windows\sed.exe
    2010-03-01 22:11 77,312 a------- c:\windows\MBR.exe
    2010-02-28 04:04 <DIR> --d----- C:\Temp
    2010-02-23 02:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-02-23 01:31 19 a------- c:\windows\system32\drivers\hosts
    2010-02-22 21:42 <DIR> --d----- c:\windows\system32\wbem\Repository
    2010-02-02 14:01 <DIR> --d----- c:\docume~1\owner\applic~1\webex
    2010-02-02 01:56 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
    2010-02-02 01:56 106,496 a----r-- c:\windows\system32\lvcoinst.dll
    2010-02-02 01:56 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
    2010-02-02 01:56 9,255 a----r-- c:\windows\system32\lvcoinst.ini
    2010-02-02 01:56 204,800 a----r-- c:\windows\system32\LVUI2.dll
    2010-02-02 01:56 204,800 a----r-- c:\windows\system32\lvcodec2.dll
    2010-02-02 01:56 211,712 a----r-- c:\windows\system32\drivers\LV561AV.SYS

    ==================== Find3M ====================

    2010-03-02 14:06 411,368 a------- c:\windows\system32\deploytk.dll
    2010-02-23 10:36 643,072 a------- c:\windows\system32\drivers\sptd.sys
    2010-02-23 10:36 96,384 a------- c:\windows\system32\drivers\sptd2301.sys
    2010-01-16 00:34 67,284 a---h--- c:\windows\system32\mlfcache.dat
    2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
    2009-12-22 00:21 667,136 -------- c:\windows\system32\wininet.dll
    2009-12-22 00:20 81,920 a------- c:\windows\system32\ieencode.dll
    2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
    2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
    2009-12-08 14:26 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
    2009-12-08 13:43 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
    2008-10-03 15:10 158 a------- c:\docume~1\owner\applic~1\wklnhst.dat

    ============= FINISH: 21:48:55.57 ===============

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Delete these files if found:
    C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\20\1e15ef94-574a8500
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\17a0bb7d-2fa21eb7

    Also, uninstall Macromedia Flash Player 8 (if it exists).

    I asked earlier if you use Adobe Acrobat for other duties than to convert documents to pdf files. If you do then you should update it to non vulnerable version.

    How's the system running?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Member
    Join Date
    Oct 2008
    Location
    NY
    Posts
    32

    Default

    Hi,

    I deleted the first file, but I can't find a folder "c:\documents and settings\network services" so i can't delete the second file. I don't use adobe acrobat for anything more than pdf conversion. Whenever I try to uninstall Macromedia 8 (add & remove programs) it says, "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package "install_flash_player_active_x.msi" in the box below". After I just press Ok, it says that the path cannot be found, then macromedia 8 disappears from the add & remove programs list, but comes back whenever I restart my computer. Not sure how to get around that. But other than that, the system is running great!

    -Chinny224

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •