 Ultimate Defender, Ultimate Cleaner, Winifixer, Don't know how to Remove it. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Apr 29 2008, 08:29 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158  |
I'm not really sure if i have Ultimate Defender, Ultimate Cleaner, and WinIFixer. Although there's a shortcut for each of them on my desktop. I also get pop-ups that for example say something like my computer is not safe and a window screen like this:  My Laptop is a Toshiba and runs on Windows XP. I used disk cleanup and it didn't really do anything. I also ran my antivirus program called Symantec Antivirus but it didn't detect anything that was wrong with the computer. I've also downloaded smitfraudfix and vundofix already. Here are the DSS Reports: Deckard's System Scanner v20071014.68 Run by Carol on 2008-04-29 21:11:14 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2008-04-30 01:11:24 UTC - RP405 - Deckard's System Scanner Restore Point 2: 2008-04-29 23:10:30 UTC - RP404 - Installed Java™ 6 Update 5 1: 2008-04-28 14:29:02 UTC - RP403 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 447 MiB (512 MiB recommended). -- HijackThis (run as Carol.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:12:44 PM, on 4/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxcycoms.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\cjb\cjb8.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Carol\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Carol.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\korad.dll (file missing) O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [dmsjb.exe] C:\WINDOWS\system32\dmsjb.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carol\Start Menu\Programs\EuroTalk Interactive\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O15 - Trusted Zone: http://mobile.coair.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1A734B13-7935-493E-84DC-1C812FD707F8}: NameServer = 85.255.113.92,85.255.112.195 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CS1\Services\Tcpip\..\{1A734B13-7935-493E-84DC-1C812FD707F8}: NameServer = 85.255.113.92,85.255.112.195 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O20 - AppInit_DLLs: iSecurity.cpl O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10704 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; > R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3> R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service> R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter> S3 npkcrypt - c:\program files\qro\qro full patch\npkcrypt.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™> R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; > R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-23 12:20:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-03-29 and 2008-04-29 ----------------------------- 2008-04-29 21:12:26 0 d-------- C:\Program Files\Trend Micro 2008-04-29 21:06:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-29 21:06:47 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-29 21:06:46 0 d-------- C:\WINDOWS\LastGood 2008-04-29 20:06:50 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-29 19:19:32 0 d-------- C:\VundoFix Backups 2008-04-28 10:57:13 48 --a------ C:\smp.bat 2008-04-28 08:58:08 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-19 21:06:17 0 d-------- C:\WINDOWS\pss 2008-04-19 20:31:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-04-19 20:31:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-19 20:31:19 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-19 20:31:18 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-04-19 20:31:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-04-19 20:31:17 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-04-19 20:31:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Intuit 2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Identities 2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\ATI 2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\AOL 2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Adobe 2008-04-19 20:19:06 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Local Settings 2008-04-19 20:19:06 0 dr------- C:\Documents and Settings\Administrator.RCPAGADUAN\Favorites 2008-04-19 20:19:06 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Desktop 2008-04-19 20:19:06 0 d--hs---- C:\Documents and Settings\Administrator.RCPAGADUAN\Cookies 2008-04-19 20:19:06 0 dr-h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data 2008-04-19 20:19:06 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\You've Got Pictures Screensaver 2008-04-19 20:19:06 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\toshiba 2008-04-19 20:19:06 0 d---s---- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Microsoft 2008-04-19 20:19:05 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\WINDOWS 2008-04-19 20:19:05 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Templates 2008-04-19 20:19:05 0 dr------- C:\Documents and Settings\Administrator.RCPAGADUAN\Start Menu 2008-04-19 20:19:05 0 dr-h----- C:\Documents and Settings\Administrator.RCPAGADUAN\SendTo 2008-04-19 20:19:05 0 dr-h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Recent 2008-04-19 20:19:05 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\PrintHood 2008-04-19 20:19:05 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\NetHood 2008-04-19 20:19:05 0 dr------- C:\Documents and Settings\Administrator.RCPAGADUAN\My Documents 2008-04-19 20:19:02 1310720 --ah----- C:\Documents and Settings\Administrator.RCPAGADUAN\NTUSER.DAT 2008-04-19 19:32:35 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-19 19:32:35 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-04-19 19:32:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba 2008-04-19 19:32:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-04-19 19:32:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-19 19:32:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-19 19:32:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-19 19:32:34 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-19 19:32:34 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-19 19:32:30 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-19 09:36:45 0 d-------- C:\Program Files\PhotoFiltre 2008-04-18 15:54:40 0 d-------- C:\Documents and Settings\Carol\Application Data\WinIFixer.com 2008-04-18 10:47:48 0 d-------- C:\Program Files\IE Extensions 2008-04-18 10:47:48 0 d-------- C:\Program Files\cjb 2008-04-18 10:47:41 0 d-------- C:\Program Files\iSecurity 2008-04-18 07:51:05 0 d-------- C:\Program Files\Gravity 2008-04-02 12:43:21 0 d-------- C:\Program Files\Safari 2008-04-02 12:34:24 0 d-------- C:\Program Files\iPod -- Find3M Report --------------------------------------------------------------- 2008-04-29 20:56:37 0 d-------- C:\Program Files\Symantec AntiVirus 2008-04-29 20:44:23 4444 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-29 19:14:46 0 d-------- C:\Program Files\Java 2008-04-28 18:10:39 0 d-------- C:\Program Files\lx_cats 2008-04-28 17:21:04 0 d-------- C:\Program Files\Common Files 2008-04-28 15:55:54 0 d-------- C:\Program Files\DivX 2008-04-28 15:54:36 0 d-------- C:\Program Files\Common Files\Real 2008-04-28 06:26:52 0 d-------- C:\Program Files\GatheringRO 2008-04-26 23:16:32 0 d-------- C:\Documents and Settings\Carol\Application Data\U3 2008-04-18 15:31:54 0 d-------- C:\Program Files\LimeWire 2008-04-18 07:54:08 0 d-------- C:\Documents and Settings\Carol\Application Data\LimeWire 2008-04-11 05:00:35 0 d-------- C:\Documents and Settings\Carol\Application Data\toshiba 2008-04-08 12:21:16 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-02 22:25:03 0 d-------- C:\Documents and Settings\Carol\Application Data\Apple Computer 2008-04-02 12:35:10 0 d-------- C:\Program Files\iTunes 2008-03-30 08:23:25 0 d-------- C:\Program Files\Windows Media Connect 2 2008-03-26 11:31:51 0 d-------- C:\Documents and Settings\Carol\Application Data\uTorrent 2008-03-24 09:34:38 0 d-------- C:\Program Files\Zune 2008-03-24 09:34:03 0 d-------- C:\Program Files\DIFX 2008-03-24 09:33:56 0 d-------- C:\Program Files\Common Files\ComponentOne 2008-03-24 06:39:31 0 d-------- C:\Documents and Settings\Carol\Application Data\IMVU 2008-03-14 21:06:46 0 d-------- C:\Program Files\Viewpoint 2008-03-14 21:06:43 0 d-------- C:\Program Files\Common Files\Viewpoint 2008-03-11 17:47:05 0 d-------- C:\Program Files\eSoftware 2008-03-05 01:05:05 0 d--h----- C:\Documents and Settings\Carol\Application Data\ijjigame 2008-02-29 01:39:24 0 d-------- C:\Program Files\WinBudget -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4}] C:\WINDOWS\korad.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}] 12/01/2005 07:39 PM 113152 --a------ C:\WINDOWS\IECodecPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}] 03/11/2008 05:45 PM 282636 --a------ C:\Program Files\eSoftware\studio.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [11/10/2005 03:14 PM C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [05/03/2005 10:43 PM C:\WINDOWS\Alcmtr.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/27/2008 01:54 AM] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/27/2008 01:54 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/27/2008 01:54 AM] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [02/27/2008 01:54 AM] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [02/27/2008 01:54 AM] "AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 10:29 AM C:\WINDOWS\agrsmmsg.exe] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/27/2008 01:54 AM] "TFncKy"="TFncKy.exe" [] "TPSMain"="TPSMain.exe" [06/01/2005 01:00 AM C:\WINDOWS\system32\TPSMain.exe] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [02/27/2008 01:54 AM] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [02/27/2008 01:54 AM] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [02/27/2008 01:54 AM] "CFSServ.exe"="CFSServ.exe" [] "dmsjb.exe"="C:\WINDOWS\system32\dmsjb.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/27/2008 01:54 AM] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [02/27/2008 01:54 AM] "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [02/27/2008 01:54 AM] "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [02/27/2008 01:54 AM] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/27/2008 01:54 AM] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 01:27 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/27/2008 01:54 AM] "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [10/31/2006 02:34 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM] "cjb"="C:\Program Files\cjb\cjb8.exe" [04/18/2008 10:47 AM] "iSecurity applet"="iSecurity.cpl" [04/18/2008 10:47 AM C:\WINDOWS\system32\iSecurity.cpl] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [02/27/2008 01:54 AM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [02/27/2008 01:54 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [11/4/2005 11:20:51 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "iSecurity"= {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="csfrc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=iSecurity.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab2810a-a07b-11dc-bf8c-0016e3041f45}] AutoRun\command- New Folder.exe -- End of Deckard's System Scanner: finished at 2008-04-29 21:13:45 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Celeron® M processor 1.70GHz Percentage of Memory in Use: 59% Physical Memory (total/avail): 446.17 MiB / 179.42 MiB Pagefile Memory (total/avail): 1056.41 MiB / 642.84 MiB Virtual Memory (total/avail): 2047.88 MiB / 1913.56 MiB C: is Fixed (NTFS) - 74.29 GiB total, 50.49 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 74.53 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 74.29 GiB - C: \PARTITION1 - Unknown - 251.02 MiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. AntivirusOverride is set. FirewallOverride is set. AV: Symantec AntiVirus Corporate Edition v9.0.4.1000 (Symantec Corporation) Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine" "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aolsoftware.exe:*:Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Carol\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=RCPAGADUAN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO GETMODEL=Satellite A105 HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Carol LOGONSERVER=\\RCPAGADUAN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Carol\LOCALS~1\Temp TMP=C:\DOCUME~1\Carol\LOCALS~1\Temp USERDOMAIN=RCPAGADUAN USERNAME=Carol USERPROFILE=C:\Documents and Settings\Carol VERNUM=PSAA2U-123456V windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Carol (admin) Rene (admin) Administrator.RCPAGADUAN (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} AIM 6 --> C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9 Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9 Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\setup.exe" -l0x9 ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver EuroTalk Talk Now Plus! --> C:\PROGRA~1\EuroTalk\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\TALKNO~1\INSTALL.LOG High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll" LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Metamail (Toshiba Registration Utility) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9 Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C} Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9 PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe" Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768} Safety Alert 2006 --> C:\DOCUME~1\Carol\LOCALS~1\Temp\laf62.tmp /del Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Symantec AntiVirus --> MsiExec.exe /I{3E172636-AE83-474A-9D07-E31C22C6DDC2} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9 TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9 TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu" TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll" TOSHIBA Software Modem --> Tosmreg -U TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9 TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9 TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html" Windows Driver Package - Microsoft WPD (8/28/2006 1.0.0.2) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_9C3D37D5063B767B2FEA1899B50894F1AC95FAA6\Zune.inf Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Music Engine --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe" Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC} -- Application Event Log ------------------------------------------------------- Event Record #/Type175 / Error Event Submitted/Written: 04/29/2008 07:56:51 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type162 / Warning Event Submitted/Written: 04/29/2008 07:12:28 PM Event ID/Source: 6 / Symantec AntiVirus Event Description: Scan could not access path C:\pagefile.sys Event Record #/Type161 / Warning Event Submitted/Written: 04/29/2008 07:12:27 PM Event ID/Source: 6 / Symantec AntiVirus Event Description: Scan could not access path C:\hiberfil.sys Event Record #/Type160 / Warning Event Submitted/Written: 04/29/2008 07:12:25 PM Event ID/Source: 6 / Symantec AntiVirus Event Description: Scan could not access path C:\Documents and Settings\Rene Event Record #/Type159 / Warning Event Submitted/Written: 04/29/2008 07:12:25 PM Event ID/Source: 6 / Symantec AntiVirus Event Description: Scan could not open file C:\Documents and Settings\NetworkService\ntuser.dat.LOG [00000003] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type24136 / Error Event Submitted/Written: 04/29/2008 08:53:58 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type24135 / Error Event Submitted/Written: 04/29/2008 08:40:40 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Event Record #/Type24134 / Error Event Submitted/Written: 04/29/2008 08:39:25 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type24133 / Error Event Submitted/Written: 04/29/2008 08:38:43 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SYMTDI Tcpip Event Record #/Type24132 / Error Event Submitted/Written: 04/29/2008 08:38:43 PM Event ID/Source: 7001 / Service Control Manager Event Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 -- End of Deckard's System Scanner: finished at 2008-04-29 21:13:45 ------------ This post has been edited by Panda Moniium: Apr 30 2008, 07:52 AM |
 |
 
|
|
Apr 30 2008, 10:27 AM
Post
#2
|
|
 Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello Panda Moniium,
Welcome to Bleeping Computer  Couple of things going on here, so this will take several posts and a few tools to clear. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://download.bleepingcomputer.com/lonny/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you!    Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
Apr 30 2008, 12:46 PM
Post
#3
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
Username "Carol" - 04/30/2008 13:19:07 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmsjb" HKLM\SOFTWARE\~\Winlogon\ "System"="csfrc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.113.92 85.255.112.195" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1A734B13-7935-493E-84DC-1C812FD707F8} "nameserver"="85.255.113.92,85.255.112.195" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{38170140-9067-47C7-8914-B9B9EF70AD8E} "DhcpNameServer"="85.255.113.92,85.255.112.195" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8D045DFEC9EC-E32B-15E4-B754-22C343DF{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D3E47720E970-2989-E984-9442-CA6A3663{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "bjsmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1trap" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2trap" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "crfsc" Value deleted HKCR\CLSID\{4082BBC4-FF16-466F-AD49-5C21C714E565}\_h\4 Deleted. .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe" "NDSTray.exe"="NDSTray.exe" "Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe" "AGRSMMSG"="AGRSMMSG.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "TFncKy"="TFncKy.exe" "TPSMain"="TPSMain.exe" "PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe" "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe" "Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run" "CFSServ.exe"="CFSServ.exe -NoClient" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "lxcymon.exe"="\"C:\\Program Files\\Lexmark 3400 Series\\lxcymon.exe\"" "EzPrint"="\"C:\\Program Files\\Lexmark 3400 Series\\ezprint.exe\"" "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "LXCYCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCYtime.dll,_RunDLLEntry@16" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "cjb"="C:\\Program Files\\cjb\\cjb8.exe" "iSecurity applet"="rundll32.exe iSecurity.cpl,SecurityMonitor" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ |
|
|
|
|
Apr 30 2008, 01:07 PM
Post
#4
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello,
Thanks for that. Please be sure in your next reply to include a new HijackThis log like I asked for. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
May 1 2008, 10:24 AM
Post
#5
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
ComboFix 08-04-29.5 - Carol 2008-05-01 11:01:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -4:00] Running from: C:\Documents and Settings\Carol\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Carol\Application Data\WinIFixer.com C:\Documents and Settings\Carol\Desktop\WinIFixer.lnk C:\Program Files\cjb C:\Program Files\cjb\cjb8.exe C:\Program Files\iSecurity C:\Program Files\iSecurity\iSecurity.dat C:\Program Files\iSecurity\Thumbs.db C:\Program Files\iSecurity\ucleaner.bmp C:\Program Files\iSecurity\ucleaner.ico C:\Program Files\iSecurity\ucleaneri.bmp C:\Program Files\iSecurity\udefender.bmp C:\Program Files\iSecurity\udefender.ico C:\Program Files\iSecurity\udefenderi.bmp C:\Program Files\iSecurity\v5\iSecurity.cpl C:\Program Files\iSecurity\v7\iSecurity.cpl C:\Program Files\iSecurity\winifixer.bmp C:\Program Files\iSecurity\winifixer.ico C:\Program Files\iSecurity\winifixeri.bmp C:\Program Files\WinBudget C:\Program Files\WinBudget\bin\matrix.dll C:\smp.bat C:\WINDOWS\system32\iSecurity.cpl . ((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))) . 2008-05-01 04:06 . 2008-05-01 04:06 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-05-01 04:05 . 2008-05-01 04:05 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-04-30 13:18 . 2008-04-30 13:42 <DIR> d-------- C:\fixwareout 2008-04-29 21:12 . 2008-04-29 21:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-29 21:10 . 2008-04-29 21:10 <DIR> d-------- C:\Deckard 2008-04-29 21:06 . 2008-04-29 21:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-29 21:06 . 2008-04-29 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-29 20:06 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-04-29 19:19 . 2008-04-29 19:19 <DIR> d-------- C:\VundoFix Backups 2008-04-29 19:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-28 08:58 . 2008-04-28 08:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-19 20:31 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-19 20:31 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-19 20:31 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-19 20:31 . 2008-04-20 00:38 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-19 20:31 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-04-19 20:31 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-19 20:31 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-19 20:19 . 2005-11-04 23:25 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\WINDOWS 2008-04-19 20:19 . 2005-11-05 00:10 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\You've Got Pictures Screensaver 2008-04-19 20:19 . 2005-11-04 23:39 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\toshiba 2008-04-19 20:19 . 2005-11-05 00:05 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Intuit 2008-04-19 20:19 . 2005-11-29 18:25 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\ATI 2008-04-19 20:19 . 2006-04-10 18:00 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\AOL 2008-04-19 20:19 . 2008-04-19 20:19 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN 2008-04-19 20:19 . 2008-05-01 11:00 1,024 --ah----- C:\Documents and Settings\Administrator.RCPAGADUAN\ntuser.dat.LOG 2008-04-19 19:32 . 2005-11-04 23:25 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-04-19 19:32 . 2008-04-19 19:32 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-19 19:32 . 2008-05-01 11:00 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-04-19 09:36 . 2008-04-19 09:38 <DIR> d-------- C:\Program Files\PhotoFiltre 2008-04-18 10:47 . 2008-04-18 10:47 <DIR> d-------- C:\Program Files\IE Extensions 2008-04-18 07:51 . 2008-04-18 07:51 <DIR> d-------- C:\Program Files\Gravity 2008-04-02 12:43 . 2008-04-02 12:44 <DIR> d-------- C:\Program Files\Safari 2008-04-02 12:34 . 2008-04-02 12:34 <DIR> d-------- C:\Program Files\iPod 2008-04-02 12:20 . 2008-05-01 10:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-02 12:20 . 2008-04-02 12:20 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-01 15:08 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-04-30 22:35 --------- d-----w C:\Program Files\lx_cats 2008-04-30 01:53 --------- d-----w C:\Program Files\GatheringRO 2008-04-29 23:14 --------- d-----w C:\Program Files\Java 2008-04-28 19:55 --------- d-----w C:\Program Files\DivX 2008-04-28 19:54 --------- d-----w C:\Program Files\Common Files\Real 2008-04-27 03:16 --------- d-----w C:\Documents and Settings\Carol\Application Data\U3 2008-04-18 19:31 --------- d-----w C:\Program Files\LimeWire 2008-04-18 11:54 --------- d-----w C:\Documents and Settings\Carol\Application Data\LimeWire 2008-04-11 09:00 --------- d-----w C:\Documents and Settings\Carol\Application Data\toshiba 2008-04-08 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-03 02:25 --------- d-----w C:\Documents and Settings\Carol\Application Data\Apple Computer 2008-04-02 16:35 --------- d-----w C:\Program Files\iTunes 2008-03-30 12:23 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-26 15:31 --------- d-----w C:\Documents and Settings\Carol\Application Data\uTorrent 2008-03-24 13:34 --------- d-----w C:\Program Files\Zune 2008-03-24 13:34 --------- d-----w C:\Program Files\DIFX 2008-03-24 13:33 --------- d-----w C:\Program Files\Common Files\ComponentOne 2008-03-24 10:39 --------- d-----w C:\Documents and Settings\Carol\Application Data\IMVU 2008-03-15 01:06 --------- d-----w C:\Program Files\Viewpoint 2008-03-15 01:06 --------- d-----w C:\Program Files\Common Files\Viewpoint 2008-03-15 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-11 21:47 --------- d-----w C:\Program Files\eSoftware 2008-03-05 05:05 --------- d--h--w C:\Documents and Settings\Carol\Application Data\ijjigame . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . -c--a-r 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe ----a-w 344,064 2005-08-06 05:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe -c--a-w 50,760 2006-05-10 00:24:16 C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe -c--a-w 67,184 2005-02-18 00:32:52 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe -c--a-w 267,048 2008-02-04 19:18:40 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 267,048 2008-02-19 17:10:32 C:\Program Files\iTunes\iTunesHelper.exe -c--a-w 82,608 2007-06-25 14:34:56 C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe -c--a-w 291,504 2007-06-25 14:34:55 C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe -c--a-w 295,600 2007-06-25 14:35:01 C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe -c--a-w 183,367 2006-11-16 16:42:38 C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe -c--a-w 286,720 2007-10-20 01:16:26 C:\Program Files\QuickTime\bak\QTTask.exe -c--a-w 120,640 2005-04-24 21:21:40 C:\Program Files\Symantec AntiVirus\bak\VPTray.exe ----a-w 688,218 2004-10-14 23:26:40 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe ----a-w 98,394 2004-10-14 23:28:02 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe -c--a-w 65,536 2004-12-30 08:32:20 C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe ----a-w 352,256 2005-11-25 21:07:16 C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe -c--a-w 122,880 2005-04-27 00:13:20 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe -c--a-w 1,077,322 2005-07-15 18:52:42 C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe -c--a-w 73,728 2005-11-10 18:24:50 C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe -c--a-w 151,552 2005-03-18 01:37:26 C:\TOSHIBA\IVP\ISM\bak\pinger.exe -c--a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe -c--a-w 122,940 2005-08-01 13:10:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4}] C:\WINDOWS\korad.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}] 2005-12-01 19:39 113152 --a------ C:\WINDOWS\IECodecPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}] 2008-03-11 17:45 282636 --a------ C:\Program Files\eSoftware\studio.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15:14 15473664 C:\WINDOWS\RTHDCPL.exe] "NDSTray.exe"="NDSTray.exe" [] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 10:29 88203 C:\WINDOWS\agrsmmsg.exe] "TFncKy"="TFncKy.exe" [] "TPSMain"="TPSMain.exe" [2005-06-01 01:00 282624 C:\WINDOWS\system32\TPSMain.exe] "CFSServ.exe"="CFSServ.exe" [] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 13:27 106496] "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2006-10-31 14:34 20752] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 23:20:51 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\system32\\lxcycoms.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 04:05] R2 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 06:28] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab2810a-a07b-11dc-bf8c-0016e3041f45}] \Shell\AutoRun\command - New Folder.exe . Contents of the 'Scheduled Tasks' folder "2008-04-30 16:20:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 11:09:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-05-01 11:18:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-01 15:18:05 Pre-Run: 53,717,299,200 bytes free Post-Run: 54,086,459,392 bytes free 218 --- E O F --- 2008-05-01 08:07:08 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:30 AM, on 5/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxcycoms.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\korad.dll (file missing) O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carol\Start Menu\Programs\EuroTalk Interactive\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O15 - Trusted Zone: http://mobile.coair.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8486 bytes |
|
|
|
|
May 1 2008, 10:26 AM
Post
#6
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
Is it supposed to say:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! and is that bad? |
|
|
|
|
May 1 2008, 02:28 PM
Post
#7
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello,
If you don't have it installed then it's supposed to say that. Not necessarily bad, but it won't hurt to install it just in case you find yourself in dire circumstances. ComboFix revealed another infection we need to take care of called AWF.  # *Please download FindAWF by noahdfear and save it to your desktop: # Please double-click FindAWF.exe to run option 1. # If a security alert shows, allow the program to run. # When the tool has completed, a report will open in Notepad. # Please post the results of the awf.txt in your next reply. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
May 1 2008, 11:21 PM
Post
#8
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
Directory of C:\PROGRA~1\ITUNES\BAK 02/04/2008 03:18 PM 267,048 iTunesHelper.exe 1 File(s) 267,048 bytes Directory of C:\PROGRA~1\LEXMAR~1\BAK 06/25/2007 10:34 AM 82,608 ezprint.exe 06/25/2007 10:34 AM 291,504 lxcymon.exe 2 File(s) 374,112 bytes Directory of C:\PROGRA~1\LEXMAR~2\BAK 06/25/2007 10:35 AM 295,600 fm3032.exe 1 File(s) 295,600 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 10/19/2007 09:16 PM 286,720 QTTask.exe 1 File(s) 286,720 bytes Directory of C:\PROGRA~1\SYMANT~1\BAK 04/24/2005 05:21 PM 120,640 VPTray.exe 1 File(s) 120,640 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/04/2004 08:00 AM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK 08/06/2005 01:05 AM 344,064 atiptaxx.exe 1 File(s) 344,064 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK 02/17/2005 08:32 PM 67,184 ccApp.exe 1 File(s) 67,184 bytes Directory of C:\PROGRA~1\PLAXO\2121~1.1\BAK 11/16/2006 12:42 PM 183,367 PlaxoHelper.exe 1 File(s) 183,367 bytes Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK 10/14/2004 07:26 PM 688,218 SynTPEnh.exe 10/14/2004 07:28 PM 98,394 SynTPLpr.exe 2 File(s) 786,612 bytes Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK 12/30/2004 04:32 AM 65,536 toscdspd.exe 1 File(s) 65,536 bytes Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~1\BAK 11/25/2005 05:07 PM 352,256 thotkey.exe 1 File(s) 352,256 bytes Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK 04/26/2005 08:13 PM 122,880 SmoothView.exe 1 File(s) 122,880 bytes Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK 07/15/2005 02:52 PM 1,077,322 PadExe.exe 1 File(s) 1,077,322 bytes Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK 11/10/2005 02:24 PM 73,728 TvsTray.exe 1 File(s) 73,728 bytes Directory of C:\TOSHIBA\IVP\ISM\BAK 03/17/2005 09:37 PM 151,552 pinger.exe 1 File(s) 151,552 bytes Directory of C:\WINDOWS\SYSTEM32\DLA\BAK 08/01/2005 09:10 AM 122,940 DLACTRLW.EXE 1 File(s) 122,940 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Directory of C:\PROGRA~1\COMMON~1\AOL\114610~1\EE\BAK 05/09/2006 08:24 PM 50,760 AOLSoftware.exe 1 File(s) 50,760 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 267048 Feb 19 2008 "C:\Program Files\iTunes\iTunesHelper.exe" 267048 Feb 4 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Apr 2 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe" 75048 Apr 2 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe" 82608 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe" 291504 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe" 295600 Jun 25 2007 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe" 286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\QTTask.exe" 120640 Apr 24 2005 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 344064 Aug 6 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" 67184 Feb 17 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" 183367 Nov 16 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe" 183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe" 688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe" 688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe" 98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe" 98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe" 65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe" 352256 Nov 25 2005 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe" 122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe" 1077322 Jul 15 2005 "C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe" 73728 Nov 10 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe" 151552 Mar 17 2005 "C:\TOSHIBA\IVP\ISM\bak\pinger.exe" 122940 Aug 1 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe" 122940 Aug 1 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" 42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe" 50760 May 9 2006 "C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe" end of report Did you want a HiJackThis report? |
|
|
|
|
May 2 2008, 12:06 AM
Post
#9
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello,
You didn't post the whole report.....did you run other than just option #1? I hope not because this should be done in a certain order. No, I won't need a new HijackThis log until we're done with this. Please double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 2 then Enter to restore files from bak folders A text file opens called: files.txt Click below the line and paste the following list of files to be restored: "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe" "C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe" "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe" "C:\Program Files\QuickTime\bak\QTTask.exe" "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe" "C:\WINDOWS\system32\bak\ctfmon.exe" "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe" "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe" "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe" "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe" "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe" "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe" "C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe" "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe" "C:\TOSHIBA\IVP\ISM\bak\pinger.exe" "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE" "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" "C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe" Next, close and click Yes to save the changes. Once files.txt is saved, FindAWF does the following: -It attempts to terminate the process represented by each filename on the list, if running -Deletes the rogue file from the parent folder, if present -Copies the original file to the parent folder When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
May 2 2008, 06:57 AM
Post
#10
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
I only ran option 1 and that was the only report they gave me.
|
|
|
|
|
May 2 2008, 06:58 AM
Post
#11
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
Find AWF report by noahdfear ©2006 Version 1.40 Option 2 run successfully The current date is: Fri 05/02/2008 The current time is: 7:54:17.79 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\ITUNES\BAK 02/04/2008 03:18 PM 267,048 iTunesHelper.exe 1 File(s) 267,048 bytes Directory of C:\PROGRA~1\LEXMAR~1\BAK 06/25/2007 10:34 AM 82,608 ezprint.exe 06/25/2007 10:34 AM 291,504 lxcymon.exe 2 File(s) 374,112 bytes Directory of C:\PROGRA~1\LEXMAR~2\BAK 06/25/2007 10:35 AM 295,600 fm3032.exe 1 File(s) 295,600 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 10/19/2007 09:16 PM 286,720 QTTask.exe 1 File(s) 286,720 bytes Directory of C:\PROGRA~1\SYMANT~1\BAK 04/24/2005 05:21 PM 120,640 VPTray.exe 1 File(s) 120,640 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/04/2004 08:00 AM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK 08/06/2005 01:05 AM 344,064 atiptaxx.exe 1 File(s) 344,064 bytes Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK 02/17/2005 08:32 PM 67,184 ccApp.exe 1 File(s) 67,184 bytes Directory of C:\PROGRA~1\PLAXO\2121~1.1\BAK 11/16/2006 12:42 PM 183,367 PlaxoHelper.exe 1 File(s) 183,367 bytes Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK 10/14/2004 07:26 PM 688,218 SynTPEnh.exe 10/14/2004 07:28 PM 98,394 SynTPLpr.exe 2 File(s) 786,612 bytes Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK 12/30/2004 04:32 AM 65,536 toscdspd.exe 1 File(s) 65,536 bytes Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~1\BAK 11/25/2005 05:07 PM 352,256 thotkey.exe 1 File(s) 352,256 bytes Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK 04/26/2005 08:13 PM 122,880 SmoothView.exe 1 File(s) 122,880 bytes Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK 07/15/2005 02:52 PM 1,077,322 PadExe.exe 1 File(s) 1,077,322 bytes Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK 11/10/2005 02:24 PM 73,728 TvsTray.exe 1 File(s) 73,728 bytes Directory of C:\TOSHIBA\IVP\ISM\BAK 03/17/2005 09:37 PM 151,552 pinger.exe 1 File(s) 151,552 bytes Directory of C:\WINDOWS\SYSTEM32\DLA\BAK 08/01/2005 09:10 AM 122,940 DLACTRLW.EXE 1 File(s) 122,940 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Directory of C:\PROGRA~1\COMMON~1\AOL\114610~1\EE\BAK 05/09/2006 08:24 PM 50,760 AOLSoftware.exe 1 File(s) 50,760 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 267048 Feb 4 2008 "C:\Program Files\iTunes\iTunesHelper.exe" 267048 Feb 4 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Apr 2 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe" 75048 Apr 2 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe" 82608 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\ezprint.exe" 82608 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe" 291504 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" 291504 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe" 295600 Jun 25 2007 "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" 295600 Jun 25 2007 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe" 286720 Oct 19 2007 "C:\Program Files\QuickTime\QTTask.exe" 286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\QTTask.exe" 120640 Apr 24 2005 "C:\Program Files\Symantec AntiVirus\VPTray.exe" 120640 Apr 24 2005 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 344064 Aug 6 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 344064 Aug 6 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" 67184 Feb 17 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 67184 Feb 17 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" 183367 Nov 16 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe" 183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" 183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe" 688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe" 688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe" 98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" 98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe" 98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe" 65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" 65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe" 352256 Nov 25 2005 "C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe" 352256 Nov 25 2005 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe" 122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" 122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe" 1077322 Jul 15 2005 "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" 1077322 Jul 15 2005 "C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe" 73728 Nov 10 2005 "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" 73728 Nov 10 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe" 151552 Mar 17 2005 "C:\TOSHIBA\IVP\ISM\pinger.exe" 151552 Mar 17 2005 "C:\TOSHIBA\IVP\ISM\bak\pinger.exe" 122940 Aug 1 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE" 122940 Aug 1 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe" 122940 Aug 1 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" 42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe" 50760 May 9 2006 "C:\Program Files\Common Files\AOL\1146106896\ee\AOLSoftware.exe" 50760 May 9 2006 "C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe" end of report |
|
|
|
|
May 2 2008, 09:34 AM
Post
#12
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello,
Thanks for letting me know. Please double-click the FindAWF icon once again This time we are going to remove some folders. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\Program Files\iTunes\bak C:\Program Files\Lexmark 3400 Series\bak C:\Program Files\Lexmark Fax Solutions\bak C:\Program Files\QuickTime\bak C:\Program Files\Symantec AntiVirus\bak C:\WINDOWS\system32\bak C:\Program Files\ATI Technologies\ATI Control Panel\bak C:\Program Files\Common Files\Symantec Shared\bak C:\Program Files\Plaxo\2.12.1.1\bak C:\Program Files\Synaptics\SynTP\bak C:\Program Files\Synaptics\SynTP\bak C:\Program Files\TOSHIBA\TOSCDSPD\bak C:\Program Files\TOSHIBA\TOSHIBA Applet\bak C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak C:\Program Files\TOSHIBA\Touch and Launch\bak C:\Program Files\TOSHIBA\Tvs\bak C:\TOSHIBA\IVP\ISM\bak C:\WINDOWS\system32\DLA\bak C:\Program Files\Adobe\Acrobat 7.0\Reader\bak C:\Program Files\Common Files\AOL\1146106896\ee\bak Next, close and click Yes to save the changes. When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post. Please provide the new FindAWF log in your reply. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
May 2 2008, 01:18 PM
Post
#13
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Fri 05/02/2008 The current time is: 12:06:04.76 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" end of report |
|
|
|
|
May 2 2008, 02:09 PM
Post
#14
|
|
|
Bleepin' Texan! Group: HJT Team Coach Posts: 13,829 Joined: 5-April 06 From: Planet Texas! Member No.: 62,846 |
Hello,
I see that one remains. Your Adobe is out of date anyway, so I would recommend that you uninstall that version and update to the newest, and it'll be clean.  To finish, run Option 4. Double-click the FindAWF icon once again. Use the following option: Press 4 then Enter to reset domain zones. When the program returns to the main menu, use the following option: Press E then Enter to EXIT. Now I need to see a new HijackThis log so we can deal with the rest, please. Thanks, tea -------------------- Please make a donation so I can keep helping people just like you. Every little bit helps! :) You can even use your credit card! Thank you! Error reading poptart in Drive A: Delete kids y/n? PopTartFixIt2 ============= POPTART ================ Poptart successfully found and removed. ================ KIDS ================ Kid ... Maxwell O'Neal deleted successfully. Kid ... Billy O'Neal deleted successfully. ========== FINISHED! TERMINATE! ========== Tool by Billy3 |
|
|
|
|
May 3 2008, 03:48 PM
Post
#15
|
|
|
New Member Group: Members Posts: 12 Joined: 29-April 08 Member No.: 206,158 |
I'm not sure which Adobe (flash player? reader?) update I needed.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:46:42 PM, on 5/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\lxcycoms.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\msiexec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\korad.dll (file missing) O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carol\Start Menu\Programs\EuroTalk Interactive\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8995 bytes |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 07:24 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.