Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ultimate Defender, Ultimate Cleaner, Winifixer


  • This topic is locked This topic is locked
22 replies to this topic

#1 Panda Moniium

Panda Moniium

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 29 April 2008 - 08:29 PM

Hey guys, I'm Panda.

I'm not really sure if i have Ultimate Defender, Ultimate Cleaner, and WinIFixer. Although there's a shortcut for each of them on my desktop. I also get pop-ups that for example say something like my computer is not safe and a window screen like this: Posted Image

My Laptop is a Toshiba and runs on Windows XP.
I used disk cleanup and it didn't really do anything.
I also ran my antivirus program called Symantec Antivirus but it didn't detect anything that was wrong with the computer.
I've also downloaded smitfraudfix and vundofix already.

Here are the DSS Reports:

Deckard's System Scanner v20071014.68
Run by Carol on 2008-04-29 21:11:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-30 01:11:24 UTC - RP405 - Deckard's System Scanner Restore Point
2: 2008-04-29 23:10:30 UTC - RP404 - Installed Java™ 6 Update 5
1: 2008-04-28 14:29:02 UTC - RP403 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Carol.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:44 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\cjb\cjb8.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Carol\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Carol.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\korad.dll (file missing)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [dmsjb.exe] C:\WINDOWS\system32\dmsjb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb8.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carol\Start Menu\Programs\EuroTalk Interactive\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://mobile.coair.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A734B13-7935-493E-84DC-1C812FD707F8}: NameServer = 85.255.113.92,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A734B13-7935-493E-84DC-1C812FD707F8}: NameServer = 85.255.113.92,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10704 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 npkcrypt - c:\program files\qro\qro full patch\npkcrypt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-23 12:20:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 21:12:26 0 d-------- C:\Program Files\Trend Micro
2008-04-29 21:06:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 21:06:47 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 21:06:46 0 d-------- C:\WINDOWS\LastGood
2008-04-29 20:06:50 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-29 19:19:32 0 d-------- C:\VundoFix Backups
2008-04-28 10:57:13 48 --a------ C:\smp.bat
2008-04-28 08:58:08 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 21:06:17 0 d-------- C:\WINDOWS\pss
2008-04-19 20:31:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-19 20:31:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-19 20:31:19 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-19 20:31:18 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-19 20:31:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-19 20:31:17 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-19 20:31:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Intuit
2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Identities
2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\ATI
2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\AOL
2008-04-19 20:19:07 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Adobe
2008-04-19 20:19:06 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Local Settings
2008-04-19 20:19:06 0 dr------- C:\Documents and Settings\Administrator.RCPAGADUAN\Favorites
2008-04-19 20:19:06 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Desktop
2008-04-19 20:19:06 0 d--hs---- C:\Documents and Settings\Administrator.RCPAGADUAN\Cookies
2008-04-19 20:19:06 0 dr-h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data
2008-04-19 20:19:06 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\You've Got Pictures Screensaver
2008-04-19 20:19:06 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\toshiba
2008-04-19 20:19:06 0 d---s---- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Microsoft
2008-04-19 20:19:05 0 d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\WINDOWS
2008-04-19 20:19:05 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Templates
2008-04-19 20:19:05 0 dr------- C:\Documents and Settings\Administrator.RCPAGADUAN\Start Menu
2008-04-19 20:19:05 0 dr-h----- C:\Documents and Settings\Administrator.RCPAGADUAN\SendTo
2008-04-19 20:19:05 0 dr-h----- C:\Documents and Settings\Administrator.RCPAGADUAN\Recent
2008-04-19 20:19:05 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\PrintHood
2008-04-19 20:19:05 0 d--h----- C:\Documents and Settings\Administrator.RCPAGADUAN\NetHood
2008-04-19 20:19:05 0 dr------- C:\Documents and Settings\Administrator.RCPAGADUAN\My Documents
2008-04-19 20:19:02 1310720 --ah----- C:\Documents and Settings\Administrator.RCPAGADUAN\NTUSER.DAT
2008-04-19 19:32:35 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-19 19:32:35 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-19 19:32:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-04-19 19:32:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-04-19 19:32:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-19 19:32:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-19 19:32:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-19 19:32:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-19 19:32:34 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-19 19:32:34 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-19 19:32:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-19 19:32:30 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-19 09:36:45 0 d-------- C:\Program Files\PhotoFiltre
2008-04-18 15:54:40 0 d-------- C:\Documents and Settings\Carol\Application Data\WinIFixer.com
2008-04-18 10:47:48 0 d-------- C:\Program Files\IE Extensions
2008-04-18 10:47:48 0 d-------- C:\Program Files\cjb
2008-04-18 10:47:41 0 d-------- C:\Program Files\iSecurity
2008-04-18 07:51:05 0 d-------- C:\Program Files\Gravity
2008-04-02 12:43:21 0 d-------- C:\Program Files\Safari
2008-04-02 12:34:24 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-04-29 20:56:37 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-29 20:44:23 4444 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-29 19:14:46 0 d-------- C:\Program Files\Java
2008-04-28 18:10:39 0 d-------- C:\Program Files\lx_cats
2008-04-28 17:21:04 0 d-------- C:\Program Files\Common Files
2008-04-28 15:55:54 0 d-------- C:\Program Files\DivX
2008-04-28 15:54:36 0 d-------- C:\Program Files\Common Files\Real
2008-04-28 06:26:52 0 d-------- C:\Program Files\GatheringRO
2008-04-26 23:16:32 0 d-------- C:\Documents and Settings\Carol\Application Data\U3
2008-04-18 15:31:54 0 d-------- C:\Program Files\LimeWire
2008-04-18 07:54:08 0 d-------- C:\Documents and Settings\Carol\Application Data\LimeWire
2008-04-11 05:00:35 0 d-------- C:\Documents and Settings\Carol\Application Data\toshiba
2008-04-08 12:21:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 22:25:03 0 d-------- C:\Documents and Settings\Carol\Application Data\Apple Computer
2008-04-02 12:35:10 0 d-------- C:\Program Files\iTunes
2008-03-30 08:23:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-26 11:31:51 0 d-------- C:\Documents and Settings\Carol\Application Data\uTorrent
2008-03-24 09:34:38 0 d-------- C:\Program Files\Zune
2008-03-24 09:34:03 0 d-------- C:\Program Files\DIFX
2008-03-24 09:33:56 0 d-------- C:\Program Files\Common Files\ComponentOne
2008-03-24 06:39:31 0 d-------- C:\Documents and Settings\Carol\Application Data\IMVU
2008-03-14 21:06:46 0 d-------- C:\Program Files\Viewpoint
2008-03-14 21:06:43 0 d-------- C:\Program Files\Common Files\Viewpoint
2008-03-11 17:47:05 0 d-------- C:\Program Files\eSoftware
2008-03-05 01:05:05 0 d--h----- C:\Documents and Settings\Carol\Application Data\ijjigame
2008-02-29 01:39:24 0 d-------- C:\Program Files\WinBudget


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4}]
C:\WINDOWS\korad.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]
12/01/2005 07:39 PM 113152 --a------ C:\WINDOWS\IECodecPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}]
03/11/2008 05:45 PM 282636 --a------ C:\Program Files\eSoftware\studio.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/10/2005 03:14 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 10:43 PM C:\WINDOWS\Alcmtr.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/27/2008 01:54 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/27/2008 01:54 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/27/2008 01:54 AM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [02/27/2008 01:54 AM]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [02/27/2008 01:54 AM]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 10:29 AM C:\WINDOWS\agrsmmsg.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/27/2008 01:54 AM]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [06/01/2005 01:00 AM C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [02/27/2008 01:54 AM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [02/27/2008 01:54 AM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [02/27/2008 01:54 AM]
"CFSServ.exe"="CFSServ.exe" []
"dmsjb.exe"="C:\WINDOWS\system32\dmsjb.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/27/2008 01:54 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [02/27/2008 01:54 AM]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [02/27/2008 01:54 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [02/27/2008 01:54 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/27/2008 01:54 AM]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 01:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/27/2008 01:54 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [10/31/2006 02:34 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"cjb"="C:\Program Files\cjb\cjb8.exe" [04/18/2008 10:47 AM]
"iSecurity applet"="iSecurity.cpl" [04/18/2008 10:47 AM C:\WINDOWS\system32\iSecurity.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [02/27/2008 01:54 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [02/27/2008 01:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [11/4/2005 11:20:51 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"iSecurity"= {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csfrc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=iSecurity.cpl


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet]
rundll32.exe iSecurity.cpl,SecurityMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab2810a-a07b-11dc-bf8c-0016e3041f45}]
AutoRun\command- New Folder.exe




-- End of Deckard's System Scanner: finished at 2008-04-29 21:13:45 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.70GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 446.17 MiB / 179.42 MiB
Pagefile Memory (total/avail): 1056.41 MiB / 642.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.56 MiB

C: is Fixed (NTFS) - 74.29 GiB total, 50.49 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 74.29 GiB - C:
\PARTITION1 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Symantec AntiVirus Corporate Edition v9.0.4.1000 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\lxcycoms.exe"="C:\\WINDOWS\\system32\\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Carol\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RCPAGADUAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite A105
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Carol
LOGONSERVER=\\RCPAGADUAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Carol\LOCALS~1\Temp
TMP=C:\DOCUME~1\Carol\LOCALS~1\Temp
USERDOMAIN=RCPAGADUAN
USERNAME=Carol
USERPROFILE=C:\Documents and Settings\Carol
VERNUM=PSAA2U-123456V
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Carol (admin)
Rene (admin)
Administrator.RCPAGADUAN (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EuroTalk Talk Now Plus! --> C:\PROGRA~1\EuroTalk\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\TALKNO~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Metamail (Toshiba Registration Utility) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Safety Alert 2006 --> C:\DOCUME~1\Carol\LOCALS~1\Temp\laf62.tmp /del
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Symantec AntiVirus --> MsiExec.exe /I{3E172636-AE83-474A-9D07-E31C22C6DDC2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Windows Driver Package - Microsoft WPD (8/28/2006 1.0.0.2) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_9C3D37D5063B767B2FEA1899B50894F1AC95FAA6\Zune.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Engine --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"
Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}


-- Application Event Log -------------------------------------------------------

Event Record #/Type175 / Error
Event Submitted/Written: 04/29/2008 07:56:51 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type162 / Warning
Event Submitted/Written: 04/29/2008 07:12:28 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not access path C:\pagefile.sys

Event Record #/Type161 / Warning
Event Submitted/Written: 04/29/2008 07:12:27 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not access path C:\hiberfil.sys

Event Record #/Type160 / Warning
Event Submitted/Written: 04/29/2008 07:12:25 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not access path C:\Documents and Settings\Rene

Event Record #/Type159 / Warning
Event Submitted/Written: 04/29/2008 07:12:25 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Scan could not open file C:\Documents and Settings\NetworkService\ntuser.dat.LOG [00000003]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24136 / Error
Event Submitted/Written: 04/29/2008 08:53:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type24135 / Error
Event Submitted/Written: 04/29/2008 08:40:40 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type24134 / Error
Event Submitted/Written: 04/29/2008 08:39:25 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type24133 / Error
Event Submitted/Written: 04/29/2008 08:38:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SAVRT
SYMTDI
Tcpip

Event Record #/Type24132 / Error
Event Submitted/Written: 04/29/2008 08:38:43 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-29 21:13:45 ------------

Edited by Panda Moniium, 30 April 2008 - 07:52 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 30 April 2008 - 10:27 AM

Hello Panda Moniium,

Welcome to Bleeping Computer :thumbsup:

Couple of things going on here, so this will take several posts and a few tools to clear.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 30 April 2008 - 12:46 PM

Username "Carol" - 04/30/2008 13:19:07 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmsjb"
HKLM\SOFTWARE\~\Winlogon\ "System"="csfrc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.92 85.255.112.195" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1A734B13-7935-493E-84DC-1C812FD707F8}
"nameserver"="85.255.113.92,85.255.112.195" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{38170140-9067-47C7-8914-B9B9EF70AD8E}
"DhcpNameServer"="85.255.113.92,85.255.112.195" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}8D045DFEC9EC-E32B-15E4-B754-22C343DF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D3E47720E970-2989-E984-9442-CA6A3663{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "bjsmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1trap" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2trap" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "crfsc" Value deleted
HKCR\CLSID\{4082BBC4-FF16-466F-AD49-5C21C714E565}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"NDSTray.exe"="NDSTray.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"TFncKy"="TFncKy.exe"
"TPSMain"="TPSMain.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"CFSServ.exe"="CFSServ.exe -NoClient"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"lxcymon.exe"="\"C:\\Program Files\\Lexmark 3400 Series\\lxcymon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 3400 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"LXCYCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCYtime.dll,_RunDLLEntry@16"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"cjb"="C:\\Program Files\\cjb\\cjb8.exe"
"iSecurity applet"="rundll32.exe iSecurity.cpl,SecurityMonitor"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 30 April 2008 - 01:07 PM

Hello,

Thanks for that. :thumbsup:

Please be sure in your next reply to include a new HijackThis log like I asked for.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 01 May 2008 - 10:24 AM

ComboFix 08-04-29.5 - Carol 2008-05-01 11:01:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -4:00]
Running from: C:\Documents and Settings\Carol\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Carol\Application Data\WinIFixer.com
C:\Documents and Settings\Carol\Desktop\WinIFixer.lnk
C:\Program Files\cjb
C:\Program Files\cjb\cjb8.exe
C:\Program Files\iSecurity
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\Thumbs.db
C:\Program Files\iSecurity\ucleaner.bmp
C:\Program Files\iSecurity\ucleaner.ico
C:\Program Files\iSecurity\ucleaneri.bmp
C:\Program Files\iSecurity\udefender.bmp
C:\Program Files\iSecurity\udefender.ico
C:\Program Files\iSecurity\udefenderi.bmp
C:\Program Files\iSecurity\v5\iSecurity.cpl
C:\Program Files\iSecurity\v7\iSecurity.cpl
C:\Program Files\iSecurity\winifixer.bmp
C:\Program Files\iSecurity\winifixer.ico
C:\Program Files\iSecurity\winifixeri.bmp
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dll
C:\smp.bat
C:\WINDOWS\system32\iSecurity.cpl

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 04:06 . 2008-05-01 04:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-01 04:05 . 2008-05-01 04:05 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-30 13:18 . 2008-04-30 13:42 <DIR> d-------- C:\fixwareout
2008-04-29 21:12 . 2008-04-29 21:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-29 21:10 . 2008-04-29 21:10 <DIR> d-------- C:\Deckard
2008-04-29 21:06 . 2008-04-29 21:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 21:06 . 2008-04-29 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 20:06 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-04-29 19:19 . 2008-04-29 19:19 <DIR> d-------- C:\VundoFix Backups
2008-04-29 19:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-28 08:58 . 2008-04-28 08:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 20:31 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-19 20:31 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-19 20:31 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-19 20:31 . 2008-04-20 00:38 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-19 20:31 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-19 20:31 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-19 20:31 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-19 20:19 . 2005-11-04 23:25 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\WINDOWS
2008-04-19 20:19 . 2005-11-05 00:10 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\You've Got Pictures Screensaver
2008-04-19 20:19 . 2005-11-04 23:39 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\toshiba
2008-04-19 20:19 . 2005-11-05 00:05 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\Intuit
2008-04-19 20:19 . 2005-11-29 18:25 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\ATI
2008-04-19 20:19 . 2006-04-10 18:00 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN\Application Data\AOL
2008-04-19 20:19 . 2008-04-19 20:19 <DIR> d-------- C:\Documents and Settings\Administrator.RCPAGADUAN
2008-04-19 20:19 . 2008-05-01 11:00 1,024 --ah----- C:\Documents and Settings\Administrator.RCPAGADUAN\ntuser.dat.LOG
2008-04-19 19:32 . 2005-11-04 23:25 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-19 19:32 . 2008-04-19 19:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 19:32 . 2008-05-01 11:00 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-19 09:36 . 2008-04-19 09:38 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-04-18 10:47 . 2008-04-18 10:47 <DIR> d-------- C:\Program Files\IE Extensions
2008-04-18 07:51 . 2008-04-18 07:51 <DIR> d-------- C:\Program Files\Gravity
2008-04-02 12:43 . 2008-04-02 12:44 <DIR> d-------- C:\Program Files\Safari
2008-04-02 12:34 . 2008-04-02 12:34 <DIR> d-------- C:\Program Files\iPod
2008-04-02 12:20 . 2008-05-01 10:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-02 12:20 . 2008-04-02 12:20 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 15:08 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-30 22:35 --------- d-----w C:\Program Files\lx_cats
2008-04-30 01:53 --------- d-----w C:\Program Files\GatheringRO
2008-04-29 23:14 --------- d-----w C:\Program Files\Java
2008-04-28 19:55 --------- d-----w C:\Program Files\DivX
2008-04-28 19:54 --------- d-----w C:\Program Files\Common Files\Real
2008-04-27 03:16 --------- d-----w C:\Documents and Settings\Carol\Application Data\U3
2008-04-18 19:31 --------- d-----w C:\Program Files\LimeWire
2008-04-18 11:54 --------- d-----w C:\Documents and Settings\Carol\Application Data\LimeWire
2008-04-11 09:00 --------- d-----w C:\Documents and Settings\Carol\Application Data\toshiba
2008-04-08 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 02:25 --------- d-----w C:\Documents and Settings\Carol\Application Data\Apple Computer
2008-04-02 16:35 --------- d-----w C:\Program Files\iTunes
2008-03-30 12:23 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-26 15:31 --------- d-----w C:\Documents and Settings\Carol\Application Data\uTorrent
2008-03-24 13:34 --------- d-----w C:\Program Files\Zune
2008-03-24 13:34 --------- d-----w C:\Program Files\DIFX
2008-03-24 13:33 --------- d-----w C:\Program Files\Common Files\ComponentOne
2008-03-24 10:39 --------- d-----w C:\Documents and Settings\Carol\Application Data\IMVU
2008-03-15 01:06 --------- d-----w C:\Program Files\Viewpoint
2008-03-15 01:06 --------- d-----w C:\Program Files\Common Files\Viewpoint
2008-03-15 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-11 21:47 --------- d-----w C:\Program Files\eSoftware
2008-03-05 05:05 --------- d--h--w C:\Documents and Settings\Carol\Application Data\ijjigame
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-r 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 344,064 2005-08-06 05:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

-c--a-w 50,760 2006-05-10 00:24:16 C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe

-c--a-w 67,184 2005-02-18 00:32:52 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

-c--a-w 267,048 2008-02-04 19:18:40 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 17:10:32 C:\Program Files\iTunes\iTunesHelper.exe

-c--a-w 82,608 2007-06-25 14:34:56 C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe

-c--a-w 291,504 2007-06-25 14:34:55 C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe

-c--a-w 295,600 2007-06-25 14:35:01 C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe

-c--a-w 183,367 2006-11-16 16:42:38 C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe

-c--a-w 286,720 2007-10-20 01:16:26 C:\Program Files\QuickTime\bak\QTTask.exe

-c--a-w 120,640 2005-04-24 21:21:40 C:\Program Files\Symantec AntiVirus\bak\VPTray.exe

----a-w 688,218 2004-10-14 23:26:40 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 98,394 2004-10-14 23:28:02 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe

-c--a-w 65,536 2004-12-30 08:32:20 C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe

----a-w 352,256 2005-11-25 21:07:16 C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe

-c--a-w 122,880 2005-04-27 00:13:20 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe

-c--a-w 1,077,322 2005-07-15 18:52:42 C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe

-c--a-w 73,728 2005-11-10 18:24:50 C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe

-c--a-w 151,552 2005-03-18 01:37:26 C:\TOSHIBA\IVP\ISM\bak\pinger.exe

-c--a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 122,940 2005-08-01 13:10:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4}]
C:\WINDOWS\korad.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]
2005-12-01 19:39 113152 --a------ C:\WINDOWS\IECodecPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}]
2008-03-11 17:45 282636 --a------ C:\Program Files\eSoftware\studio.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15:14 15473664 C:\WINDOWS\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 10:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-06-01 01:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" []
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 13:27 106496]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2006-10-31 14:34 20752]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 23:20:51 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1146106896\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\lxcycoms.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 04:05]
R2 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 06:28]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab2810a-a07b-11dc-bf8c-0016e3041f45}]
\Shell\AutoRun\command - New Folder.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 16:20:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 11:09:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-01 11:18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 15:18:05

Pre-Run: 53,717,299,200 bytes free
Post-Run: 54,086,459,392 bytes free

218 --- E O F --- 2008-05-01 08:07:08




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:30 AM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\korad.dll (file missing)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carol\Start Menu\Programs\EuroTalk Interactive\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://mobile.coair.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8486 bytes

#6 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 01 May 2008 - 10:26 AM

Is it supposed to say:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

and is that bad?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 01 May 2008 - 02:28 PM

Hello,

If you don't have it installed then it's supposed to say that. Not necessarily bad, but it won't hurt to install it just in case you find yourself in dire circumstances. ComboFix revealed another infection we need to take care of called AWF. :thumbsup:

# *Please download FindAWF by noahdfear and save it to your desktop:

# Please double-click FindAWF.exe to run option 1.
# If a security alert shows, allow the program to run.
# When the tool has completed, a report will open in Notepad.
# Please post the results of the awf.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 01 May 2008 - 11:21 PM

Directory of C:\PROGRA~1\ITUNES\BAK

02/04/2008 03:18 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

06/25/2007 10:34 AM 82,608 ezprint.exe
06/25/2007 10:34 AM 291,504 lxcymon.exe
2 File(s) 374,112 bytes

Directory of C:\PROGRA~1\LEXMAR~2\BAK

06/25/2007 10:35 AM 295,600 fm3032.exe
1 File(s) 295,600 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/19/2007 09:16 PM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

04/24/2005 05:21 PM 120,640 VPTray.exe
1 File(s) 120,640 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 08:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

08/06/2005 01:05 AM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

02/17/2005 08:32 PM 67,184 ccApp.exe
1 File(s) 67,184 bytes

Directory of C:\PROGRA~1\PLAXO\2121~1.1\BAK

11/16/2006 12:42 PM 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

10/14/2004 07:26 PM 688,218 SynTPEnh.exe
10/14/2004 07:28 PM 98,394 SynTPLpr.exe
2 File(s) 786,612 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

12/30/2004 04:32 AM 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~1\BAK

11/25/2005 05:07 PM 352,256 thotkey.exe
1 File(s) 352,256 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

04/26/2005 08:13 PM 122,880 SmoothView.exe
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK

07/15/2005 02:52 PM 1,077,322 PadExe.exe
1 File(s) 1,077,322 bytes

Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK

11/10/2005 02:24 PM 73,728 TvsTray.exe
1 File(s) 73,728 bytes

Directory of C:\TOSHIBA\IVP\ISM\BAK

03/17/2005 09:37 PM 151,552 pinger.exe
1 File(s) 151,552 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/01/2005 09:10 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114610~1\EE\BAK

05/09/2006 08:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Feb 19 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Feb 4 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 2 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe"
75048 Apr 2 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe"
82608 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe"
291504 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe"
295600 Jun 25 2007 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
120640 Apr 24 2005 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
344064 Aug 6 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
67184 Feb 17 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
352256 Nov 25 2005 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
1077322 Jul 15 2005 "C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe"
73728 Nov 10 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
151552 Mar 17 2005 "C:\TOSHIBA\IVP\ISM\bak\pinger.exe"
122940 Aug 1 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe"
122940 Aug 1 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe"


end of report


Did you want a HiJackThis report?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 02 May 2008 - 12:06 AM

Hello,

You didn't post the whole report.....did you run other than just option #1? I hope not because this should be done in a certain order. No, I won't need a new HijackThis log until we're done with this. :thumbsup:

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe"
"C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe"
"C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
"C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
"C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
"C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
"C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe"
"C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
"C:\TOSHIBA\IVP\ISM\bak\pinger.exe"
"C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 May 2008 - 06:57 AM

I only ran option 1 and that was the only report they gave me.

#11 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 May 2008 - 06:58 AM

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 05/02/2008
The current time is: 7:54:17.79


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

02/04/2008 03:18 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

06/25/2007 10:34 AM 82,608 ezprint.exe
06/25/2007 10:34 AM 291,504 lxcymon.exe
2 File(s) 374,112 bytes

Directory of C:\PROGRA~1\LEXMAR~2\BAK

06/25/2007 10:35 AM 295,600 fm3032.exe
1 File(s) 295,600 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/19/2007 09:16 PM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

04/24/2005 05:21 PM 120,640 VPTray.exe
1 File(s) 120,640 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 08:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

08/06/2005 01:05 AM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

02/17/2005 08:32 PM 67,184 ccApp.exe
1 File(s) 67,184 bytes

Directory of C:\PROGRA~1\PLAXO\2121~1.1\BAK

11/16/2006 12:42 PM 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

10/14/2004 07:26 PM 688,218 SynTPEnh.exe
10/14/2004 07:28 PM 98,394 SynTPLpr.exe
2 File(s) 786,612 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

12/30/2004 04:32 AM 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~1\BAK

11/25/2005 05:07 PM 352,256 thotkey.exe
1 File(s) 352,256 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

04/26/2005 08:13 PM 122,880 SmoothView.exe
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOUCHA~1\BAK

07/15/2005 02:52 PM 1,077,322 PadExe.exe
1 File(s) 1,077,322 bytes

Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK

11/10/2005 02:24 PM 73,728 TvsTray.exe
1 File(s) 73,728 bytes

Directory of C:\TOSHIBA\IVP\ISM\BAK

03/17/2005 09:37 PM 151,552 pinger.exe
1 File(s) 151,552 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/01/2005 09:10 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114610~1\EE\BAK

05/09/2006 08:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Feb 4 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Feb 4 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 2 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe"
75048 Apr 2 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe"
82608 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
82608 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\ezprint.exe"
291504 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
291504 Jun 25 2007 "C:\Program Files\Lexmark 3400 Series\bak\lxcymon.exe"
295600 Jun 25 2007 "C:\Program Files\Lexmark Fax Solutions\fm3032.exe"
295600 Jun 25 2007 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
120640 Apr 24 2005 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
120640 Apr 24 2005 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
344064 Aug 6 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
344064 Aug 6 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
67184 Feb 17 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
67184 Feb 17 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
688218 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
98394 Oct 14 2004 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
352256 Nov 25 2005 "C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe"
352256 Nov 25 2005 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
1077322 Jul 15 2005 "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
1077322 Jul 15 2005 "C:\Program Files\TOSHIBA\Touch and Launch\bak\PadExe.exe"
73728 Nov 10 2005 "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
73728 Nov 10 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
151552 Mar 17 2005 "C:\TOSHIBA\IVP\ISM\pinger.exe"
151552 Mar 17 2005 "C:\TOSHIBA\IVP\ISM\bak\pinger.exe"
122940 Aug 1 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Aug 1 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe"
122940 Aug 1 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1146106896\ee\AOLSoftware.exe"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1146106896\ee\bak\AOLSoftware.exe"


end of report

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 02 May 2008 - 09:34 AM

Hello,

Thanks for letting me know. :thumbsup:

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\iTunes\bak
C:\Program Files\Lexmark 3400 Series\bak
C:\Program Files\Lexmark Fax Solutions\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Symantec AntiVirus\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Plaxo\2.12.1.1\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\TOSHIBA\TOSCDSPD\bak
C:\Program Files\TOSHIBA\TOSHIBA Applet\bak
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak
C:\Program Files\TOSHIBA\Touch and Launch\bak
C:\Program Files\TOSHIBA\Tvs\bak
C:\TOSHIBA\IVP\ISM\bak
C:\WINDOWS\system32\DLA\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\Common Files\AOL\1146106896\ee\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 02 May 2008 - 01:18 PM

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Fri 05/02/2008
The current time is: 12:06:04.76


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"


end of report

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:57 PM

Posted 02 May 2008 - 02:09 PM

Hello,

I see that one remains. Your Adobe is out of date anyway, so I would recommend that you uninstall that version and update to the newest, and it'll be clean. :thumbsup:

To finish, run Option 4.

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.

When the program returns to the main menu, use the following option:
Press E then Enter to EXIT.

Now I need to see a new HijackThis log so we can deal with the rest, please. :blink:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Panda Moniium

Panda Moniium
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 03 May 2008 - 03:48 PM

I'm not sure which Adobe (flash player? reader?) update I needed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:42 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\korad.dll (file missing)
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carol\Start Menu\Programs\EuroTalk Interactive\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8995 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users