Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant type with my keyboard...


  • This topic is locked This topic is locked
4 replies to this topic

#1 Goolz

Goolz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 11 April 2009 - 11:46 AM

I am including the HJT LOG that I ran.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:32, on 11-Apr-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program FilesIObitAdvanced SystemCare 3AWC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSiteAdvisor6261SiteAdv.exe
C:Program FilesAVGAVG8avgtray.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCamera Assistant Software for Toshibatraybar.exe
C:Program FilesPC Tools Firewall PlusFirewallGUI.exe
C:WindowsSystem32igfxtray.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesAIM6aim6.exe
C:Program FilesToshibaTOSCDSPDTOSCDSPD.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesSynapticsSynTPSynToshiba.exe
C:Windowsehomeehmsas.exe
C:Program FilesCamera Assistant Software for ToshibaCEC_MAIN.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesProtector Suite QLpsqltray.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesAIM6aolsoftware.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
c:PROGRA~1mcafeemscmcuimgr.exe
C:Program FilesSpybot - Search & DestroySpybotSD.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WindowsSystem32osk.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesAVGAVG8aAvgApi.exe
C:Program FilesMozilla Firefoxfirefox.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:Program FilesSiteAdvisor6261SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:Program FilesMcAfeeMSKmcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:Program FilesSiteAdvisor6261SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [SiteAdvisor] "C:Program FilesSiteAdvisor6261SiteAdv.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
O4 - HKLM..Run: [SVPWUTIL] C:Program FilesTOSHIBAUtilitiesSVPWUTIL.exe SVPwUTIL
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [PSQLLauncher] "C:Program FilesProtector Suite QLlauncher.exe" /startup
O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [Camera Assistant Software] "C:Program FilesCamera Assistant Software for Toshibatraybar.exe"
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [00PCTFW] "C:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s
O4 - HKLM..Run: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 - HKLM..Run: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe
O4 - HKLM..Run: [SpybotSnD] "C:Program FilesSpybot - Search & DestroySpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-20..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL,avgrsstx.dll
O23 - Service: McAfee Application Installer Cleanup (0060171204034812) (0060171204034812mcinstcleanup) - - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: dlbc_device - - C:Windowssystem32dlbccoms.exe
O23 - Service: dlbt_device - - C:Windowssystem32dlbtcoms.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:Program FilesJuniper NetworksCommon FilesdsNcService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WindowsSystem32LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:Program FilesPC Tools Firewall PlusFWService.exe
O23 - Service: pinger - Unknown owner - C:TOSHIBAIVPISMpinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:TOSHIBAIVPswupdateswupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:Program FilesToshibaTOSHIBA HD DVD PLAYERTNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:Windowssystem32TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:Program FilesToshibaPower SaverTosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe

--
End of file - 12296 bytes

I also noticed you typically asked for a DDS log for similar problems so i ran this as well.


DDS (Ver_09-03-16.01) - NTFSx86
Run by james at 13:21:26.68 on 11-Apr-09
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.868 [GMT -4:00]


============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32WLANExt.exe
C:WindowsSystem32LEXBCES.EXE
C:Program FilesProtector Suite QLupeksvr.exe
C:WindowsSystem32LEXPPS.EXE
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32agrsmsvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:Program FilesJuniper NetworksCommon FilesdsNcService.exe
C:Program FilesIntelWirelessBinEvtEng.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Windowssystem32taskeng.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesToshibaTOSHIBA HD DVD PLAYERTNaviSrv.exe
C:Windowssystem32TODDSrv.exe
C:Program FilesToshibaPower SaverTosCoSrv.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesSiteAdvisor6261SiteAdv.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCamera Assistant Software for Toshibatraybar.exe
C:WindowsSystem32igfxtray.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesAIM6aim6.exe
C:Program FilesToshibaTOSCDSPDTOSCDSPD.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesSynapticsSynTPSynToshiba.exe
C:Windowsehomeehmsas.exe
C:Program FilesCamera Assistant Software for ToshibaCEC_MAIN.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesSpybot - Search & DestroySDWinSec.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesProtector Suite QLpsqltray.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesAIM6aolsoftware.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1mcafeemscmcuimgr.exe
C:Windowssystem32svchost.exe -k SDRSVC
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Program FilesAVGAVG8avgrsx.exe
C:Windowssystem32rundll32.exe
C:UsersjamesDownloadsdds(2).pif
C:WindowsSystem32osk.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uLocal Page =
mStart Page = hxxp://www.msn.com
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:program filessiteadvisor6261SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:program filesmcafeemskmcapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0binssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:progra~1avgavg8AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_219B3E1547538286.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:program filessiteadvisor6261SiteAdv.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:progra~1avgavg8AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
uRun: [Aim6] "c:program filesaim6aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Yahoo! Pager] "c:program filesyahoo!messengerYahooMessenger.exe" -quiet
uRun: [TOSCDSPD] c:program filestoshibatoscdspdTOSCDSPD.exe
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SiteAdvisor] "c:program filessiteadvisor6261SiteAdv.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [SynTPStart] c:program filessynapticssyntpSynTPStart.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
mRun: [SVPWUTIL] c:program filestoshibautilitiesSVPWUTIL.exe SVPwUTIL
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [PSQLLauncher] "c:program filesprotector suite qllauncher.exe" /startup
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Google Desktop Search] "c:program filesgooglegoogle desktop searchGoogleDesktop.exe" /startup
mRun: [Camera Assistant Software] "c:program filescamera assistant software for toshibatraybar.exe"
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [00PCTFW] "c:program filespc tools firewall plusFirewallGUI.exe" -s
mRun: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
mRun: [mcagent_exe] c:program filesmcafee.comagentmcagent.exe /runkey
mRun: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe
mRun: [SpybotSnD] "c:program filesspybot - search & destroySpybotSD.exe" /autocheck /autofix /waitstart
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
dRun: [Picasa Media Detector] c:program filespicasa2PicasaMediaDetector.exe
StartupFolder: c:usersjamesappdataroamingmicros~1windowsstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartuplogite~1.lnk - c:program fileslogitechsetpointSetPoint.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:progra~1micros~3office12EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:program filessiteadvisor6261SiteAdv.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:windowssystem32psqlpwd.dll
AppInit_DLLs: c:progra~1googlegoogle~1GOEC62~1.DLL,avgrsstx.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:usersjamesappdataroamingmozillafirefoxprofileshavfibfs.default
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg8toolbarffcomponentsvmAVGConnector.dll
FF - component: c:program filessiteadvisor6261ffcomponentsFFHook.dll
FF - plugin: c:program filesjavajre1.6.0binnpjava11.dll
FF - plugin: c:program filesjavajre1.6.0binnpjava12.dll
FF - plugin: c:program filesjavajre1.6.0binnpjava13.dll
FF - plugin: c:program filesjavajre1.6.0binnpjava14.dll
FF - plugin: c:program filesjavajre1.6.0binnpjava32.dll
FF - plugin: c:program filesjavajre1.6.0binnpjpi160.dll
FF - plugin: c:program filesjavajre1.6.0binnpoji610.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpclntax_ZangoSA.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpvlc.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 antispyware;antispyware;c:windowssystem32driversantispyware.sys [2008-2-25 19712]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-3-5 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-3-5 108552]
R1 pctgntdi;pctgntdi;c:windowssystem32driverspctgntdi.sys [2009-4-3 159600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:progra~1avgavg8avgemc.exe [2009-3-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-3-5 298264]
R2 PCTAppEvent;PCTAppEvent Driver;c:windowssystem32driversPCTAppEvent.sys [2009-4-3 73840]
R2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2009-3-6 1153368]
S2 0060171204034812mcinstcleanup;McAfee Application Installer Cleanup (0060171204034812); [x]
S2 dlbc_device;dlbc_device;c:windowssystem32dlbccoms.exe -service --> c:windowssystem32dlbccoms.exe -service [?]
S2 MyWebSearchService;My Web Search Service; [x]
S3 pctplfw;pctplfw;c:windowssystem32driverspctplfw.sys [2009-4-3 95640]

=============== Created Last 30 ================

2009-04-09 03:41 <DIR> --d----- c:program filesTrend Micro
2009-04-04 14:03 <DIR> --d----- C:Banesoft
2009-04-03 17:34 130,424 a------- c:windowssystem32driversPCTCore.sys
2009-04-03 17:34 73,840 a------- c:windowssystem32driversPCTAppEvent.sys
2009-04-03 17:33 159,600 a------- c:windowssystem32driverspctgntdi.sys
2009-04-03 17:32 95,640 a------- c:windowssystem32driverspctplfw.sys
2009-04-03 17:20 <DIR> --d----- c:programdataYahoo! Companion
2009-04-03 17:18 <DIR> --d----- c:usersjamesappdataroamingIObit
2009-04-03 17:18 <DIR> --d----- c:program filesIObit
2009-04-01 02:13 <DIR> --d----- c:usersjamesappdataroamingPCToolsFirewallPlus
2009-03-31 22:22 <DIR> a-d----- c:programdataTEMP
2009-03-31 22:20 97,408 a------- c:windowssystem32driverspctfw.sys
2009-03-31 22:20 <DIR> --d----- c:program filescommon filesPC Tools
2009-03-31 22:20 <DIR> --d----- c:program filesPC Tools Firewall Plus
2009-03-31 20:21 <DIR> --dsh--- c:windowssystem32%APPDATA%
2009-03-13 02:36 8,147,456 a------- c:windowssystem32wmploc.DLL
2009-03-13 02:36 7,680 a------- c:windowssystem32spwmp.dll
2009-03-13 02:36 4,096 a------- c:windowssystem32msdxm.ocx
2009-03-13 02:36 4,096 a------- c:windowssystem32dxmasf.dll
2009-03-13 02:36 268,288 a------- c:windowssystem32schannel.dll
2009-03-13 02:35 2,033,152 a------- c:windowssystem32win32k.sys

==================== Find3M ====================

2009-04-09 20:53 108,552 a------- c:windowssystem32driversavgtdix.sys
2009-04-03 17:33 51,200 a------- c:windowsinfinfpub.dat
2009-04-03 17:33 143,360 a------- c:windowsinfinfstrng.dat
2009-04-03 17:33 86,016 a------- c:windowsinfinfstor.dat
2009-03-08 07:34 914,944 a------- c:windowssystem32wininet.dll
2009-03-08 07:34 43,008 a------- c:windowssystem32licmgr10.dll
2009-03-08 07:33 18,944 a------- c:windowssystem32corpol.dll
2009-03-08 07:33 109,056 a------- c:windowssystem32iesysprep.dll
2009-03-08 07:33 109,568 a------- c:windowssystem32PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:windowssystem32ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:windowssystem32RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:windowssystem32SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:windowssystem32SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:windowssystem32vbscript.dll
2009-03-08 07:32 72,704 a------- c:windowssystem32admparse.dll
2009-03-08 07:32 71,680 a------- c:windowssystem32iesetup.dll
2009-03-08 07:32 66,560 a------- c:windowssystem32wextract.exe
2009-03-08 07:32 169,472 a------- c:windowssystem32iexpress.exe
2009-03-08 07:31 34,816 a------- c:windowssystem32imgutil.dll
2009-03-08 07:31 48,128 a------- c:windowssystem32mshtmler.dll
2009-03-08 07:31 45,568 a------- c:windowssystem32mshta.exe
2009-03-08 07:22 156,160 a------- c:windowssystem32msls31.dll
2009-03-07 15:27 0 a---h--- c:windowssystem32driversMsft_User_WpdFs_01_00_00.Wdf
2009-03-05 19:47 10,520 a------- c:windowssystem32avgrsstx.dll
2009-03-05 19:47 325,640 a------- c:windowssystem32driversavgldx86.sys
2009-03-05 19:03 174 a--sh--- c:program filesdesktop.ini
2009-03-05 18:46 665,600 a------- c:windowsinfdrvindex.dat
2009-03-05 18:28 101,888 a------- c:windowssystem32ifxcardm.dll
2009-03-05 18:28 82,432 a------- c:windowssystem32axaltocm.dll
2008-02-08 00:43 32 a------- c:programdataezsid.dat
2008-02-08 00:43 32 a------- c:progra~2ezsid.dat
2007-05-30 22:33 262,144 a------- c:progra~2ntuser.dat
2006-11-02 08:42 287,440 a------- c:windowsinfperflib0409perfi.dat
2006-11-02 08:42 287,440 a------- c:windowsinfperflib0409perfh.dat
2006-11-02 08:42 30,674 a------- c:windowsinfperflib0409perfd.dat
2006-11-02 08:42 30,674 a------- c:windowsinfperflib0409perfc.dat
2006-11-02 05:20 287,440 a------- c:windowsinfperflib0000perfi.dat
2006-11-02 05:20 287,440 a------- c:windowsinfperflib0000perfh.dat
2006-11-02 05:20 30,674 a------- c:windowsinfperflib0000perfd.dat
2006-11-02 05:20 30,674 a------- c:windowsinfperflib0000perfc.dat

============= FINISH: 13:22:46.36 ===============

Merged posts. ~ OB

Edited by Orange Blossom, 20 April 2009 - 10:14 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:27 AM

Posted 25 April 2009 - 06:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Goolz

Goolz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 27 April 2009 - 01:26 PM

Here u go.



DDS (Ver_09-03-16.01) - NTFSx86
Run by james at 14:18:04.62 on Mon 04/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.877 [GMT -4:00]

AV: StopSign Antivirus *On-access scanning disabled* (Updated)
FW: StopSign Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dlbccoms.exe
C:\Windows\system32\dlbtcoms.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\eAcceleration\eacsvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\AeriaGames\12Sky\TwelveSky.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\james\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.msn.com
mLocal Page =
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: {b753c7c5-0942-4b7f-bc27-942b52bdac66} - c:\progra~1\stopsign\popupb~1\sspopupblocker.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [webscan] "c:\program files\acceleration software\anti-virus\stopsignav.exe" -k
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StopSignPopupBlocker] c:\progra~1\stopsign\popupb~1\sspopupblockerctrl.exe /Startup
mRun: [SoftwareStation] "c:\program files\eacceleration\station\station.exe" /b Startup
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - c:\progra~1\stopsign\popupb~1\sspopupblocker.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\havfibfs.default\
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll

============= SERVICES / DRIVERS ===============

R1 FWCore;FWCore;c:\windows\system32\drivers\fwcore.sys [2009-4-13 58976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\eaccel~1\framew~1\eac_svc.exe [2009-4-13 111952]
R2 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\eaccel~1\framew~1\eac_productsvc.exe [2009-4-13 263504]
R3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 0060171204034812mcinstcleanup;McAfee Application Installer Cleanup (0060171204034812); [x]
S2 0090921239507219mcinstcleanup;McAfee Application Installer Cleanup (0090921239507219);c:\users\james\appdata\local\temp\009092~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\james\appdata\local\temp\009092~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 FWService;FWService;c:\program files\eacceleration\firewall\fwservice.exe -service --> c:\program files\eacceleration\firewall\FWService.exe -Service [?]

=============== Created Last 30 ================

2009-04-25 15:33 <DIR> --d----- c:\users\james\appdata\roaming\Ideazon
2009-04-25 13:54 <DIR> --d----- c:\program files\Ideazon
2009-04-17 21:09 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-04-14 03:49 <DIR> --d----- c:\program files\The 4th Coming
2009-04-13 22:40 <DIR> --d----- c:\program files\Microsoft Easy Assist
2009-04-13 22:38 <DIR> --d----- c:\programdata\Applications
2009-04-13 22:38 <DIR> --d----- c:\progra~2\Applications
2009-04-13 17:57 58,976 a------- c:\windows\system32\drivers\fwcore.sys
2009-04-13 15:51 <DIR> --d----- c:\users\james\appdata\roaming\eAcceleration
2009-04-13 15:47 <DIR> --d----- c:\program files\Acceleration Software
2009-04-13 15:46 <DIR> --d----- c:\programdata\eAcceleration
2009-04-13 15:46 <DIR> --d----- c:\progra~2\eAcceleration
2009-04-13 15:45 <DIR> --d----- c:\program files\common files\eAcceleration
2009-04-13 15:45 <DIR> --d----- c:\program files\eAcceleration
2009-04-13 15:45 <DIR> --d----- c:\program files\StopSign
2009-04-13 10:38 161,792 a------- c:\windows\SWREG.exe
2009-04-13 10:38 98,816 a------- c:\windows\sed.exe
2009-04-12 21:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-12 15:28 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-12 15:28 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-12 15:28 <DIR> --d----- c:\program files\iPod
2009-04-12 15:28 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 15:28 <DIR> --d----- c:\program files\iTunes
2009-04-12 15:28 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 15:14 <DIR> --d----- c:\program files\Bonjour
2009-04-12 09:36 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-12 09:36 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-12 09:35 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-12 09:35 <DIR> --d----- c:\users\james\appdata\roaming\SUPERAntiSpyware.com
2009-04-12 00:18 <DIR> --d----- c:\users\james\DoctorWeb
2009-04-11 14:04 <DIR> --d----- c:\users\james\appdata\roaming\Malwarebytes
2009-04-11 14:03 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-11 14:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 14:03 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-09 03:41 <DIR> --d----- c:\program files\Trend Micro
2009-04-04 14:03 <DIR> --d----- C:\Banesoft
2009-04-03 17:18 <DIR> --d----- c:\users\james\appdata\roaming\IObit
2009-04-03 17:18 <DIR> --d----- c:\program files\IObit
2009-04-01 02:13 <DIR> --d----- c:\users\james\appdata\roaming\PCToolsFirewallPlus
2009-03-31 22:22 <DIR> a-d----- c:\programdata\TEMP
2009-03-31 22:20 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-31 22:20 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-03-31 20:21 <DIR> --dsh--- c:\windows\system32\%APPDATA%

==================== Find3M ====================

2009-04-25 13:56 51,200 a------- c:\windows\inf\infpub.dat
2009-04-25 13:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-25 13:55 86,016 a------- c:\windows\inf\infstor.dat
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-07 15:27 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-05 19:03 174 a--sh--- c:\program files\desktop.ini
2009-03-05 18:46 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-05 18:28 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-03-05 18:28 82,432 a------- c:\windows\system32\axaltocm.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-13 04:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 04:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2008-02-08 00:43 32 a------- c:\programdata\ezsid.dat
2008-02-08 00:43 32 a------- c:\progra~2\ezsid.dat
2007-05-30 22:33 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:21:19.49 ===============

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:27 AM

Posted 27 April 2009 - 07:16 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Do you have another keyboard that you can plug into this computer or another computer that you can plug this keyboard into. How old is the keyboard? Are you having any other problems, or is it just keyboard related?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:27 AM

Posted 06 May 2009 - 03:59 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users