Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC infected with Malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 cheyenne10

cheyenne10

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 07 June 2009 - 10:48 PM

This Toshiba laptop hardly works anymore. We have done what we know to cleanup files, etc. with no success. Below is DDS.txt log and Attach.txt attached.

Please help.
daughters pc ground to halt during finals, too much surfing?



DDS (Ver_09-05-14.01) - NTFSx86
Run by Bob at 19:56:15.49 on Sun 06/07/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uStart Page = hxxp://www6.comcast.net/a/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
mRun: [was6_check]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-06-07 09:23 19,594 a------- c:\docume~1\bob\applic~1\wklnhst.dat

============= FINISH: 19:58:55.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 18 June 2009 - 04:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 cheyenne10

cheyenne10
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 20 June 2009 - 10:43 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Bob at 19:53:17.64 on Sat 06/20/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uStart Page = hxxp://www6.comcast.net/a/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
mRun: [was6_check]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-08 20:04 664 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-06-15 16:30 19,554 a------- c:\docume~1\bob\applic~1\wklnhst.dat
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-28 21:52 659,456 a------- c:\windows\system32\wininet.dll
2009-04-28 21:52 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:54:49.03 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2007 9:53:50 PM
System Uptime: 6/11/2009 8:22:35 PM (215 hours ago)

Motherboard: ATI | | SB400
Processor: Intel® Celeron® M processor 1.50GHz | U23 | 1496/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 48.907 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP451: 3/28/2009 10:23:25 PM - System Checkpoint
RP452: 3/29/2009 11:09:13 PM - System Checkpoint
RP453: 3/31/2009 12:09:20 AM - System Checkpoint
RP454: 4/1/2009 9:19:56 AM - System Checkpoint
RP455: 4/2/2009 10:03:04 AM - System Checkpoint
RP456: 4/3/2009 11:03:06 AM - System Checkpoint
RP457: 4/4/2009 9:36:34 PM - System Checkpoint
RP458: 4/5/2009 10:40:27 PM - System Checkpoint
RP459: 4/6/2009 10:51:07 PM - System Checkpoint
RP460: 4/7/2009 11:51:07 PM - System Checkpoint
RP461: 4/9/2009 12:51:08 AM - System Checkpoint
RP462: 4/10/2009 1:51:08 AM - System Checkpoint
RP463: 4/11/2009 2:51:08 AM - System Checkpoint
RP464: 4/12/2009 2:51:32 AM - System Checkpoint
RP465: 4/13/2009 3:51:31 AM - System Checkpoint
RP466: 4/14/2009 4:06:50 AM - System Checkpoint
RP467: 4/15/2009 5:06:47 AM - System Checkpoint
RP468: 4/16/2009 5:23:00 AM - System Checkpoint
RP469: 4/17/2009 3:00:29 AM - Software Distribution Service 3.0
RP470: 4/18/2009 12:36:53 PM - System Checkpoint
RP471: 4/19/2009 1:31:06 PM - System Checkpoint
RP472: 4/20/2009 10:40:52 PM - System Checkpoint
RP473: 4/22/2009 3:58:46 PM - System Checkpoint
RP474: 4/23/2009 4:02:47 PM - System Checkpoint
RP475: 4/24/2009 4:26:11 PM - System Checkpoint
RP476: 4/25/2009 7:54:58 PM - System Checkpoint
RP477: 4/26/2009 7:55:14 PM - System Checkpoint
RP478: 4/27/2009 8:20:20 PM - System Checkpoint
RP479: 4/29/2009 7:40:56 AM - System Checkpoint
RP480: 4/30/2009 3:20:39 PM - System Checkpoint
RP481: 5/2/2009 9:12:20 PM - System Checkpoint
RP482: 5/3/2009 10:06:05 PM - System Checkpoint
RP483: 5/6/2009 10:34:55 PM - System Checkpoint
RP484: 5/8/2009 4:53:08 PM - System Checkpoint
RP485: 5/11/2009 12:22:49 AM - System Checkpoint
RP486: 5/12/2009 8:09:18 AM - System Checkpoint
RP487: 5/13/2009 5:12:25 PM - System Checkpoint
RP488: 5/16/2009 11:39:54 AM - System Checkpoint
RP489: 5/17/2009 11:40:25 AM - System Checkpoint
RP490: 5/18/2009 3:39:47 PM - System Checkpoint
RP491: 5/19/2009 4:50:27 PM - System Checkpoint
RP492: 5/20/2009 5:34:25 PM - System Checkpoint
RP493: 5/21/2009 6:17:43 PM - System Checkpoint
RP494: 5/24/2009 2:51:02 PM - System Checkpoint
RP495: 5/25/2009 3:18:25 PM - System Checkpoint
RP496: 5/26/2009 5:23:52 PM - System Checkpoint
RP497: 5/27/2009 5:44:56 PM - System Checkpoint
RP498: 5/28/2009 6:39:02 PM - System Checkpoint
RP499: 5/29/2009 7:05:05 PM - System Checkpoint
RP500: 5/30/2009 8:40:32 PM - System Checkpoint
RP501: 5/31/2009 9:54:26 PM - System Checkpoint
RP502: 6/1/2009 10:43:08 PM - System Checkpoint
RP503: 6/2/2009 11:43:10 PM - System Checkpoint
RP504: 6/4/2009 12:48:08 AM - System Checkpoint
RP505: 6/5/2009 1:48:06 AM - System Checkpoint
RP506: 6/7/2009 9:53:09 AM - System Checkpoint
RP507: 6/8/2009 10:08:40 AM - System Checkpoint
RP508: 6/9/2009 2:50:06 PM - System Checkpoint
RP509: 6/10/2009 5:09:33 PM - System Checkpoint
RP510: 6/11/2009 3:01:26 AM - Software Distribution Service 3.0
RP511: 6/12/2009 3:34:17 AM - System Checkpoint
RP512: 6/13/2009 4:34:23 AM - System Checkpoint
RP513: 6/14/2009 5:34:24 AM - System Checkpoint
RP514: 6/15/2009 6:34:37 AM - System Checkpoint
RP515: 6/16/2009 7:39:17 AM - System Checkpoint
RP516: 6/17/2009 3:13:00 PM - System Checkpoint
RP517: 6/18/2009 3:46:08 PM - System Checkpoint
RP518: 6/19/2009 4:45:53 PM - System Checkpoint
RP519: 6/20/2009 4:51:32 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Shockwave Player
AIM 6
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AT&T Connection Services Manager
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Backup
ccCommon
CD/DVD Drive Acoustic Silencer
DVD-RAM Driver
ErrorSafe Additional Feature
GearDrvs
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 1
Kaspersky Online Scanner
Kodak EasyShare software
Learn2 Player (Uninstall Only)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Notebook Maximizer
Pure Networks Port Magic
Quicken 2005
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Burn Engine
sat_screensaver_30mb
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sonic DLA
Sonic RecordNow!
SPBBC 32bit
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

6/20/2009 7:32:07 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
6/20/2009 7:32:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
6/17/2009 3:14:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PlugPlay service.
6/16/2009 7:55:27 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
6/16/2009 7:55:27 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
6/16/2009 7:55:27 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
6/16/2009 7:55:19 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
6/16/2009 7:55:19 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
6/16/2009 7:55:19 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
6/16/2009 6:33:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
6/16/2009 6:33:28 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
6/16/2009 4:25:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec Core LC service.
6/16/2009 4:25:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
6/15/2009 7:46:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ccEvtMgr service.

==== End Of File ===========================

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:38 AM

Posted 21 June 2009 - 08:21 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 cheyenne10

cheyenne10
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 21 June 2009 - 11:09 AM

Sounds good. Still here and laptop continues to struggle at basic requests.

thanks.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:38 AM

Posted 21 June 2009 - 11:12 AM

Hi cheyenne10,

The log looks okay but the error messages are saying that updates are no-go so there maybe something hiding.

Let's try and flush it out.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:38 AM

Posted 26 June 2009 - 11:37 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users