Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers do not work, Everything else does


  • This topic is locked This topic is locked
13 replies to this topic

#1 greenacres

greenacres

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 14 October 2010 - 12:37 PM

Hello all,

I am running a Toshiba Tecra laptop with Xp SP3. I caught a trojan that Malwarebytes removed last Monday. Everything works on the computer
except for the browsers. I have always used Iexplore from Microsoft but a friend put some links to use Google Chrome. I have a network both at home and at work and the computer will connect to them. Wednesday I received the update from microsoft and it installed despite not having a browser.
( I noticed the yellow shield and clicked it)


In the past I have found and fixed viruses using malwarebytes alone without any issues.
This one is different!! I remembered Bleepingcomputer from an issue with cpnprt2.exe in the past which one of the geniuses here solved for me.
I hope one of you can help me with my current issue.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 14 October 2010 - 03:18 PM

Hello, lei's give this a go.
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.

Click the Connections tab and click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.



Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 October 2010 - 07:47 AM

Hello boopme,

Thanks in advance for your help!!

Per instructions I ran the inetcpl.cpl command use a proxy is not checked!

I put the machine in safe mode and ran ATF and SAS


......This is the log file that found the trojan prior to your kind help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4807

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/13/2010 4:52:17 AM
mbam-log-2010-10-13 (04-52-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 407068
Time elapsed: 2 hour(s), 25 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Tools\CheckdiskV1.1\checkDisk.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

......This log file is the result of running SAS in safe mode

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2010 at 07:51 PM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3422

Scan type : Complete Scan
Total Scan Time : 03:33:11

Memory items scanned : 267
Memory threats detected : 0
Registry items scanned : 8507
Registry threats detected : 0
File items scanned : 41796
File threats detected : 4

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A7D48CE6-0396-4955-85C0-003976EC2BB9}\RP873\A0346106.EXE
C:\TOOLS\NIRSOFT\PASSWORD\IEPV\IEPV.EXE

Trojan.Agent/Gen-MailPassView
C:\TOOLS\NIRSOFT\PASSWORD\MAILPV\MAILPV.EXE

Trojan.Agent/Gen-UsrMgr
C:\TOOLS\UNDBX-0.12\UNDBX-0.12\UNDBX.EXE


.........This is the log after completion of your instructions

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4826

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/14/2010 11:13:48 PM
mbam-log-2010-10-14 (23-13-48).txt

Scan type: Quick scan
Objects scanned: 150945
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.....The browsers still do not respond by showing a web page The browser tab (Internet Explorer) displays "Connecting..." .
There is an hourglass cursor. The Progress bar will increment to five bars and activity halts in this condition.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 15 October 2010 - 07:31 PM

Hi, sorry took long. I was researching this a bit.
We either fix this with SFC or reset IE 8

Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 October 2010 - 10:34 PM

Hello again boopme,

Thanks for responding again. I ran system file checker SFC, and while it was running started tracking down the system discs.
The program was kind enough to keep running until I located them. LOL! It ended nominally without leaving a log file.
Better yet no need for the disks!!

I spoke to my nephew about the problem yesterday and he said I should just delete Internet Explorer and reinstall it.
I could not agree with him because the problem affects both IE and google chrome. I use outlook express to connect to
The dbase.com newsgroup as I work with dbase and the computer has no problem.

Thanks again for your help... you guys and gals are from a very special type to do this. I am in awe.

#6 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 October 2010 - 04:58 PM

Hello again Boopme,

I am sure you are busy and haven't had a chance to get back to me. I still have the problem of no browser. I have noticed that using
Procexp by sysinternals that there is a flurry of activity when engaging the browser. Could I have a rootkit??

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 20 October 2010 - 06:06 PM

Hello with the forum upgrade,I have gotten really behind.. Sorry.. it appears we have something deeper and perhaps it is a Rootkit.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 October 2010 - 09:34 PM

Hi Boopme,

I tried to access the Backup utilities suggested in the preparation document and the links appear to be broken.
I am working on a vista machine to download. The Vista machine is ok, with no known issues.
I tried the Cobian, the XML and the microsoft backup.

The new format for the forums took me by surprise.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 20 October 2010 - 09:47 PM

Skip what you cannot do and get the DDS log posted as it will be a day a or two for a reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 October 2010 - 10:45 PM

Hello Boopme


I put the defogger on the desktop and executed the file

I had a problem running dds.scr, Removed DWG True View Script by Adobe, Log follows



DDS (Ver_10-10-10.03) - NTFSx86
Run by John Suchy at 22:18:52.93 on Wed 10/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1430 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\John Suchy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TFNF5] TFNF5.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TPSMain] TPSMain.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma loader.exe.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autorunsdisabled\hwdn2 wireless utility.lnk - c:\program files\hawking\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autorunsdisabled\microsoft office.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\iobit\advanced systemcare 3\SPICtrl.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256922741281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-20 6528]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-1-15 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-20 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-12 40384]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-27 304464]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-20 126976]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-12 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-12 40384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-20 35968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-27 20952]
S2 gupdate1c9870282d9145e;Google Update Service (gupdate1c9870282d9145e);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-10 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-7-27 36928]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-11-28 38976]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-7-2 564480]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2010-10-19 15:02:04 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{2182e1e5-a46d-4d1c-b376-75ce7db59d3e}\mpengine.dll
2010-10-18 19:37:07 -------- d-----w- C:\Power.temp
2010-10-18 19:01:39 -------- d-----w- c:\windows\pss
2010-10-18 05:13:41 -------- d-----w- c:\docume~1\johnsu~1\applic~1\GlarySoft
2010-10-18 04:46:57 -------- d-----w- c:\program files\Glary Utilities
2010-10-15 03:57:37 -------- d-----w- c:\docume~1\johnsu~1\applic~1\SUPERAntiSpyware.com
2010-10-14 21:12:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-14 21:12:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-13 19:01:33 -------- d-sha-r- C:\cmdcons
2010-10-13 18:59:37 98816 ----a-w- c:\windows\sed.exe
2010-10-13 18:59:37 77312 ----a-w- c:\windows\MBR.exe
2010-10-13 18:59:37 256512 ----a-w- c:\windows\PEV.exe
2010-10-13 18:59:37 161792 ----a-w- c:\windows\SWREG.exe
2010-10-12 12:04:58 -------- d-----w- C:\TestProgrammeBernardMouille

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2006-05-03 10:06:54 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 -csh--r- c:\windows\system32\nbDX.dll

============= FINISH: 22:20:15.14 ===============



....................Attach.txt follows...................................


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2008 2:16:48 AM
System Uptime: 10/20/2010 9:51:23 PM (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | uFC-PGA Socket | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 32.757 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP816: 8/18/2010 3:03:46 PM - System Checkpoint
RP817: 8/19/2010 3:58:48 PM - System Checkpoint
RP818: 8/20/2010 7:25:57 AM - Software Distribution Service 3.0
RP819: 8/21/2010 10:12:45 AM - System Checkpoint
RP820: 8/21/2010 5:37:26 PM - Installed XML Notepad 2007
RP821: 8/23/2010 9:17:12 AM - System Checkpoint
RP822: 8/24/2010 6:03:50 AM - Software Distribution Service 3.0
RP823: 8/24/2010 8:52:54 AM - Installed Java™ 6 Update 21
RP824: 8/25/2010 9:26:51 AM - System Checkpoint
RP825: 8/26/2010 2:25:35 PM - System Checkpoint
RP826: 8/26/2010 4:21:58 PM - Printer Driver PrimoPDF Installed
RP827: 8/27/2010 8:27:30 AM - Software Distribution Service 3.0
RP828: 8/28/2010 10:46:01 AM - Installed QuickTime
RP829: 8/29/2010 3:45:44 PM - System Checkpoint
RP830: 8/31/2010 7:55:01 AM - Software Distribution Service 3.0
RP831: 9/1/2010 12:11:27 PM - System Checkpoint
RP832: 9/2/2010 10:51:06 PM - System Checkpoint
RP833: 9/3/2010 6:59:54 PM - Software Distribution Service 3.0
RP834: 9/5/2010 11:48:24 AM - System Checkpoint
RP835: 9/6/2010 11:54:45 AM - System Checkpoint
RP836: 9/7/2010 12:20:43 PM - Software Distribution Service 3.0
RP837: 9/8/2010 1:18:08 PM - System Checkpoint
RP838: 9/9/2010 3:59:00 PM - System Checkpoint
RP839: 9/10/2010 7:56:18 AM - Software Distribution Service 3.0
RP840: 9/11/2010 8:08:06 AM - System Checkpoint
RP841: 9/12/2010 8:22:57 AM - System Checkpoint
RP842: 9/13/2010 1:09:33 PM - System Checkpoint
RP843: 9/14/2010 9:08:19 PM - Software Distribution Service 3.0
RP844: 9/14/2010 10:51:03 PM - Software Distribution Service 3.0
RP845: 9/16/2010 3:43:49 PM - System Checkpoint
RP846: 9/17/2010 10:01:44 AM - Software Distribution Service 3.0
RP847: 9/18/2010 10:20:20 PM - System Checkpoint
RP848: 9/20/2010 12:23:52 AM - System Checkpoint
RP849: 9/21/2010 10:26:13 AM - System Checkpoint
RP850: 9/21/2010 8:15:58 PM - Software Distribution Service 3.0
RP851: 9/22/2010 9:24:57 PM - System Checkpoint
RP852: 9/23/2010 9:28:29 PM - System Checkpoint
RP853: 9/24/2010 12:21:32 PM - Software Distribution Service 3.0
RP854: 9/25/2010 1:02:33 PM - System Checkpoint
RP855: 9/26/2010 5:52:02 PM - System Checkpoint
RP856: 9/27/2010 6:44:13 PM - System Checkpoint
RP857: 9/28/2010 9:51:34 AM - Software Distribution Service 3.0
RP858: 9/29/2010 12:09:02 PM - System Checkpoint
RP859: 9/29/2010 6:19:08 PM - Software Distribution Service 3.0
RP860: 9/30/2010 6:34:45 PM - System Checkpoint
RP861: 10/1/2010 12:09:47 PM - Software Distribution Service 3.0
RP862: 10/2/2010 2:07:54 AM - Software Distribution Service 3.0
RP863: 10/3/2010 8:10:11 AM - System Checkpoint
RP864: 10/4/2010 12:08:26 PM - System Checkpoint
RP865: 10/5/2010 10:00:27 AM - Software Distribution Service 3.0
RP866: 10/6/2010 12:17:22 PM - System Checkpoint
RP867: 10/7/2010 1:02:24 PM - System Checkpoint
RP868: 10/8/2010 2:20:51 AM - Software Distribution Service 3.0
RP869: 10/8/2010 2:53:46 AM - Software Distribution Service 3.0
RP870: 10/9/2010 8:08:42 AM - System Checkpoint
RP871: 10/10/2010 8:37:14 AM - System Checkpoint
RP872: 10/12/2010 6:36:57 AM - System Checkpoint
RP873: 10/12/2010 10:46:42 PM - Software Distribution Service 3.0
RP874: 10/14/2010 12:07:06 AM - Software Distribution Service 3.0
RP875: 10/15/2010 6:15:31 AM - Software Distribution Service 3.0
RP876: 10/16/2010 10:47:27 AM - System Checkpoint
RP877: 10/17/2010 12:59:05 PM - System Checkpoint
RP878: 10/18/2010 1:08:02 PM - System Checkpoint
RP879: 10/19/2010 10:01:52 AM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 5.5
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced SystemCare 3
AdvancedSSI Editor (Remove Only)
Ahead InCD EasyWrite Reader
AHV content for Acrobat and Flash
ALPS Touch Pad Driver
AmazingMIDI
America Online (Choose which version to remove)
AMR to MP3 Converter 1.4
Any Video Converter 2.7.5
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
BDE Information Utility
Bejeweled 2 Deluxe
Belarc Advisor 8.1
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
dBASE PLUS
Debugging Tools for Windows (x86)
Defraggler (remove only)
Desktop Dialer
DVD-CLONER V6.50 Build 983
DVD-RAM Driver
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.0.7.2 Ghosthunter release
EasyCleaner
FATE
Font Xplorer 1.2.2
Free Internet Window Washer
G4FON Koch Method Morse Trainer
Glary Utilities 2.29.0.1032
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hard Disk Recovery Utilities
HexEdit
High Definition Audio Driver Package - KB888111
HL7Viewer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HWDN2 Wireless LAN
IcoFX 1.6.3
IconCool Editor v5.x
Image Analyzer
Image Resizer Powertoy for Windows XP
ImgBurn
Index.dat Suite
Inno Setup QuickStart Pack version 5.2.3
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
ISTool 5.3.0.1
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 21
Java™ 6 Update 7
LAN Search Pro 8.1
Magic M4A to MP3 Converter 3.1
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metal Suppliers Online - Weight Calculator
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Theme Nunavut
Microsoft Works
mIWA
mLogView
mMHouse
Morse Machine
mPfMgr
mPfWiz
mProSafe
MSD Organizer Freeware 9.10
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
mWlsSafe
mXML
MyPhoneExplorer
mZConfig
Nero Media Player
Nero OEM
NeroVision Express 2
Net Scan
Network Stumbler 0.4.0 (remove only)
NetWorx 4.2
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PDF Settings
Penguins!
Picasa 3
PicPick
Polar Golfer
PrimoPDF -- brought to you by Nitro PDF Software
Quick View Plus (Shared Components)
QuickPar 0.9
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
SCRABBLE
SD Secure Module
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic RecordNow!
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Super Winspy v3.3
SUPERAntiSpyware
TeamViewer 5
The Font Thing
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA Dual Pointing Device Utility
TOSHIBA Game Console
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Mobile Extension3 for Windows XP V3.80.00.XP
TOSHIBA Password Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Card Format
TOSHIBA Security Assist
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Utilities
TOSHIBA Zooming Utility
TTS Wrapper
Tweak UI
UltraEdit-32 Uninstall
Uninstall 1.0.0.1
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VLC media player 1.1.1
WD Diagnostics
WDMORSE version 1.04
WebFldrs XP
WildTangent Web Driver
WinDjView-subpix 1.0.3-r5
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows Server 2008 Essentials Training
Windows Support Tools
Windows XP Service Pack 3
WinMorse 2
WinPcap 4.0.2
WinRAR archiver
WinStars 2.0
WinZip
Wireless Hotkey
XML Notepad 2007
XML Paper Specification Shared Components Pack 1.0
Yahoo! Music Engine

==== Event Viewer Messages From Past Week ========

10/19/2010 2:06:27 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
10/19/2010 11:15:15 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/18/2010 9:20:45 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B771E393D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/18/2010 11:12:27 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001B771E393D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/16/2010 8:46:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip TMEI3E Tosrfcom WS2IFSL
10/16/2010 8:43:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
10/16/2010 8:43:20 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/16/2010 12:02:58 PM, error: SCardSvr [610] - Smart Card Reader 'Generic Smart Card Reader Interface 0' rejected IOCTL GET_STATE: The device has been removed.
10/16/2010 11:34:50 AM, error: USBCCID [0] -
10/16/2010 11:34:50 AM, error: SCardSvr [610] - Smart Card Reader 'Generic Smart Card Reader Interface 0' rejected IOCTL POWER: The smart card is not responding to a reset.
10/15/2010 8:56:01 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
10/15/2010 10:04:16 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
10/13/2010 6:50:54 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
10/13/2010 5:42:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001B771E393D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/13/2010 5:09:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/13/2010 5:03:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/13/2010 5:02:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TMEI3E Tosrfcom WS2IFSL
10/13/2010 5:02:49 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2010 5:02:49 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2010 5:02:49 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2010 5:02:49 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2010 5:02:49 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2010 5:02:49 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2010 2:10:13 PM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
10/13/2010 11:52:28 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/13/2010 11:52:28 PM, error: Service Control Manager [7000] - The Kiwi Syslog Daemon service failed to start due to the following error: The system cannot find the file specified.
10/13/2010 11:33:49 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001B771E393D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/13/2010 11:19:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
10/13/2010 11:19:33 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

==== End Of File ===========================

Thank you kindly for your continued Help!!!!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 20 October 2010 - 10:57 PM

Hi Greenacres I just need you to do this..
Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 21 October 2010 - 09:00 AM

Hi Greenacres I just need you to do this..
Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.



#13 greenacres

greenacres
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 21 October 2010 - 09:05 AM

Hello Boopme,

I have posted a request in the malware forum Last night I included the attach.txt and dds.txt files.
Thanks for your help I will keep you posted on resolutions in this forum.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 AM

Posted 21 October 2010 - 03:03 PM

Thank you!!
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users