Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c:/ Cidll is corrupt


  • This topic is locked This topic is locked
12 replies to this topic

#1 sosoi

sosoi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 25 July 2011 - 05:44 PM

Hello,
After downloading a song or two (not an unusual activity) in the middle of rendering a video project from my editing program, my Toshiba laptop suddenly shut down. Whenever I try to boot again, it automatically goes to System Repair. The report always says c: \ci.dll is corrupt. I've looked through many forums already and they've required a Windows 7 CD or restoring the computer. I don't have a Windows 7 CD and I'd like to refrain from using System Restore. Can anyone help with this problem?

Thanks,
S.

BC AdBot (Login to Remove)

 


#2 sosoi

sosoi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 25 July 2011 - 05:48 PM

*I've already done the Farbars's Recovery Tool, but I'm not sure what to do after. Here's the log:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.6
Ran by SYSTEM at 2011-07-25 18:14:46
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2334560 2011-04-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKU\Karen\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-12] (Google Inc.)
HKU\Karen\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7398752 2011-04-18] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
2 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [248688 2009-08-10] (TOSHIBA CORPORATION)
2 ConfigFree Gadget Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [42368 2009-07-14] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
3 Partner Service; "C:\ProgramData\Partner\Partner.exe" [332272 2009-11-12] (Google Inc.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [140632 2009-07-28] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [488800 2009-08-21] (TOSHIBA Corporation)
2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [252272 2009-08-11] (TOSHIBA Corporation)
3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [826224 2009-08-04] (TOSHIBA Corporation)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-04-14] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 FwLnk; C:\Windows\System32\DRIVERS\FwLnk.sys [9216 2009-07-07] (TOSHIBA Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [222208 2009-08-05] (Realtek Semiconductor Corp.)
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [27784 2009-07-30] (TOSHIBA Corporation.)
2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-19] (TOSHIBA Corporation)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-07-25 18:14 - 2011-07-25 18:14 - 0000000 ____D C:\FRST
2011-07-12 17:13 - 2011-07-25 16:51 - 0000000 ____D C:\Users\Karen\Desktop\Tokimeki_Memorial_Girl's_Side_2nd_Season_V4_patch
2011-07-12 17:13 - 2011-07-12 17:17 - 0000000 ____D C:\Users\Karen\Desktop\2032 - Tokimeki Memorial Girl's Side 2nd Season (J)(6rz)
2011-07-12 17:12 - 2011-07-12 17:12 - 5843894 ____A C:\Users\Karen\Desktop\Tokimeki_Memorial_Girl's_Side_2nd_Season_V4_patch.rar
2011-07-12 17:11 - 2011-07-12 17:11 - 236093971 ____A C:\Users\Karen\Desktop\2032 - Tokimeki Memorial Girl's Side 2nd Season (J)(6rz).7z
2011-07-01 16:48 - 2011-07-01 16:48 - 0671480 ____A C:\Users\Karen\Desktop\psycoblaster_xDelta_GUI.zip
2011-07-01 16:35 - 2011-07-01 16:50 - 0000000 ____D C:\Users\Karen\Desktop\3724 - Tokimeki Memorial - Girl's Side 1st Love Plus (JP)(BAHAMUT)
2011-07-01 16:26 - 2011-07-25 16:52 - 0000000 ____D C:\Program Files\7-Zip
2011-07-01 16:25 - 2011-07-01 16:25 - 1376768 ____A C:\Users\Karen\Desktop\7z920-x64.msi
2011-07-01 16:11 - 2011-07-01 16:11 - 0000000 ____D C:\Users\Karen\Desktop\Tokimeki
2011-07-01 15:38 - 2011-07-01 15:38 - 0000000 ____D C:\Users\Karen\Desktop\sdsard
2011-07-01 15:01 - 2011-07-01 15:01 - 0000000 ____D C:\Users\Karen\Desktop\TokimemoGS1_FinalPatch
2011-07-01 14:59 - 2011-07-01 16:32 - 376001903 ____A C:\Users\Karen\Desktop\3724 - Tokimeki Memorial - Girl's Side 1st Love Plus (JP)(BAHAMUT).7z
2011-07-01 14:44 - 2011-07-01 14:44 - 0000000 ____D C:\Users\Karen\AppData\Roaming\vlc
2011-07-01 14:43 - 2011-07-01 14:44 - 0000000 ____D C:\Program Files (x86)\VlcPlus
2011-07-01 11:37 - 2011-07-20 18:11 - 0000537 ____A C:\Users\Karen\Desktop\epi12.1.txt
2011-06-30 17:09 - 2011-07-25 12:35 - 0000000 ____D C:\Users\Karen\Desktop\TEHPAST
2011-06-30 11:20 - 2011-06-30 11:57 - 50894081 ____A C:\Users\Karen\Desktop\epi11.2.wmv
2011-06-30 11:15 - 2011-06-30 11:20 - 0001044 ____A C:\Users\Karen\Desktop\epi11.2.txt
2011-06-30 10:15 - 2011-06-30 10:21 - 17917685 ____A C:\Users\Karen\Desktop\collllabpart.wmv
2011-06-29 15:20 - 2011-06-29 16:29 - 81215485 ____A C:\Users\Karen\Desktop\epi11.1.wmv

============ 3 Months Modified Files and Folders =============

2011-07-25 16:52 - 2011-07-01 16:26 - 0000000 ____D C:\Program Files\7-Zip
2011-07-25 16:52 - 2011-04-16 16:44 - 0000000 ____D C:\users\Karen
2011-07-25 16:52 - 2011-04-16 14:20 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-07-25 16:52 - 2011-04-16 14:20 - 0000000 ____D C:\Users\All Users\AVG10
2011-07-25 16:52 - 2011-04-16 14:20 - 0000000 ____D C:\ProgramData\AVG10
2011-07-25 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wfp
2011-07-25 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wbem
2011-07-25 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-07-25 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-07-25 16:51 - 2011-07-12 17:13 - 0000000 ____D C:\Users\Karen\Desktop\Tokimeki_Memorial_Girl's_Side_2nd_Season_V4_patch
2011-07-25 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-07-25 16:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-07-25 12:35 - 2011-06-30 17:09 - 0000000 ____D C:\Users\Karen\Desktop\TEHPAST
2011-07-25 11:57 - 2009-07-13 20:54 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2011-07-25 11:57 - 2009-07-13 20:54 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2011-07-25 11:21 - 2011-04-16 16:46 - 3016884224 __ASH C:\hiberfil.sys
2011-07-24 18:52 - 2011-04-16 16:49 - 6968351 ___AH C:\Users\Karen\AppData\Local\IconCache.db
2011-07-24 17:44 - 2011-04-16 16:30 - 0000000 ____D C:\Users\Karen\Desktop\madworldstufff
2011-07-24 17:23 - 2011-04-16 16:40 - 0000000 ____D C:\Users\Karen\Desktop\Sound FX O-o
2011-07-20 18:11 - 2011-07-01 11:37 - 0000537 ____A C:\Users\Karen\Desktop\epi12.1.txt
2011-07-12 17:17 - 2011-07-12 17:13 - 0000000 ____D C:\Users\Karen\Desktop\2032 - Tokimeki Memorial Girl's Side 2nd Season (J)(6rz)
2011-07-12 17:12 - 2011-07-12 17:12 - 5843894 ____A C:\Users\Karen\Desktop\Tokimeki_Memorial_Girl's_Side_2nd_Season_V4_patch.rar
2011-07-12 17:11 - 2011-07-12 17:11 - 236093971 ____A C:\Users\Karen\Desktop\2032 - Tokimeki Memorial Girl's Side 2nd Season (J)(6rz).7z
2011-07-11 20:00 - 2011-04-18 17:54 - 0000000 ____D C:\Users\Karen\AppData\Local\ElevatedDiagnostics
2011-07-08 18:16 - 2011-04-16 16:40 - 0000000 ____D C:\Users\Karen\Desktop\RAW#RS
2011-07-01 16:50 - 2011-07-01 16:35 - 0000000 ____D C:\Users\Karen\Desktop\3724 - Tokimeki Memorial - Girl's Side 1st Love Plus (JP)(BAHAMUT)
2011-07-01 16:48 - 2011-07-01 16:48 - 0671480 ____A C:\Users\Karen\Desktop\psycoblaster_xDelta_GUI.zip
2011-07-01 16:32 - 2011-07-01 14:59 - 376001903 ____A C:\Users\Karen\Desktop\3724 - Tokimeki Memorial - Girl's Side 1st Love Plus (JP)(BAHAMUT).7z
2011-07-01 16:25 - 2011-07-01 16:25 - 1376768 ____A C:\Users\Karen\Desktop\7z920-x64.msi
2011-07-01 16:21 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2011-07-01 16:21 - 2009-07-13 18:36 - 0615360 ____A C:\Windows\System32\perfh009.dat
2011-07-01 16:21 - 2009-07-13 18:36 - 0103702 ____A C:\Windows\System32\perfc009.dat
2011-07-01 16:17 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-07-01 16:17 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-07-01 16:14 - 2011-04-16 16:52 - 1633016 ____A C:\Windows\WindowsUpdate.log
2011-07-01 16:11 - 2011-07-01 16:11 - 0000000 ____D C:\Users\Karen\Desktop\Tokimeki
2011-07-01 16:09 - 2011-04-16 13:58 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-07-01 16:09 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-07-01 16:09 - 2009-07-13 20:51 - 0045405 ____A C:\Windows\setupact.log
2011-07-01 15:38 - 2011-07-01 15:38 - 0000000 ____D C:\Users\Karen\Desktop\sdsard
2011-07-01 15:03 - 2011-04-16 13:58 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-07-01 15:01 - 2011-07-01 15:01 - 0000000 ____D C:\Users\Karen\Desktop\TokimemoGS1_FinalPatch
2011-07-01 14:44 - 2011-07-01 14:44 - 0000000 ____D C:\Users\Karen\AppData\Roaming\vlc
2011-07-01 14:44 - 2011-07-01 14:43 - 0000000 ____D C:\Program Files (x86)\VlcPlus
2011-07-01 14:43 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-07-01 09:20 - 2011-04-16 15:38 - 0001896 ____A C:\Users\Karen\Desktop\Overview.txt
2011-06-30 16:40 - 2011-04-16 14:40 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Skype
2011-06-30 16:37 - 2011-05-13 16:03 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-06-30 16:37 - 2011-05-13 16:03 - 0000000 ____D C:\ProgramData\Skype Extras
2011-06-30 16:27 - 2011-05-13 16:03 - 0000000 ____D C:\Users\Karen\AppData\Roaming\skypePM
2011-06-30 11:57 - 2011-06-30 11:20 - 50894081 ____A C:\Users\Karen\Desktop\epi11.2.wmv
2011-06-30 11:20 - 2011-06-30 11:15 - 0001044 ____A C:\Users\Karen\Desktop\epi11.2.txt
2011-06-30 10:21 - 2011-06-30 10:15 - 17917685 ____A C:\Users\Karen\Desktop\collllabpart.wmv
2011-06-29 16:29 - 2011-06-29 15:20 - 81215485 ____A C:\Users\Karen\Desktop\epi11.1.wmv
2011-06-29 13:52 - 2011-06-11 10:02 - 0000580 ____A C:\Users\Karen\Desktop\epi11.1.txt
2011-06-28 19:41 - 2011-04-27 16:57 - 0000000 ____D C:\Users\Karen\Desktop\PaintTool_SAI_English_Pack
2011-06-28 18:02 - 2011-05-03 16:17 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-06-24 11:39 - 2011-04-16 14:21 - 0000964 ____A C:\Users\Public\Desktop\AVG 2011.lnk
2011-06-21 18:00 - 2011-05-24 17:15 - 0000000 ____D C:\Users\Karen\Desktop\BannedStory4_Hairs
2011-06-20 14:30 - 2011-06-20 14:04 - 18989775 ____A C:\Users\Karen\Desktop\hurrah.wmv
2011-06-18 12:49 - 2011-06-18 12:49 - 0000000 ____D C:\Users\Karen\AppData\Local\Microsoft Games
2011-06-14 16:18 - 2011-05-17 15:50 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-06-12 09:22 - 2011-05-07 14:20 - 0000605 ____A C:\Users\Karen\Desktop\epi10.2.txt
2011-06-12 08:05 - 2011-06-12 08:05 - 3228433 ____A C:\Users\Karen\Desktop\asd.psd
2011-06-07 16:24 - 2011-05-09 18:16 - 0000000 ____D C:\Users\Karen\AppData\Local\CrashDumps
2011-06-07 15:34 - 2011-06-07 14:07 - 32062963 ____A C:\Users\Karen\Desktop\epi10.2.wmv
2011-06-06 14:57 - 2009-07-13 20:45 - 2998080 ____A C:\Windows\System32\FNTCACHE.DAT
2011-06-06 14:04 - 2011-04-16 16:48 - 0098536 ____A C:\Users\Karen\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-03 18:25 - 2011-06-03 18:25 - 0096833 ____A C:\Users\Karen\Desktop\omgjackie.jpg
2011-06-03 16:15 - 2009-07-13 21:08 - 0032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-06-01 17:21 - 2011-06-01 17:21 - 0019968 ____A C:\Users\Karen\Documents\MINUTE COUNTERS.doc
2011-05-31 18:05 - 2011-04-16 14:26 - 0001124 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-05-31 18:05 - 2011-04-16 14:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-31 17:44 - 2011-05-31 17:40 - 0010240 __ASH C:\Users\Karen\Thumbs.db
2011-05-29 05:11 - 2011-04-16 14:26 - 0039984 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-05-29 05:11 - 2011-04-16 14:26 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-05-24 13:15 - 2011-05-24 13:15 - 0000912 ____A C:\Users\Public\Desktop\BannedStory.lnk
2011-05-24 13:15 - 2011-05-24 13:15 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-05-24 13:15 - 2011-05-24 13:15 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-05-24 13:15 - 2011-05-24 13:14 - 0000000 ____D C:\Program Files (x86)\BannedStory
2011-05-24 12:59 - 2009-11-12 18:49 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-05-23 12:51 - 2011-04-16 14:54 - 0000000 ____D C:\Users\Karen\AppData\Local\Adobe
2011-05-23 12:51 - 2011-04-16 13:57 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Adobe
2011-05-23 12:51 - 2009-11-12 18:49 - 0000000 ____D C:\Users\All Users\Adobe
2011-05-23 12:51 - 2009-11-12 18:49 - 0000000 ____D C:\ProgramData\Adobe
2011-05-22 18:28 - 2011-04-16 20:26 - 0001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-05-22 18:28 - 2011-04-16 20:26 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-05-17 17:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-05-13 16:04 - 2011-05-13 16:04 - 0000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat
2011-05-13 16:03 - 2011-05-13 16:03 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-05-13 16:03 - 2011-05-13 16:02 - 0000000 ____D C:\Users\All Users\Skype
2011-05-13 16:03 - 2011-05-13 16:02 - 0000000 ____D C:\ProgramData\Skype
2011-05-13 16:03 - 2011-04-16 14:40 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-05-11 17:35 - 2011-05-11 17:35 - 0000000 ____D C:\Users\Karen\Documents\Adobe
2011-05-11 17:34 - 2011-05-11 17:34 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-05-11 17:34 - 2011-05-11 17:34 - 0000000 ____D C:\ProgramData\FLEXnet
2011-05-11 17:34 - 2009-07-13 18:34 - 0001365 ____A C:\Windows\System32\Drivers\etc\hosts
2011-05-11 17:23 - 2011-05-11 17:23 - 0000000 ____D C:\Windows\SysWOW64\spool
2011-05-11 17:23 - 2011-05-11 17:23 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-05-10 16:41 - 2011-05-10 16:41 - 0000012 ____A C:\Windows\srun.log
2011-05-07 12:18 - 2011-05-07 12:18 - 0000958 ____A C:\Users\Karen\Desktop\Audacity.lnk
2011-05-07 12:18 - 2011-05-07 12:18 - 0000000 ____D C:\Program Files (x86)\Audacity
2011-05-07 12:17 - 2011-04-16 16:44 - 0000000 ____D C:\Users\Karen\AppData\LocalLow
2011-05-03 16:17 - 2011-05-03 16:17 - 0001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-05-03 16:17 - 2011-05-03 16:17 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Mozilla
2011-05-03 16:17 - 2011-05-03 16:17 - 0000000 ____D C:\Users\Karen\AppData\Local\Mozilla
2011-05-03 16:17 - 2011-05-03 16:17 - 0000000 ____A C:\Windows\nsreg.dat
2011-05-03 16:06 - 2011-05-03 15:00 - 56511197 ____A C:\Users\Karen\Desktop\epi10.1.wmv
2011-05-02 20:36 - 2011-05-02 20:36 - 0001177 ____A C:\Users\Public\Desktop\TeamViewer 6.lnk
2011-05-02 20:36 - 2011-05-02 20:36 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2011-04-28 17:29 - 2011-04-28 17:29 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Unity
2011-04-28 17:13 - 2011-04-28 17:13 - 0000000 ____D C:\Users\Karen\AppData\Local\Unity
2011-04-27 16:57 - 2011-04-27 16:57 - 0000000 ____D C:\Users\Karen\AppData\Roaming\SYSTEMAX Software Development
2011-04-27 16:57 - 2011-04-27 16:57 - 0000000 ____D C:\Users\All Users\SYSTEMAX Software Development
2011-04-27 16:57 - 2011-04-27 16:57 - 0000000 ____D C:\ProgramData\SYSTEMAX Software Development
2011-04-27 15:40 - 2011-04-27 15:40 - 0012049 ____A C:\Users\Karen\Desktop\03.png
2011-04-26 14:26 - 2011-04-26 14:23 - 0016344 ____A C:\Users\Karen\Desktop\shortopening.wmv.sfk
2011-04-26 14:22 - 2011-04-26 14:21 - 9093517 ____A C:\Users\Karen\Desktop\shortopening.wmv
2011-04-26 13:27 - 2011-04-16 16:49 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Toshiba


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3836.17 MB
Available physical RAM: 3306.18 MB
Total Pagefile: 3834.32 MB
Available Pagefile: 3283.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:235.05 GB) NTFS
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
4 Drive f: (COOKIES) (Removable) (Total:1.87 GB) (Free:0.47 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-06-15 09:26

======================= End Of Log ==========================

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 PM

Posted 25 July 2011 - 06:32 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.


I have asked another to review your log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 25 July 2011 - 06:43 PM

Hi and welcome to Bleeping Computer.:)

After Windows booted I consult you to remove those compressed patches immediately.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
cmd: bootrec /FixMbr
Control:
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Then restart Windows and let it boot normally and let me how it went. In case the startup repair wanted to run let it run to completion.

#5 sosoi

sosoi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 26 July 2011 - 10:44 AM

Thank you so much! The laptop finally turned on correctly.

Excuse me for my lack of knowledge, but what "compressed files" exactly do you mean?
Here's the log:


Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.1.6)
Ran by SYSTEM at 2011-07-26 11:38:22 R:1
Running from F:\

==============================================


========= bootrec /FixMbr =========

ˇ˛The operation completed successfully.

========= End of CMD: =========

The operation completed successfully.

Edited by sosoi, 26 July 2011 - 10:46 AM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 26 July 2011 - 01:38 PM

Great. :thumbsup:

I mean these files:

2011-07-12 17:13 - 2011-07-25 16:51 - 0000000 ____D C:\Users\Karen\Desktop\Tokimeki_Memorial_Girl's_Side_2nd_Season_V4_patch
2011-07-12 17:13 - 2011-07-12 17:17 - 0000000 ____D C:\Users\Karen\Desktop\2032 - Tokimeki Memorial Girl's Side 2nd Season (J)(6rz)
2011-07-12 17:12 - 2011-07-12 17:12 - 5843894 ____A C:\Users\Karen\Desktop\Tokimeki_Memorial_Girl's_Side_2nd_Season_V4_patch.rar
2011-07-12 17:11 - 2011-07-12 17:11 - 236093971 ____A C:\Users\Karen\Desktop\2032 - Tokimeki Memorial Girl's Side 2nd Season (J)(6rz).7z

They arrive at the system before you got infected and I suspect they contain infected files. They are on your desktop.

Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 sosoi

sosoi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 26 July 2011 - 05:26 PM

Once again, thank you very much :thumbsup:
I deleted most of the compressed files from both my desktop and the recycle bin before reading your post.

Here's the MBAM log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7287

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/26/2011 6:04:34 PM
mbam-log-2011-07-26 (18-04-34).txt

Scan type: Quick scan
Objects scanned: 170855
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$Recycle.Bin\s-1-5-21-4190740420-4015975789-3101418896-1001\$RL0IK2W.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 27 July 2011 - 03:03 AM

Let's take a look at eventual vulnerabilities.

Please perform the following scan:
  • Download DDS by sUBs from the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run. When done it will open two logs:
    • DDS.txt
    • Attach.txt
  • Copy and paste the logs to your reply.


#9 sosoi

sosoi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 27 July 2011 - 10:16 AM

DDS.txt:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Karen at 11:08:00 on 2011-07-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2290 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskhost.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1B52FE5D-4125-4547-90F8-463E574FF68F} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\wx1ju1ua.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Karen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-3 2280312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-4-16 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-11-12 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-26 02:14:39 -------- d-----w- C:\FRST
2011-07-01 22:43:55 -------- d-----w- C:\Program Files (x86)\VlcPlus
2011-06-29 02:01:55 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-29 02:01:54 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-06-15 00:18:10 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:08:58.85 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2011 8:44:32 PM
System Uptime: 7/27/2011 11:00:04 AM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Turion™ II Dual-Core Mobile M500 | Socket S1G3 | 1496/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 234.996 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 4/16/2011 6:13:58 PM - Windows Update
RP5: 4/16/2011 7:30:52 PM - Installed Microsoft Office Professional Edition 2003
RP1: 4/16/2011 8:44:53 PM - TOSHIBA Default System Restore Point
RP2: 4/16/2011 8:45:30 PM - Installed TOSHIBA Quality Application
RP3: 4/16/2011 8:47:44 PM - Windows Update
RP6: 4/17/2011 12:26:20 AM - Installed iTunes
RP7: 4/19/2011 10:53:43 AM - Windows Update
RP8: 5/17/2011 8:59:52 PM - Scheduled Checkpoint
RP9: 5/24/2011 4:57:23 PM - Removed BannedStory 3.0
RP10: 6/15/2011 1:33:29 PM - Scheduled Checkpoint
RP11: 7/1/2011 8:25:44 PM - Installed 7-Zip 9.20 (x64 edition)
.
==== Installed Programs ======================
.
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe PDF Library Files CS4
Adobe Reader 9.1
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
Audacity 1.2.6
BannedStory
Best Buy Software Installer
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
Java™ 6 Update 14
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Motion Blends 2.0 for Vegas
NewBlue Motion Effects 2.0 for Vegas
Photoshop Camera Raw
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Skype™ 5.3
Sony Vegas Pro 8.0
Suite Shared Configuration CS4
TeamViewer 6
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Unity Web Player
Update for Microsoft Office Word 2007 (KB974631)
Visual Studio 2008 x64 Redistributables
VLC Player
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
7/27/2011 11:00:30 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
7/27/2011 11:00:30 AM, Error: atikmdag [43029] - Display is not active
7/26/2011 11:46:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 27 July 2011 - 01:52 PM

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Please follow these steps to remove older version Java components and update:[list]
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 26 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Please tell me how is the computer running.

#11 sosoi

sosoi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 27 July 2011 - 04:01 PM

Thanks; the computer is running great!

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 27 July 2011 - 04:20 PM

Looks good. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".

Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing sosoi.:)

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 01 August 2011 - 06:48 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users