Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: brazza on April 05, 2012, 05:44:01 PM
-
Hello
My name is Brad and Microsoft security Essentials has found a threat called sirefef.AC and .AH and removes it but only temporarily and I get the message again over and over, also when I use google and click on a link it takes me to a spam website. Any help would be appreciated.
Regards
Brad
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Hello
These are the logs you asked for.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/07/2012 at 00:32 AM
Application Version : 5.0.1146
Core Rules Database Version : 8424
Trace Rules Database Version: 6236
Scan type : Complete Scan
Total Scan Time : 02:59:05
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 959
Memory threats detected : 0
Registry items scanned : 36487
Registry threats detected : 0
File items scanned : 235150
File threats detected : 40
Adware.Tracking Cookie
C:\USERS\JAIMEE\APPDATA\LOCAL\TEMP\LOW\COOKIES\JAIMEE@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\JAIMEE\APPDATA\LOCAL\TEMP\LOW\COOKIES\JAIMEE@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\JAIMEE\APPDATA\LOCAL\TEMP\LOW\COOKIES\JAIMEE@STATCOUNTER[1].TXT [ /STATCOUNTER ]
cdn.insights.gravity.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
cdn5.tribalfusion.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
cloud.video.unrulymedia.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
ia.media-imdb.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
media.mtvnservices.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
mpegmedia.abc.net.au [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
secure-us.imrworldwide.com [ C:\USERS\JAIMEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FRJG6PYG ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /192COM.112.2O7 ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.AD4GAME ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.ADK2 ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.ADMAXASIA ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.CENTRALPARK ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.ITP ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.PUBMATIC ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.RTBIDDER ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.SIMONANDSCHUSTER ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.WEATHERZONE.COM ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@BRAVENET[1].TXT [ /BRAVENET ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /E-2DJ6WMK4AMC5CCQ.STATS.ESOMNITURE ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /E-2DJ6WML4UMC5ADO.STATS.ESOMNITURE ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /E-2DJ6WMMIUJAZEGO.STATS.ESOMNITURE ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@MYROITRACKING[1].TXT [ /MYROITRACKING ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@OVERTURE[1].TXT [ /OVERTURE ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@PRO-MARKET[1].TXT [ /PRO-MARKET ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@RU4[2].TXT [ /RU4 ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SALES.LIVEPERSON ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SENSISMEDIASMART.COM ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@TEENSREADANDWRITE[1].TXT [ /TEENSREADANDWRITE ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.INTELETRACK ]
C:\USERS\JAIMEE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JAIMEE@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
objects.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PU427XAN ]
sftrack.searchforce.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PU427XAN ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@2O7[1].TXT [ /2O7 ]
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.06.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bradley Adam :: BRADLEYADAM-PC [administrator]
7/04/2012 7:20:41 AM
mbam-log-2012-04-07 (07-20-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263448
Time elapsed: 9 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Bradley Adam at 8:32:27 on 2012-04-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3036.1422 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Iomega Storage Manager\pCloudd.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [EPSON Stylus Photo R350 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiajp.exe /fu "c:\windows\temp\E_S1FC0.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Epson Stylus Photo TX710W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifsp.exe /fu "c:\windows\temp\E_SD098.tmp" /EF "HKCU"
uRun: [EPSON4FCB07] c:\windows\system32\spool\drivers\w32x86\3\e_fatifsp.exe /fu "c:\windows\temp\E_SDB6.tmp" /EF "HKCU"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
dRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autode~1.lnk - c:\program files\photolightning\autodetect.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.dsenz.com/dscape/timmersion/Plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: DhcpNameServer = 61.9.211.33 61.9.211.1
TCP: Interfaces\{6C8BDEA8-6BB5-4FEE-BCA7-5E3118A988F3} : DhcpNameServer = 61.9.211.33 61.9.211.1
TCP: Interfaces\{F65309BC-E2EE-47A9-BF17-46C6F2E8DBC2} : DhcpNameServer = 61.9.211.33 61.9.211.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
R2 PCloudd;PCloudd;c:\program files\iomega storage manager\pCloudd.exe [2011-2-18 206336]
R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-8-31 4497704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-8-31 113448]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-18 4247552]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-26 77824]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-8-31 13480]
S2 antivirservice;DELTA;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176]
S2 pavatscheduler;Cqcpu;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 pavreport;Bwcsrv;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 RAPIProtocol;Nvrd64;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 veteboot;W550mdm;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 webrootspysweeperservice;Atmarpc;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\drivers\AF9035BDA.sys [2009-5-22 459776]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-14 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2010-6-24 19384]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [2011-1-21 17464]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-31 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-8-6 19968]
.
=============== Created Last 30 ================
.
2012-04-06 21:14:48 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{190da0dd-98af-4d17-a2d4-7b788c8b7520}\offreg.dll
2012-04-06 21:10:34 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{190da0dd-98af-4d17-a2d4-7b788c8b7520}\mpengine.dll
2012-04-04 09:27:44 -------- d-----w- c:\users\bradley adam\appdata\roaming\SUPERAntiSpyware.com
2012-04-04 09:27:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-04 09:27:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 23:20:27 -------- d-----w- c:\users\bradley adam\appdata\roaming\Vuun
2012-04-02 23:20:27 -------- d-----w- c:\users\bradley adam\appdata\roaming\Tyyco
2012-04-02 23:20:11 -------- d-----w- c:\users\bradley adam\appdata\roaming\Pakelu
2012-04-02 23:20:11 -------- d-----w- c:\users\bradley adam\appdata\roaming\Dypii
2012-04-02 23:20:11 -------- d-----w- c:\users\bradley adam\appdata\roaming\Doex
2012-04-02 23:10:01 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-02 23:07:59 -------- d-----w- c:\program files\iPod
2012-04-02 23:07:56 -------- d-----w- c:\program files\iTunes
2012-04-02 21:28:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-22 07:02:53 -------- d-----w- c:\users\bradley adam\appdata\roaming\Wireshark
2012-03-22 07:01:02 -------- d-----w- c:\program files\WinPcap
2012-03-22 06:59:31 -------- d-----w- c:\program files\Wireshark
2012-03-21 01:31:35 -------- d-----w- c:\users\bradley adam\appdata\roaming\Ibiq
2012-03-21 01:31:35 -------- d-----w- c:\users\bradley adam\appdata\roaming\Esimix
2012-03-21 01:31:35 -------- d-----w- c:\users\bradley adam\appdata\roaming\Asehe
2012-03-14 01:48:52 -------- d-----w- c:\users\bradley adam\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-14 01:48:52 -------- d-----w- c:\users\bradley adam\appdata\roaming\Adobe Mini Bridge CS5.1
2012-03-13 22:27:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-13 21:10:21 -------- d-----w- c:\users\bradley adam\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-13 21:10:15 -------- d-----w- c:\program files\Adobe Download Assistant
2012-03-13 21:03:24 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:03:23 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:03:23 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:03:22 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:03:22 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 21:03:22 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:03:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:03:17 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 21:03:17 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-09 03:57:24 155648 ----a-w- c:\windows\system32\AC3ACM.acm
2012-03-09 03:46:38 -------- d-----w- C:\Virtual Dub
2012-03-09 03:20:01 -------- d-----w- c:\users\bradley adam\appdata\local\{C0DAC552-FB6D-4AB9-A8DF-A64AE5F491F2}
2012-03-09 03:20:01 -------- d-----w- c:\users\bradley adam\appdata\local\{957EB0E2-B2E7-4334-A694-305428578DA9}
.
==================== Find3M ====================
.
2012-04-06 09:30:18 87608 ----a-w- c:\users\bradley adam\appdata\roaming\inst.exe
2012-04-06 09:30:18 47360 ----a-w- c:\users\bradley adam\appdata\roaming\pcouffin.sys
2012-04-02 23:10:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-02 21:30:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 01:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 01:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 8:33:11.02 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/05/2009 7:42:45 PM
System Uptime: 7/04/2012 6:56:53 AM (2 hours ago)
.
Motherboard: TOSHIBA | | Satellite P300
Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz | U2E1 | 2133/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 362 GiB total, 11.951 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Iomega Virtual Ethernet Adapter
Device ID: ROOT\ROOT&VNICDRV\0000
Manufacturer: Iomega
Name: Iomega Virtual Ethernet Adapter
PNP Device ID: ROOT\ROOT&VNICDRV\0000
Service: vNICdrv
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
AC-3 ACM Codec 2.1
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Photoshop Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bamboo
BigPond Broadband Cable
Blaze HDTV Player Deluxe 4.0
Bonjour
Bookworm Adventures Deluxe 1.0.1.100
Bookworm Adventures Vol. 2
Bulk Rename Utility 2.7.1.1
Camera Assistant Software for Toshiba
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Captcha.trader Mipony Plugin 1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD/DVD Drive Acoustic Silencer
Clickonprint PhotoBooks 2.1
Conduit Engine
Conexant HD Audio
D3DX10
DivX Setup
DVD Catalyst 4.0.2
DVD MovieFactory for TOSHIBA
e-tax 2011
EOSInfo
Epson Easy Photo Print 2
Epson Event Manager
EPSON PhotoQuicker3.4
Epson Print CD
EPSON Printer Software
Epson Printer Software Downloader
EPSON Scan
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Manual
EPSON TX710W Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
FastStone Photo Resizer 2.8
Free WMA to MP3 Converter 1.16
FXhome PhotoKey 4 Pro (remove only)
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
ImageMixer 3 SE Ver.5 Transfer Utility
ImageMixer 3 SE Ver.5 Video Tools
ImgBurn
Ink-Squared Deluxe 1.0
Intel® Matrix Storage Manager
Iomega Product Registration
Iomega QuikProtect
Iomega Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Logitech Harmony Remote Software
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Image Composite Editor
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mipony-plugin Toolbar
MiPony 1.6.1
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.2
Noiseware Standard Edition
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
PDF Settings CS5
Peggle Nights
Photo Story 3 for Windows
Photolightning
PhotoScape
PhotoSync
Picasa 3
Pool Rebel for Windows
PopCap Browser Plugin
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Router Screenshot Grabber 1.0.117
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skins
SmartSound Quicktracks for Premiere Elements
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
swMSM
System Requirements Lab
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Immersion D'Fusion Web Plugin
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VSO Image Resizer 2.2.0.1
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)
Windows Driver Package - Motorola (ndiscm) Net (02/09/2004 2.4.5.1)
Windows Driver Package - Netgear Corporation (USB_RNDIS) Net (04/10/2007 1.12.0.0)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPcap 4.1.2
WinRAR 4.01 (32-bit)
WinZip 14.5
Wireshark 1.6.5
.
==== Event Viewer Messages From Past Week ========
.
7/04/2012 8:29:31 AM, Error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: Access is denied.
7/04/2012 8:14:31 AM, Error: Service Control Manager [7023] - The Spmd service terminated with the following error: Access is denied.
7/04/2012 7:59:31 AM, Error: Service Control Manager [7023] - The Siside service terminated with the following error: Access is denied.
7/04/2012 7:44:31 AM, Error: Service Control Manager [7023] - The Dac2w2k service terminated with the following error: Access is denied.
7/04/2012 7:29:31 AM, Error: Service Control Manager [7023] - The FontCache3.0.0.0. service terminated with the following error: Access is denied.
7/04/2012 7:14:31 AM, Error: Service Control Manager [7023] - The Rvsinst service terminated with the following error: Access is denied.
7/04/2012 7:10:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
7/04/2012 6:59:33 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer EPSON4FCB07 with shared resource name EPSON4FCB07. Error 1753. The printer cannot be used by others on the network.
7/04/2012 6:59:33 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Epson Stylus Photo TX710W(Network) with shared resource name Epson Stylus Photo TX710W(Network). Error 1753. The printer cannot be used by others on the network.
7/04/2012 6:59:33 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer EPSON Stylus Photo R350 Series with shared resource name EPSON Stylus Photo R350 Series. Error 1753. The printer cannot be used by others on the network.
7/04/2012 6:59:32 AM, Error: Service Control Manager [7023] - The ARCSOFTVIRTUALCAPTURE service terminated with the following error: Access is denied.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The ZTEusbnmea service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Zebrsce service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Z525mdfl service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The X4HSX32 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The X10UIF service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Wzcsvc service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Wlsetupsvc service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Wintrust service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Wdica service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Wacomkey service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The W550mdm service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The VMAUDIO service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Venturi2 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ventrilo service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The UxTuneUp service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Utscsi service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The USR1806V service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The USBCamera service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The UCTblHid service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The TBPanel service terminated with the following error: Access is denied.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Szserver service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Statusagent service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The SRS_SSCFilter service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Speedfan service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Speakerphone service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Sis315 service terminated with the following error: Access is denied.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The SimpTcp service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Se45bus service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Se44bus service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The SE2Cmdm service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Scramby service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Scanwscs service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The S217mgmt service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The S116bus service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Rt2500usb service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Roxupnprenderer service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Roammgr service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The RDID1007 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The ProcObsrv service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Pnkbstrk service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ovsecurityserver service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Olapserver service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Obvious service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Nvsvc service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Nvrd64 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The NPDriver service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Nmwcdc service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Nimcrpcsu service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The NETw4v32 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The NETw3v32 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ndismeetro service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The NdisFilt service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The N3900 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Msgsrvservice service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Mozybackup service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The MMRTKRNL service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Mirrorv3 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Mfeavfk service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Mbmiodrvr service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Lxcf_device service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Kservice service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Kpfwsvc service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The KMW_SYS service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Issm service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The IPassPeriodicUpdateService service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Idisw2km service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Icepack service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ibmcicstransactiongateway service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Hsf_dp service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Hpqcxs08 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Hpconfig service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Houdiniserver service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ha10kx2k service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The GENERICDRV service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Fix service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The FET5X86V service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The F700ius service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Epson_pm_rpcv2_02 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The EpmShd service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Elnkupdateservice service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The DVDVRRdr_xp service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Dlaudfam service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Dlaboiom service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The DELTA service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Dcstor32 service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Cwbrxd service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ctxhttp service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Ctxcpuusync service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The CTERFXFX.DLL service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The CTAudSvcService service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Cqcpu service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Cltnetcnservice service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The CdaC15BA service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Cachemgr service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Bwcsrv service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Btwmodem service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Btwdins service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Besclient service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The BASFND service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Bantext service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Avg7rsw service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Avg7alrt service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager [7023] - The Atmarpc service terminated with the following error: The specified module could not be found.
7/04/2012 6:58:54 AM, Error: Service Control Manager
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The free space on your harddrive is down to 11Gb but Windows requires at least 15% (55 Gb) to function properly. You will need to find more space on that drive or you will soon start having operating problems.
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
I have followed the steps to stop Microsoft Security Essentials as per the instructions outlined in the link in the previous post & MSE has turned red with a white cross in it, but each time I run combofix it reports that MSE is still running and that I should close it down before continuing, I tried running Combofix anyway and it ran for 1 hour and nothing happened, no log in C:\
What should I do
Regards
Brad
-
Open MSE and click on Settings, Real-time protection and unclick "turn on Real-time protection"
Delete ComboFix from your desktop.
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click PCHelpForum.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Hello
Still having problems with Combofix/Pchelpforum.exe to work, I have deleted the file called Combofix.exe and re-downloaded it and re-named it Pchelpforum.exe, I made sure MSE was turned off in real time protection and then ran Pchelpforum.exe the first time I left it run for 2 hours and the second time it ran for 3 hours and nothing is happening, it only gets as far as these 3 lines of text.
"Scanning for infected files"
"This typically doesn't take more than 10 minutes"
"However scan times for badly infected machines may easily double"
Hopefully I have attatched a screen print below of what it looks like after 3 hours.
Regards
Brad
[year+ old attachment deleted by admin]
-
Let's run a few more scans to see what turns up.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Hello
Here is the aswmbr scan results
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-08 13:02:39
-----------------------------
13:02:39.082 OS Version: Windows 6.0.6002 Service Pack 2
13:02:39.082 Number of processors: 2 586 0x1706
13:02:39.098 ComputerName: BRADLEYADAM-PC UserName: Bradley Adam
13:02:54.012 Initialize success
13:04:13.201 AVAST engine defs: 12040701
13:04:31.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:04:31.843 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
13:04:31.859 Disk 0 MBR read successfully
13:04:31.859 Disk 0 MBR scan
13:04:31.874 Disk 0 Windows VISTA default MBR code
13:04:31.905 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:04:31.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 370325 MB offset 3074048
13:04:31.952 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9728 MB offset 761499648
13:04:31.999 Disk 0 scanning sectors +781422592
13:04:32.108 Disk 0 scanning C:\Windows\system32\drivers
13:04:37.397 File: C:\Windows\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]
13:04:52.934 Disk 0 trace - called modules:
13:04:52.934 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87c51fd0]<<
13:04:52.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874baac8]
13:04:52.950 3 CLASSPNP.SYS[8b11a8b3] -> nt!IofCallDriver -> [0x87b38b68]
13:04:52.950 \Driver\00000525[0x87b38ca0] -> IRP_MJ_CREATE -> 0x87c51fd0
13:04:54.011 AVAST engine scan C:\Windows
13:05:01.343 AVAST engine scan C:\Windows\system32
13:10:23.876 AVAST engine scan C:\Windows\system32\drivers
13:10:29.039 File: C:\Windows\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]
13:10:48.634 AVAST engine scan C:\Users\Bradley Adam
14:10:20.764 Disk 0 MBR has been saved successfully to "C:\Users\Bradley Adam\Desktop\MBR.dat"
14:10:20.936 The log file has been saved successfully to "C:\Users\Bradley Adam\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-08 21:55:57
-----------------------------
21:55:57.693 OS Version: Windows 6.0.6002 Service Pack 2
21:55:57.693 Number of processors: 2 586 0x1706
21:55:57.694 ComputerName: BRADLEYADAM-PC UserName: Bradley Adam
21:56:12.342 Initialize success
21:56:24.196 AVAST engine defs: 12040701
21:56:32.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:56:32.502 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
21:56:32.511 Disk 0 MBR read successfully
21:56:32.514 Disk 0 MBR scan
21:56:32.519 Disk 0 Windows VISTA default MBR code
21:56:32.527 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:56:32.548 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 370325 MB offset 3074048
21:56:32.587 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9728 MB offset 761499648
21:56:32.634 Disk 0 scanning sectors +781422592
21:56:32.737 Disk 0 scanning C:\Windows\system32\drivers
21:56:38.041 File: C:\Windows\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]
21:56:53.842 Disk 0 trace - called modules:
21:56:53.868 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87c3efd0]<<
21:56:53.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874e1478]
21:56:53.878 3 CLASSPNP.SYS[8b10d8b3] -> nt!IofCallDriver -> [0x87ad0810]
21:56:53.883 \Driver\00000632[0x87ad0948] -> IRP_MJ_CREATE -> 0x87c3efd0
21:56:54.789 AVAST engine scan C:\Windows
21:57:02.311 AVAST engine scan C:\Windows\system32
22:02:55.218 AVAST engine scan C:\Windows\system32\drivers
22:02:57.406 File: C:\Windows\system32\drivers\cdrom.sys **INFECTED** Win32:Rootkit-gen [Rtk]
22:03:16.708 AVAST engine scan C:\Users\Bradley Adam
23:18:07.762 AVAST engine scan C:\ProgramData
23:33:17.394 Scan finished successfully
06:01:09.670 Disk 0 MBR has been saved successfully to "C:\Users\Bradley Adam\Desktop\MBR.dat"
06:01:10.328 The log file has been saved successfully to "C:\Users\Bradley Adam\Desktop\aswMBR.txt"
-
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
Not much luck with the Kaspersky file, would it have been updated? the instructions in your post didn't match what was on screen and each time it found an infection it prompted for an action which I clicked on Quarentine, at the end of the scan it restarted the computer?? and didn't give a chance to save any reports? now it has started in normal mode, Kaspersky tried to start again but an error came up re: a temp file? to do with Kaspesky.
What should I do?
Regards
Brad
-
Please try running ComboFix again.
-
Combo fix ran for 3 hours and nothing happened apart from the same three lines of text i posted about earlier. MSE was turned off.
Sorry to be a hassle
Regards
Brad
-
Combo fix ran for 3 hours and nothing happened apart from the same three lines of text i posted about earlier
Please try running it in Safe Mode.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Tried to run combo fix again, this time in safe mode, and still did not run. As it was starting I noticed a message that only lasted just long enough to read it that said,
"Combo fix is preparing to run"
ACCESS DENIED
Administrator permission is needed to use the selected options.
Use an administrator command prompt to complete these tasks.
I started Combofix again and this time right clicked on it and ran as administrator and it still didn't make a difference.
Does this help you
Regards
Brad
-
Please run SysProt-AntiRootkit and post the log.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Sysrot crashed during the scan and threw up an error involving these files
C:\Users\Bradley Adam\AppData\Local\Temp\WER7655.tmp.version.txt
C:\Users\Bradley Adam\AppData\Local\Temp\WER8C84.tmp.appcompat.txt
C:\Users\Bradley Adam\AppData\Local\Temp\WER8C85.tmp.mdmp
It did produce a log file
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: C:\Windows\System32\PING.EXE
PID: 5220
Hidden: Yes
Window Visible: No
Name: C:\Windows\System32\PING.EXE
PID: 1692
Hidden: Yes
Window Visible: No
Name: C:\Windows\System32\PING.EXE
PID: 708
Hidden: Yes
Window Visible: No
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8F008000
Module End: 8F0D6000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
-
ok ran eset online and the log is below
C:\Documents and Settings\Bradley Adam\Music\iTunes\iTunes Media\Mobile Applications\Fango 53.ipa JS/Exploit.CVE-2011-1250.A trojan deleted - quarantined
C:\Windows\System32\drivers\cdrom.sys Win32/Sirefef.DA trojan unable to clean
Operating memory Win32/Sirefef.DN trojan
Regards
Brad
-
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Look through the list and let me know if anything was found infected.
-
ran mrt scan and it reported no malicous software detected.
Google opens a new window now if I open one of my favourite sites up
Regards
Brad
-
Google opens a new window now if I open one of my favourite sites up
Does that mean the it's working properly now?
-
Sorry, yes all is good, Thank you for your help. :)
-
That's good news. Now we can do some cleanup.
To set a new Restore Point.
Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
**********************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!