Thread: A little prob...received an infected e-mail from myself.
View Single Post
Old 11-11-2008, 03:39 PM   #1 (permalink)
jgvernonco
Old Timer
 
jgvernonco's Avatar
 
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27


A little prob...received an infected e-mail from myself.
No sense in panicking...no other problems, but this machine hasn't been looked at, soooo.


DDS (Version 1.0) - NTFSx86
Run by John at 15:31:13.20 on Tue 11/11/2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1308 [GMT -7:00]

=============== Created Last 30 ================

2008-11-11 14:35 250 a------- c:\windows\gmer.ini
2008-10-28 23:54 147,456 a------- c:\windows\system32\Faultrep.dll
2008-10-28 23:54 125,952 a------- c:\windows\system32\wersvc.dll
2008-10-28 23:54 443,392 a------- c:\windows\system32\win32spl.dll
2008-10-27 19:52 428,544 a------- c:\windows\system32\EncDec.dll
2008-10-27 19:52 217,088 a------- c:\windows\system32\psisrndr.ax
2008-10-27 19:52 293,376 a------- c:\windows\system32\psisdecd.dll
2008-10-27 19:52 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-10-27 19:52 80,896 a------- c:\windows\system32\MSNP.ax
2008-10-15 07:39 468,992 a------- c:\windows\system32\newdev.dll
2008-10-15 07:39 74,752 a------- c:\windows\system32\newdev.exe
2008-10-15 07:38 2,032,640 a------- c:\windows\system32\win32k.sys
2008-10-15 07:38 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-10-15 07:38 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-15 07:38 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-10-15 07:38 827,392 a------- c:\windows\system32\wininet.dll
2008-10-15 07:38 1,383,424 a------- c:\windows\system32\mshtml.tlb

================== Find3M ==================

2008-11-11 13:59 <DIR> --d----- c:\program files\spybot - search & destroy
2008-11-02 19:02 <DIR> --d----- c:\users\john\appdata\roaming\ZoomBrowser EX
2008-11-02 18:57 <DIR> --d----- c:\progra~2\ZoomBrowser
2008-10-25 08:24 <DIR> --d----- c:\program files\SpywareBlaster
2008-09-18 19:23 44,544 a------- c:\windows\system32\agremove.exe
2008-08-29 04:16 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-08-29 04:15 <DIR> --d----- c:\progra~2\avg8
2008-08-14 03:03 2,560 a------- c:\windows\_MSRSTRT.EXE
2008-08-14 02:46 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-05-18 08:26 <DIR> --d----- c:\progra~2\WEBREG
2008-05-15 14:05 <DIR> --d----- c:\users\john\appdata\roaming\Ulead Systems
2008-05-15 13:59 <DIR> --d----- c:\users\john\appdata\roaming\WinBatch
2008-05-15 13:49 <DIR> --d----- c:\progra~2\Napster
2008-05-14 18:54 <DIR> --d----- c:\users\john\appdata\roaming\MySpace
2008-05-14 18:20 <DIR> --d----- c:\users\john\appdata\roaming\Intel
2008-05-14 17:54 <DIR> --d----- c:\progra~2\CheckPoint
2008-05-14 17:35 <DIR> --d----- c:\progra~2\Symantec
2008-05-14 15:13 <DIR> --d----- c:\progra~2\ATI
2008-04-19 18:50 <DIR> --d----- c:\progra~2\Roaming
2008-04-19 18:50 <DIR> --d----- c:\progra~2\Intel
2008-04-19 18:24 <DIR> --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-02-20 16:03 <DIR> --d----- c:\progra~2\eSellerate
2008-02-20 16:03 <DIR> --ds---- c:\progra~2\Memeo
2008-02-20 15:48 <DIR> --d----- c:\progra~2\WildTangent

============== Psuedo HJT Report ===============

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2E5E800E-6AC0-411E-940A-369530A35E43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [WinAmpAgent] "c:\program files\winamp\winampa.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ==============

R3 atikmdag;atikmdag;c:\windows\system32\drivers\atikmdag.sys
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\drivers\avgwfpx.sys
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe
S3 GameConsoleService;GameConsoleService;c:\program files\toshiba games\toshiba game console\GameConsoleService.exe
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe

============= FINISH: 15:31:35.15 ===============


With attachments...I hope I got it right for ya.
Attached Files
File Type: txt Attach txt.txt (9.4 KB, 2 views)
File Type: txt Gmer.txt (193.7 KB, 2 views)
jgvernonco is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here